Security — OPJAW

Last updated: 2026-04-03

OPJAW is a deterministic geometry engine — procedural code, no neural networks, no model weights. This page describes how your data moves through the system and what we do (and don't do) to protect it. Every claim below is traceable to our source code or infrastructure configuration.

Ephemeral data retention — temp files deleted on completion or failure; order data purged after a 30-minute TTL
Ephemeral compute — gVisor-sandboxed containers with a 300-second hard timeout
Encrypted transit — TLS terminated at the Cloudflare edge
No accounts, no tracking, no persistent storage

1. Your File's Lifecycle

You upload a STEP file over HTTPS. Cloudflare terminates TLS at the edge.
The server validates the file extension (.step / .stp) and enforces a 50 MB size limit.
A temporary directory is created (tempfile.mkdtemp) and your file is written to it.
Generation runs in an isolated subprocess via ProcessPoolExecutor.
On completion or failure, the temporary directory is deleted (shutil.rmtree in a finally block).
Generated output files and order status are held in volatile memory for up to 30 minutes pending payment, then automatically purged. No data is written to disk.

Your file does not survive this process.

2. What We Do Not Store

No database.
No S3 bucket.
No Redis.
No disk persistence of customer files.
No customer filenames or file contents in logs.
No training on customer data — deterministic code, no neural networks, no model weights.

3. Infrastructure Isolation

Modal runs all containers in gVisor sandboxes — this is a Modal platform default, not something OPJAW implemented. Each container is provisioned with 2 CPU cores, 2048 MB memory, and a 300-second hard timeout. Each generation runs in a dedicated subprocess with its own temporary directory.

All traffic is encrypted via TLS and routed through the Cloudflare edge network.

4. Application Controls

Rate limiting: /generate is limited to 10 requests per 60 seconds per IP. /generate-all is limited to 3 requests per 300 seconds per IP. Rate limiting is in-process and per-IP.
Content validation: Uploaded files are checked for a valid ISO-10303-21 STEP header before processing.
File restrictions: Only .step and .stp files accepted, maximum 50 MB.
No API schema endpoints: OpenAPI and Redoc routes are disabled.
No user accounts. No passwords to steal, no sessions to hijack.
No analytics or tracking scripts.

5. Payment Isolation

All payment processing is handled by Stripe (PCI DSS Level 1). OPJAW never receives card numbers, bank details, or billing addresses. You are redirected to Stripe Checkout for payment.

Webhook signatures are cryptographically verified using stripe.Webhook.construct_event with a shared secret.

6. Sub-Processor Certifications

Service	Purpose	Compliance
Modal	Compute (gVisor sandbox)	SOC 2 Type II
Stripe	Payment processing	PCI DSS Level 1
Cloudflare	Edge security, DNS, CDN	SOC 2 Type II

7. Export Controls (ITAR / EAR)

OPJAW does not store, log, or retain uploaded geometry. There is no file archive, no database, and no persistent storage of customer data. Your STEP file exists only in a temporary directory for the duration of generation, then is deleted.

This architecture means there is nothing to exfiltrate, subpoena, or breach — the data simply does not persist beyond the request lifecycle described in Section 1.

That said, export compliance is your responsibility. Do not upload files containing technical data controlled under ITAR, EAR, or equivalent export control laws. See Terms of Service, Section 10 and Privacy Policy, Section 11.

8. NIST SP 800-171 (Rev 2) Architecture Alignment

Many of our customers operate under NIST SP 800-171 or CMMC requirements. The following controls are architecturally supported by OPJAW's ephemeral processing design.

Control Family	Control	How OPJAW Supports
Media Protection	MP-6 Media Sanitization	Ephemeral temp files deleted via `shutil.rmtree` in a `finally` block on completion or failure. No long-term disk persistence.
Access Control	AC-2 Account Management	No user accounts exist. No credentials stored. No sessions.
Access Control	AC-3 Access Enforcement	No persistent customer data to access. Each request is isolated in its own subprocess and temporary directory.
System & Comms Protection	SC-8 Transmission Confidentiality	All traffic encrypted via TLS, terminated at Cloudflare edge.
System & Comms Protection	SC-28 Protection of Information at Rest	No information at rest. No database, no object storage, no logs containing customer data.
Audit & Accountability	AU-3 Content of Audit Records	Application logs contain request metadata only. No customer filenames, file contents, or geometry in logs.

For a formal assessment, security questionnaire, or to discuss how OPJAW fits into your supply chain security posture, contact security@opjaw.com.

9. Shared Responsibility

OPJAW handles

Encryption in transit (TLS via Cloudflare)
Compute isolation (gVisor sandbox)
Input validation (extension, size, STEP header)
Ephemeral file lifecycle
Payment isolation (Stripe)
Rate limiting

You handle

Export control screening of uploaded geometry
Fitness evaluation and validation of generated output before physical use
Retaining your own copies of input and output files (OPJAW does not archive)
Endpoint and network security of your own environment

10. Responsible Disclosure

Report vulnerabilities to security@opjaw.com. We aim to acknowledge reports within 48 hours.

In scope: opjaw.com, its API endpoints, and the static site.

Out of scope: Third-party services (Stripe, Modal, Cloudflare).

We will not pursue legal action against researchers who act in good faith and follow responsible disclosure practices.

For security questionnaires, contact the same address.