At Labelbox, the security and privacy of our customers’ data is a top priority. Our ever-expanding privacy and security program is rooted in the principles of Privacy by Design and informed by both industry standards (i.e SOC 2, ISO 27001, GDPR, etc) and customer needs across a multitude of industries. As a result, our customers can rely on Labelbox’s enterprise-grade security to support and enable breakthroughs for their machine-learning teams and AI applications.
Labelbox considers all customer data submitted to our offering as confidential. The Labelbox application ensures that access is administered only to authorized users through data encryption both at rest and in transit, as well as through access control management and monitoring.
All labeled data, metadata and private user information hosted by Labelbox are encrypted at rest using AES-256. Labelbox uses Google Cloud for cloud storage, which means that your data will be encrypted on the server-side using GCP’s default encryption keys. Data is automatically decrypted when read by an authorized user using KMS-based protections. To ensure that privacy-sensitive data does not get compromised, Labelbox uses Auth0 for authentication.
Data is encrypted via Transport Layer Security (TLSv1.2+) when in transit between customers and Labelbox servers. Once data is within Labelbox's internal network, port restrictions ensure data is transmitted over protected channels such as HTTPS and SSH. Customers have a choice for hosting their assets. Customers who elect to host their assets by uploading them to Labelbox, will find the same data protection that is applied for “labeled data” above.
In order to apply best security practices, most Labelbox customers opt to host assets themselves on their choice of cloud platform using a variety of options including signed urls or delegated access. This option provides customers a variety of options for extending their existing Cloud Platform security and access control policies through to the Labelbox platform. For more information about our Cloud Provider capabilities, please refer to our online documentation.
At Labelbox, we have implemented a variety of access controls when provisioning administrative roles and associated privileges. We approach customer data under least privilege and need-to-know bases as well as log access to environments in our cloud infrastructure for monitoring and security purposes.
Our compliance programs include a standardized set of policies and procedures that cover core areas of security and privacy including access control, change management, data retention & destruction risk management, vendor management, vulnerability management and more. The full list of Labelbox’s security & privacy policies can be found below.
Labelbox is fully committed to protecting the personal data that we collect, use, and process. Our comprehensive privacy program helps us meet our obligations under applicable privacy and security laws and regulations, and to safeguard the personal data of our employees and customers.
Labelbox understands and respects our users’ need for privacy. The Labelbox Privacy Notice describes the types of personal data that we collect, the purposes for which it is used, and the choices you have with respect to its use. Read our [Privacy Notice here].
As part of our privacy program, individuals can request to access, obtain a copy, delete, and update the personal data that Labelbox holds. Individuals that wish to make such a request must first complete an intake form, which can be found [here].
Completing the intake form allows us to verify your identity and complete your request. Depending on where you reside, we will respond to you within 30-45 calendar days of receipt.
Labelbox maintains SOC2 Type II certification.
Labelbox maintains HIPAA compliance through our robust HIPAA compliance program.
The GDPR is a European privacy law governs the collection, use, and processing of EU citizen personal data. Below are several changes we have implemented to meet our GDPR requirements:
We train our staff to handle Labelbox personal data in accordance with our privacy policies and procedures;
We ensure that our third party vendors that handle Labelbox personal data adopt industry privacy and security standards;
We conduct data protection impact assessments for projects and engagements that involve personal data;
We created procedures for handling requests from individuals who wish to access, change, or delete their personal data; and
We maintain a personal data inventory that reflects how we collect, store, use, retain, and protect personal data.
We are updating our privacy program to meet our responsibilities under the CCPA. The CCPA, effective January 1, 2020, imposes new requirements on companies that collect and use personal data from California residents. Our new compliance steps include:
Creating a CCPA Privacy Notice describing our California resident personal data collection and use practices, which supplements our website Privacy Notice.
Updating our personal data inventory to reflect how we collect, store, use, and retain personal data from California consumers.
Ensuring that our third party vendor agreements include CCPA privacy and security provisions relating to the handling of Labelbox customer personal data.
Updating our internal privacy and data governance policies to reflect the new CCPA requirements.
Updating our procedures for handling requests from consumers who wish to access, change, or delete their personal data.
Do Not Sell Labelbox does not sell customer or end-user personal data. We share personal data with our third party service providers for our business purposes, but we do not share this information for monetary value or other valuable consideration.
For more information regarding the Terms of Service agreements for Labelbox products, [click here].
Labelbox is committed to offering world class-security through constant innovation and cutting-edge security programs. If you have any questions regarding our security practices or compliance programs, please reach out to email@example.com
Genentech develops breakthrough labeling process for medical imagery ML
Early clinical development team launched AI initiatives in 2019 and needed advanced quality workflows for training data & a highly secure infrastructure in place immediately to enable a faster go-to-market motion.
Labelbox’s collaborative platform and flexible/secure deployment options.
Effectively scaled training data operations by allowing subject matter experts to teach labelers what to look for; Genentech is now producing labeled data that is 10x cheaper, 5x faster & with better quality.
How a Fortune 500 creative software company improved the speed of their AI development by 50%
Technology and software
How Burberry harnesses Labelbox and Databricks to curate their strategic marketing assets
Retail and ecommerce