MatCraft takes data privacy seriously. Materials research data is often proprietary, and we have designed the platform with multiple layers of protection.
Self-Hosted Deployment
The recommended approach for sensitive data is self-hosting. When you run MatCraft on your own infrastructure, your data never leaves your network. The platform requires only a PostgreSQL database and optional Redis for task queuing — no external telemetry or phone-home calls are made.
Cloud Service Data Handling
If you use the managed cloud service at matcraft.ai:
- Data Isolation: Each organization's data is stored in a logically isolated database schema. There is no cross-tenant data access.
- Encryption: All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Database backups are encrypted with customer-specific keys on Enterprise plans.
- Retention: You own your data. You can export all materials, campaigns, and results at any time via the API or dashboard. When you delete data, it is permanently removed from primary storage within 24 hours and from backups within 30 days.
- Access Controls: Role-based access control (RBAC) lets you define who can view, edit, or delete materials and campaigns within your organization.
- Compliance: The cloud service is hosted on AWS (us-east-1 and eu-west-1 regions). We are SOC 2 Type II compliant and can provide a Data Processing Agreement (DPA) for enterprise customers.
No Training on Your Data
MatCraft does not use your material data to train any shared models. Your surrogate models are trained exclusively on your data and are never accessible to other users or used to improve the platform's general models.
GDPR
For EU users, we comply with GDPR requirements including data portability, right to erasure, and data processing transparency. Contact privacy@matcraft.ai for details.