Security & privacy

How we handle your documents

• Documents are processed entirely in memory on our infrastructure while we lint and fix them.
• We do not persist the full document contents to disk or long-term storage as part of normal processing.
• Output files you download are generated on-the-fly from that in-memory processing.

What metadata we store

To make features like usage history and billing transparent, we store a small amount of metadata about each document you process:

• A checksum of the document so we can tell when you are re-processing the same file.
• The original filename you uploaded (for example manuscript_v3.docx) so your history is easy to recognise.
• Basic operational details such as timestamps and which journals or rule sets you ran the checks against.

We do not use this metadata to train models, and we do not sell or share it with third parties.

Security standards & practices

Our security controls are designed around industry standards so you can use Chameleon with confidence:

• We follow ISO 27001-aligned best practices for information security management, including access control, change management, and incident response.
• Authentication and identity management are implemented in line with NIST guidelines (for example NIST SP 800-63) around password strength, multi-factor authentication, and session security.
• We regularly review dependencies and infrastructure configuration for known vulnerabilities.

If you have specific security questions, or need more detail for an institutional review, please contact us .