Skip to main content
This guide provides information on your options for storing data when using Labelbox, as well as details on our security and privacy measures.

Data storage configurations

You have three options for connecting your data to Labelbox. The method you choose determines where your assets are stored.
  • IAM delegated access (recommended): This is the recommended method for connecting your data to Labelbox. It allows you to host your data in your own cloud storage (AWS S3, Google Cloud Storage, or Azure Blob Storage) and grant Labelbox access using native Identity and Access Management (IAM) roles.
  • Pre-signed URLs: You can create a JSON file containing pre-signed or public URLs that point to files in your own cloud storage. You are responsible for generating these signed URLs. Once you have the JSON file, you can upload it to Labelbox.
  • Direct file upload: If you choose to upload your data directly, it will be stored in private buckets on Labelbox’s Google Cloud Services. Labelbox will have access to your data to generate signed URLs for rendering assets in the browser. The standard expiration value for these signed URLs is one day.
A note on data location and performanceTo ensure the best performance and fastest loading times for your labeling team, we recommend that you host your cloud data in a location that is geographically close to your team members.
Labelbox uses Google Cloud Services for cloud storage and all data is stored in the US. If your data is hosted on our servers, we use a CDN that provides geo-loading as close to the location as possible. Labelbox does not store data in the EU and will not do so on request.

Security and compliance

We are committed to ensuring that your data is secure and that we meet our obligations under privacy and security laws. Data encryption
All data hosted by Labelbox, including labeled data, assets, and private user information, is encrypted at rest using AES-256. We use Google Cloud for storage, which means your data is also encrypted on the server-side using GCP’s default encryption keys. Data is automatically decrypted when read by an authorized user. User authentication
To ensure that only authorized users can access your data, we use Auth0 for authentication. We also support multi-factor authentication (MFA) and Single Sign-On (SSO) for Enterprise accounts. Regulatory compliance
Labelbox has a comprehensive privacy program to meet our obligations under regulations such as CCPA, GDPR, SOC 2 Type II, and HIPAA. For more details, please see our Privacy FAQ.

Data privacy and portability

Data usage
Labelbox does not sell customer or end-user personal data. We share personal data with third-party service providers for business purposes only, but we do not share this information for monetary value or other valuable consideration. For more information, please see our Privacy Notice. Data portability
Upon request, we can export your data and provide it to you. We can also permanently delete all of your data from our servers.

More information

Labelbox: Privacy & Security FAQ