Data and Security
The following is a summary of our data residency and security practices at Curvenote. You can read our Terms and Conditions and Privacy Statement which go into more detail.
Curvenote command-line tools can be used locally, and when used in this way, they do not send data to Curvenote’s servers. For example, starting a server with
curvenote start requires no data to be sent or received and all content transformations are completed locally. On the other hand,
curvenote pull will pull data from Curvenote to your local machine and
curvenote deploy will send data to be hosted on curvenote.com, which the rest of this document refers to.
We use Google Cloud Platform (GCP) to store your content - including all text, images, and Jupyter Notebooks. You can read about Google’s security practices here. Data for curvenote.com is stored in the United States (
us-central), if you have specific data-residency requirements for your organization, please get in touch: firstname.lastname@example.org.
We have physical, electronic and organizational processes in place to protect the data uploaded to Curvenote. We take security seriously and conduct routine audits of all of our systems. Your data is encrypted in-transit from your browser to our servers using HTTPS/SSL. Your data is encrypted at rest using multiple layers of AES256-AES128. You can read more about this in the Data Encryption section of Google’s Security statements.
Private by Default¶
All of your data defaults to being private. You are the only one who can access your uploaded content, unless you choose to share it with others through our sharing and public features. For example, you can share a project with a collaborator, invite additional members to your team or set a project’s visibility to public.
Curvenote employees never access your data unless required by you for support reasons. If you require support you can share your project with email@example.com.
Passwords and Personal Information¶
We do not intentionally store sensitive Personal Identifying Information on the Curvenote platform (e.g. SSN, physical addresses, etc.). We use a 3rd party provider for authentication to allow users to login to use our services (including password management and external authentication), you can read more security statements about the Identity Platform or more details in our Privacy Statement.
We run automated backups nightly that backup all content, images and notebooks on Curvenote. We keep these backups for 30 days.
Curvenote leverages the following 3rd-party services and APIs:
- Segment, Amplitude and Google Analytics for analytics
- Google Cloud for hosting (data & compute)
- Vercel for hosting of static sites
- SendGrid for emails
- MagicBell for notifications
- Stripe for payments
These services provide the highest standards and are regularly externally audited, Curvenote does not audit them by its own means.
We take system vulnerabilities very seriously. Please contact firstname.lastname@example.org if you need more information about our security practices or to report a security vulnerability.