Access, storage & security

Deployment configurations

When you integrate with Labelbox, you have 3 deployment models to choose from: Cloud, Hybrid Cloud, and Customer Managed Infra. The deployment model you choose will determine where your images, videos, and/or text files will live.

As part of our privacy program, individuals can request to access, obtain a copy, delete, and update the personal data that Labelbox holds on that individual. Individuals that wish to make such a request must first complete an intake form.

Labelbox uses Google Cloud Services for cloud storage and all data is stored in the US. If your data is hosted on our servers, we use a CDN that provides geo-loading as close to the location as possible. Labelbox does not store data in the EU and will not do so on request.

Read the sections below to learn how Labelbox accesses and stores your data based on the Labelbox deployment model you choose.

Visit Integrations to learn more.

Visit Pre-signed URLs to learn more.

Cloud

When you import your data directly to the Labelbox cloud, it is stored on Labelbox servers, giving Labelbox access to your data. Labelbox stores your data and annotations in private buckets in Google Cloud Services.

To display assets in the browser interface, Labelbox generates signed URLs for each file, then loads the assets in the editor. The standard expiration value for these signed URLs is 1 day. Labelers on your team only have access to the labels they create and to the asset URLs in their label queue.

Labelbox adheres to strict security measures to ensure all of your data is encrypted at rest and in transit.

📘

Tip: Store your cloud data close to your labeling team

In order to ensure quick loading times for your labelers, we recommend hosting your cloud data as close as possible to your labeling team. The greater the distance between your labeling team and your cloud storage location, the longer it takes to fetch cloud-hosted files and load them in the Editor.

Customer-managed infra

When you select customer-managed infra as your solution, Labelbox does not have any access to your assets or annotation data. While Labelbox can provide you with guidance for configuring a Labelbox workforce with a customer-managed infra deployment, we are not able to provide you with the security services offered with the cloud or hybrid cloud solutions when you connect a workforce. For users that have security requirements to protect highly sensitive data, an air-gapped version of the customer-managed infra installation is available.

Usage

Labelbox does not sell customer or end-user personal data. We share personal data with our third-party service providers for our business purposes, but we do not share this information for monetary value or other valuable consideration. See our Privacy Notice to learn more.

Portability

Upon request, Labelbox can export your data to give to you and permanently delete all of your data from our servers.

Security

This section does not apply to our Customer-managed infra offering.

All labeled data, assets, and private user information hosted by Labelbox are encrypted at rest using AES-256. Labelbox uses Google Cloud for cloud storage, which means that your data will be encrypted on the server-side using GCP’s default encryption keys. Data is automatically decrypted when read by an authorized user.

To ensure that our privacy-sensitive data does not get compromised, Labelbox uses Auth0 for authentication.

User identity

Single sign-on (SSO) is available as an add-on to Pro and Enterprise customers.

Regulatory compliance

Labelbox is fully committed to protecting the personal data that we collect, use, and process. Our comprehensive privacy program helps us meet our obligations under applicable privacy and security laws and regulations, and to safeguard the personal data of our employees and customers. To learn more about our privacy practices and how we comply with CCPA, GDPR, SOCII Type II, and HIPAA see our Privacy FAQ.