Access, storage, and security

labelbox.com

Labelbox: Privacy & Security FAQ

As part of our privacy program, you can request to access, obtain a copy, delete, and update the personal data that Labelbox holds on you.

Labelbox uses Google Cloud Services for cloud storage and all data is stored in the US. If your data is hosted on our servers, we use a CDN that provides geo-loading as close to the location as possible. Labelbox does not store data in the EU and will not do so on request.

Data storage configurations

When you upload data to Labelbox, you have three methods to choose from. The import method you choose will determine where your assets will be stored.

Option 1: IAM Delegated Access

IAM delegated access allows you to securely and seamlessly host your labeling assets in your preferred cloud storage solution and control the access Labelbox has to the data in your cloud buckets. You can store your assets in AWS S3, GCP, or Azure buckets and use native Identity and Access Management (IAM) roles and policies to set access permissions. This is the recommended method.

Option 2: Pre-signed URLs

The pre-signed URLs method allows you to create a JSON file containing signed (or public) URLs to files hosted in your preferred cloud storage solution. If you select this method, you must create the signed URLs yourself. Then, you can upload the JSON file to Labelbox.

Option 3: Upload files directly

When you import your data directly to the Labelbox cloud, your data will be stored on Labelbox servers, giving Labelbox access to your data. Labelbox stores your data and annotations in private buckets in Google Cloud Services.

To display assets in the browser interface, Labelbox will generate signed URLs for each file before it renders the asset in the app UI. The standard expiration value for these signed URLs is one day. Labelers on your team only have access to the labels they create and to the asset URLs in their label queue.

Labelbox adheres to strict security measures to ensure all of your data is encrypted at rest and in transit.

📘

Tip: Store your cloud data close to your labeling team

In order to ensure quick loading times for your labelers, we recommend hosting your cloud data as close as possible to your labeling team. The greater the distance between your labeling team and your cloud storage location, the longer it takes to fetch cloud-hosted files and load them in the labeling editor.

Usage

Labelbox does not sell customer or end-user personal data. We share personal data with our third-party service providers for our business purposes, but we do not share this information for monetary value or other valuable consideration. See our Privacy Notice to learn more.

Portability

Upon request, Labelbox can export your data to give to you and permanently delete all of your data from our servers.

Security

All labeled data, assets, and private user information hosted by Labelbox are encrypted at rest using AES-256. Labelbox uses Google Cloud for cloud storage, which means that your data will be encrypted on the server-side using GCP’s default encryption keys. Data is automatically decrypted when read by an authorized user.

To ensure that our privacy-sensitive data does not get compromised, Labelbox uses Auth0 for authentication.

User identity

Single sign-on (SSO) is available for all Enterprise accounts. Standard accounts can request SSO as an add-on.

Multi-factor authentication

Labelbox supports multi-factor authentication (MFA), which adds an extra layer of security to prevent unauthorized access. Enabling MFA is recommended to reduce the risk of credential stuffing attacks.

Regulatory compliance

Labelbox is fully committed to protecting the personal data that we collect, use, and process. Our comprehensive privacy program helps us meet our obligations under applicable privacy and security laws and regulations, and to safeguard the personal data of our employees and customers. To learn more about our privacy practices and how we comply with CCPA, GDPR, SOCII Type II, and HIPAA see our Privacy FAQ.