We respect your privacy and will never sell, rent or share your personal information.
When using cloud storage the app enables restricted access to the storage keys and credentials as well as limited access through pre-signed URLs.
In the case of a custom data provider (non-cloud storage), the app enables restricted access to the data URI stored in a database. The data access requests are verified and proxied with BasicAuth headers to the specified endpoints. This prevents the URI from being accessed elsewhere by unauthorized users. In this way, the app enables restricted access to the credentials.
API tokens can be reset at any time.
All data is encrypted at rest, sensitive data is encrypted in transit. Passwords are additionally hashed.
TLS connection is enforced across all product services including:
Establishing secure connection by connection by enforcing HTTPS protocol, including secured cookies.
SSL mode is enabled with certificates required.
TLS/SSL is supported and requires client to be authenticated with a valid certificate.
Label Studio Enterprise supports single sign-on using SAML to manage access to Label Studio using your existing Identity Provider, or with LDAP authentication. Label Studio Enterprise supports the following identity providers:
Label Studio Enterprise also supports System for Cross-domain Identity Management (SCIM) version 2.0, a popular protocol to manage access for services and applications across an organization.
SCIM interacts with our customer’s SSO integration (for example, Okta), allowing them to manage access to Label Studio Enterprise workspaces, and grant roles to individual users and groups.