At Labelbox, the security of our customers’ data is a top priority. Our ever-expanding privacy and security program is rooted in the principles of Privacy by Design and informed by both industry standards and customer needs across a multitude of industries.
As a result, our customers can rely on Labelbox’s enterprise-grade security to support and enable breakthroughs for their machine learning teams and AI applications.
Security assessments and compliance
We view security at Labelbox as a model of prevention rather than a mechanism for remediation. Our Compliance Program and Security Team detect risks before they arise and manage security workflows, infrastructure design, and access controls that are externally audited through end-to-end testing on an annual basis.
To date, we have the following compliance programs that establish us as an industry leader in security and privacy.
Our compliance programs include a standardized set of policies and procedures that cover core areas of security and privacy including access control, change management, data retention & destruction risk management, vendor management, vulnerability management and more. The full list of Labelbox’s security & privacy policies can be found below.
Acceptable Use Policy
Access Control Policy
Asset Management Policy
Breach Notification Policy & Procedure
Business Continuity Plan
Code of Conduct
Corporate Information Security Policy
Data Classification Policy
Data Deletion Policy
Data Protection Policy
Data Subject Request Policy
Disaster Recovery Plan
HIPAA Privacy Procedure
HIPAA Security Policy
HIPAA Security Procedure
Incident Response Plan
Information Security Policy
Physical Security Policy
Responsible Disclosure Policy
Risk Assessment Policy
Software Development Life Cycle Policy
Standards of Business Conduct for the United States Government Marketplace
System Access Control Policy
Vendor Management Policy & Procedure
Vulnerability Management Policy
Protection of customer data
Labelbox considers all customer data submitted to our offering as confidential. The Labelbox application ensures that access is administered only to authorized users through data encryption both at rest and in transit, as well as through access control management and monitoring.
All labeled data, metadata and private user information hosted by Labelbox are encrypted at rest using AES-256. Labelbox uses Google Cloud for cloud storage, which means that your data will be encrypted on the server-side using GCP’s default encryption keys. Data is automatically decrypted when read by an authorized user using KMS-based protections. To ensure that privacy-sensitive data does not get compromised, Labelbox uses Auth0 for authentication.
Data is encrypted via Transport Layer Security (TLSv1.2+) when in transit between customers and Labelbox servers. Once data is within Labelbox's internal network, port restrictions ensure data is transmitted over protected channels such as HTTPS and SSH.
Customers have a choice for hosting their assets. Customers who elect to host their assets by uploading them to Labelbox, will find the same data protection that is applied for “labeled data” above.
In order to apply best security practices, most Labelbox customers opt to host assets themselves on their choice of cloud platform using a variety of options including signed urls or delegated access. This option provides customers a variety of options for extending their existing Cloud Platform security and access control policies through to the Labelbox platform. For more information about our Cloud Provider capabilities, please refer to our online documentation.
At Labelbox, we have implemented a variety of access controls when provisioning administrative roles and associated privileges. We approach customer data under least privilege and need-to-know bases as well as log access to environments in our cloud infrastructure for monitoring and security purposes.
Labelbox is committed to offering world class-security through constant innovation and cutting-edge security programs. If you have any questions regarding our security practices or compliance programs, please reach out to firstname.lastname@example.org