logo

Security at Labelbox

Labelbox’s commitment to trust.

At Labelbox, the security of our customers’ data is a top priority. Our ever-expanding privacy and security program is rooted in the principles of Privacy by Design and informed by both industry standards and customer needs across a multitude of industries.

 
As a result, our customers can rely on Labelbox’s enterprise-grade security to support and enable breakthroughs for their machine learning teams and AI applications.

Security assessments and compliance

We view security at Labelbox as a model of prevention rather than a mechanism for remediation. Our Compliance Program and Security Team detect risks before they arise and manage security workflows, infrastructure design, and access controls that are externally audited through end-to-end testing on an annual basis. 

To date, we have the following compliance programs that establish us as an industry leader in security and privacy.
https:images.ctfassets.netj20krz61k3rk5khmbrtfsyyxc74qi1t2wubc359cde57b7c736313e8be3e14fb67dsecurity.svg

Procedural trust

Our compliance programs include a standardized set of policies and procedures that cover core areas of security and privacy including access control, change management, data retention & destruction risk management, vendor management, vulnerability management and more. The full list of Labelbox’s security & privacy policies can be found below. 
  • Acceptable Use Policy
  • Access Control Policy
  • Asset Management Policy
  • Backup Policy
  • Breach Notification Policy & Procedure
  • Business Continuity Plan
  • Code of Conduct
  • Corporate Information Security Policy
  • Data Classification Policy
  • Data Deletion Policy
  • Data Protection Policy
  • Data Subject Request Policy
  • Disaster Recovery Plan
  • Employee Handbook
  • Encryption Policy
  • HIPAA Privacy Policy
  • HIPAA Privacy Procedure
  • HIPAA Security Policy
  • HIPAA Security Procedure
  • Incident Response Plan
  • Information Security Policy
  • Password Policy
  • Physical Security Policy
  • Responsible Disclosure Policy
  • Risk Assessment Policy
  • Software Development Life Cycle Policy
  • Standards of Business Conduct for the United States Government Marketplace
  • System Access Control Policy
  • Vendor Management Policy & Procedure
  • Vulnerability Management Policy

Protection of customer data

Labelbox considers all customer data submitted to our offering as confidential. The Labelbox application ensures that access is administered only to authorized users through data encryption both at rest and in transit, as well as through access control management and monitoring.

All labeled data, metadata and private user information hosted by Labelbox are encrypted at rest using AES-256. Labelbox uses Google Cloud for cloud storage, which means that your data will be encrypted on the server-side using GCP’s default encryption keys. Data is automatically decrypted when read by an authorized user using KMS-based protections. To ensure that privacy-sensitive data does not get compromised, Labelbox uses Auth0 for authentication. 

Data is encrypted via Transport Layer Security (TLSv1.2+) when in transit between customers and Labelbox servers. Once data is within Labelbox's internal network, port restrictions ensure data is transmitted over protected channels such as HTTPS and SSH.

Customers have a choice for hosting their assets. Customers who elect to host their assets by uploading them to Labelbox, will find the same data protection that is applied for “labeled data” above.  

In order to apply best security practices, most Labelbox customers opt to host assets themselves on their choice of cloud platform using a variety of options including signed urls or delegated access.  This option provides customers a variety of options for extending their existing Cloud Platform security and access control policies through to the Labelbox platform. For more information about our Cloud Provider capabilities, please refer to our online documentation

At Labelbox, we have implemented a variety of access controls when provisioning administrative roles and associated privileges. We approach customer data under least privilege and need-to-know bases as well as log access to environments in our cloud infrastructure for monitoring and security purposes.

Questions?

Labelbox is committed to offering world class-security through constant innovation and cutting-edge security programs. If you have any questions regarding our security practices or compliance programs, please reach out to security@labelbox.com