Data storage configurations
You have three options for connecting your data to Labelbox. The method you choose determines where your assets are stored.- IAM delegated access (recommended): This is the recommended method for connecting your data to Labelbox. It allows you to host your data in your own cloud storage (AWS S3, Google Cloud Storage, or Azure Blob Storage) and grant Labelbox access using native Identity and Access Management (IAM) roles.
- Pre-signed URLs: You can create a JSON file containing pre-signed or public URLs that point to files in your own cloud storage. You are responsible for generating these signed URLs. Once you have the JSON file, you can upload it to Labelbox.
- Direct file upload: If you choose to upload your data directly, it will be stored in private buckets on Labelbox’s Google Cloud Services. Labelbox will have access to your data to generate signed URLs for rendering assets in the browser. The standard expiration value for these signed URLs is one day.
Security and compliance
We are committed to ensuring that your data is secure and that we meet our obligations under privacy and security laws. Data encryptionAll data hosted by Labelbox, including labeled data, assets, and private user information, is encrypted at rest using AES-256. We use Google Cloud for storage, which means your data is also encrypted on the server-side using GCP’s default encryption keys. Data is automatically decrypted when read by an authorized user. User authentication
To ensure that only authorized users can access your data, we use Auth0 for authentication. We also support multi-factor authentication (MFA) and Single Sign-On (SSO) for Enterprise accounts. Regulatory compliance
Labelbox has a comprehensive privacy program to meet our obligations under regulations such as CCPA, GDPR, SOC 2 Type II, and HIPAA. For more details, please see our Privacy FAQ.
Data privacy and portability
Data usageLabelbox does not sell customer or end-user personal data. We share personal data with third-party service providers for business purposes only, but we do not share this information for monetary value or other valuable consideration. For more information, please see our Privacy Notice. Data portability
Upon request, we can export your data and provide it to you. We can also permanently delete all of your data from our servers.