Introducing Human-in-the-loop Evaluation for Agentic AI Observability
Contact Sales
Label Studio Enterprise

Secure, governed
data access

At HumanSignal, we blend security seamlessly into development and operations workflows to build safe applications that allow our customers to scale while giving them the flexibility to respond to important changes in their business objectives.

Download the Security Brief

 Contact Sales
SOC 2 Type 2 compliant
HIPAA compliant
Data Security

How we secure your data

Cloud storage

When using cloud storage the app enables restricted access to the storage keys and credentials as well as limited access through pre-signed URLs.

Custom data provider

In the case of a custom data provider (non-cloud storage), the app enables restricted access to the data URI stored in a database. The data access requests are verified and proxied with BasicAuth headers to the specified endpoints. This prevents the URI from being accessed elsewhere by unauthorized users.

API & encryption

API tokens can be reset at any time. All data is encrypted at rest, sensitive data is encrypted in transit. Passwords are additionally hashed.

In Transit

TLS connection is enforced across all product services including:

App

Establishing secure connection by enforcing HTTPS protocol, including secured cookies.

PostgreSQL

SSL mode is enabled with certificates required.

Redis

TLS/SSL is supported and requires client to be authenticated with a valid certificate.

Architecture

The HumanSignal Deployment Model

  • Data and control planes are separate entities
  • Data is loaded directly into the annotator browser, bypassing our servers; HumanSignal doesn't need to access or store the data
  • Optionally enable the VPN connection to protect URLs
  • Once connected TLS encryption is used for data in transit (when connecting and reading the URLs from bucket and sending annotations back to cloud storage)
Access Control

Secure User Management

Label Studio Enterprise supports single sign-on using SAML to manage access to Label Studio using your existing Identity Provider, or with LDAP authentication. The HumanSignal platform supports the following identity providers:

  • Microsoft Active Directory
  • Okta
  • OneLogin
  • Ping Federate / Ping Identity / PingOne
  • Others that use SAML assertions

The HumanSignal platform also supports System for Cross-domain Identity Management (SCIM) version 2.0, a popular protocol to manage access for services and applications across an organization. SCIM interacts with our customer's SSO integration (for example, Okta), allowing them to manage access to The HumanSignal platform workspaces, and grant roles to individual users and groups.

See how Label Studio Enterprise can work at your organization.

Contact Sales Compare Versions
LABEL STUDIO ENTERPRISE

COMPREHENSIVE INFRASTRUCTURE

Make the highest use of your unique expertise and novel datasets as you train, benchmark, and evaluate AI in one common environment.

VIBE CODE

custom, multimodal UI to capture human judgment

Programmable Interfaces

FULLY PROGRAMMABLE

Create any custom interfaces

MULTIMODAL DATA

Text, images, video, audio, PDFs, time series

EMBEDDABLE

Bring annotation into any application

CONNECTED TO

Full-scale infrastructure used by millions

AI Automation

LLM AS JUDGE

Use models to automate evaluations and benchmarks

AUTOMATED PRELABELING

Use any custom LLM to accelerate annotation

PLUGINS

Hooks to transform and manipulate data

Quality Assurance

AGREEMENT WORKFLOWS

Resolve complex annotations with multiple experts

WORKFORCE MANAGEMENT

Scale human labeling for large projects

ROLES & PERMISSIONS

Integrate into enterprise environments

Data Security & Compliance

Access enterprise data with full respect of your security and governance.

Data Connection
Azure
Databricks
Google Cloud
Redis
Label Studio UI showing audio annotation interface