Data Access, Storage, and Security
Last updated
Last updated
As part of Ango Hub's commitment to data privacy and security, we provide our users with control over their personal data. This document outlines how users can access, copy, update, or delete their personal data within Ango, as well as our data storage practices and configurations.
Individuals have the right to request access to, obtain a copy, delete, and update their personal data held by Ango Hub.
Ango Hub uses/produces two types of data:
Raw Data: Client data that is annotated within the Ango Hub Cloud Platform
Annotation Metadata: Annotation results that are generated by Ango Hub services.
Ango utilizes cloud storage services, which are stored in the EU (Germany) or the United States based on client selection.
We might employ a Content Delivery Network (CDN) for optimal load times, based on user location.
Users have multiple options for how their data is stored with Ango Hub:
IAM Delegated Access
This method allows users to host their labeling assets in their preferred cloud storage (AWS S3, GCP) with controlled access via IAM roles and policies. All data is accessed through signed keys and data never accessed from Ango Hub backend services.
Direct Upload
Directly uploading data to Ango means it is stored on our private AWS S3 buckets. All data accessed through signed keys.
Ango ensures all data is encrypted at rest and in transit.
We use industry-standard encryption protocols to protect user data.
Ango uses MongoDB Atlas as primary database and annotation results are stored in the MongoDB Atlas platform.
All annotation data is kept encrypted within the enclosed network (VPC), only accessible by Ango Hub.
Ango Hub does not sell any personal data.
Client data can only be accessed by service providers such as MongoDb Atlas & AWS S3.
Upon request, Ango can export user data and permanently delete it from our servers.
Data hosted by Ango is encrypted using robust encryption methods.
Regular security tests and penetrating tests are performed by third party providers on Ango Hub. Those reports can be shared with clients on a request.
Ango is dedicated to protecting personal data and adheres to various privacy and security laws and regulations, including but not limited to CCPA, GDPR, and others relevant to our operations.
In Ango Hub, we treat all customer data with the highest level of confidentiality. Our application is designed to ensure that customer data is accessible only to authorized users. This is achieved through robust encryption both at rest and in transit, comprehensive access control management, and continuous monitoring.
Customer data, including labeled data hosted by Ango Hub, is encrypted at rest using AES-256 encryption with keys managed by AWS.
Customer data metadata, and private user information hosted by AngoHub, is encrypted at rest using AES-256 encryption with keys managed by MongoDB Atlas.
Ango Hub employs legacy authentication (where passwords are stored in the Ango Hub databases after hashing and salt is applied). Another option uses Google SSO which uses SAML 2.0 for authentication.
Data is encrypted via Transport Layer Security (TLSv1.2 or higher) when in transit between customers and Ango Hub servers.
Within Ango Hub's internal network, data transmission is secured over enclosed networks (VPC) in protected channels like HTTPS.
Customers can choose to host their assets. Options include direct uploads to Ango Hub or using their own cloud platforms with delegated access.
All access to environments within our cloud infrastructure is logged for continuous monitoring and security purposes.
Ango Hub is committed to applying the best security practices in the industry to protect customer data. Our team is continuously enhancing our security measures to address evolving threats and maintain the highest standards of data protection. Regular security and penetration tests are run on Ango Hub by internal & 3rd party firms.
Users must create an account to access the platform. By default, users must determine an email and password pair to authenticate.
Users may, additionally, turn on two-factor authentication (2FA). For more information, see Two-Factor Authentication.