Upcoming Event 📣 AI Evaluation: Ensuring Mission-Critical Trust & Safety
Contact Sales

Security and privacy are at our core

At HumanSignal, we blend security seamlessly into development and operations workflows to build safe applications that allow our customers to scale while giving them the flexibility to respond to important changes in their business objectives.

Download Security Brief

How we secure your data

When using cloud storage the app enables restricted access to the storage keys and credentials as well as limited access through pre-signed URLs.‍

In the case of a custom data provider (non-cloud storage), the app enables restricted access to the data URI stored in a database. The data access requests are verified and proxied with BasicAuth headers to the specified endpoints. This prevents the URI from being accessed elsewhere by unauthorized users. In this way, the app enables restricted access to the credentials.‍

API tokens can be reset at any time.

All data is encrypted at rest, sensitive data is encrypted in transit. Passwords are additionally hashed.

TLS connection is enforced across all product services including:

The HumanSignal Deployment Model

  • Data and control planes are separate entities
  • Data is loaded directly into the annotator browser, bypassing our servers
  • HumanSignal doesn’t need access to the data and doesn’t store the data
  • Optionally enable the VPN connection to protect URLs
  • Once connected TLS encryption is used for data in transit (when connecting and reading the URLs from bucket and sending annotations back to cloud storage)

HumanSignal holds a SOC2 Type 2 certification and is HIPAA compliant.

Secure User Management

Label Studio Enterprise supports single sign-on using SAML to manage access to Label Studio using your existing Identity Provider, or with LDAP authentication. Label Studio Enterprise supports the following identity providers:

  • Microsoft Active Directory
  • Okta
  • OneLogin
  • Ping Federate & Ping Identity & PingOne
  • Others that use SAML assertions

Label Studio Enterprise also supports System for Cross-domain Identity Management (SCIM) version 2.0, a popular protocol to manage access for services and applications across an organization.‍

SCIM interacts with our customer’s SSO integration (for example, Okta), allowing them to manage access to Label Studio Enterprise workspaces, and grant roles to individual users and groups.

See how Label Studio Enterprise can work at your organization.