The following is a summary of our data residency and security practices at Curvenote. You can read our Terms and Conditions and Privacy Statement which go into more detail.

Working Locally

Curvenote command-line tools can be used locally, and when used in this way, they do not send data to Curvenote’s servers. For example, starting a server with curvenote start requires no data to be sent or received and all content transformations are completed locally. On the other hand, curvenote pull will pull data from Curvenote to your local machine and curvenote deploy will send data to be hosted on, which the rest of this document refers to.

Data Residency

We use Google Cloud Platform (GCP) to store your content - including all text, images, and Jupyter Notebooks. You can read about Google’s security practices here. Data for is stored in the United States (us-central), if you have specific data-residency requirements for your organization, please get in touch:

Content Security

We have physical, electronic and organizational processes in place to protect the data uploaded to Curvenote. We take security seriously and conduct routine audits of all of our systems. Your data is encrypted in-transit from your browser to our servers using HTTPS/SSL. Your data is encrypted at rest using multiple layers of AES256-AES128. You can read more about this in the Data Encryption section of Google’s Security statements.

Private by Default

All of your data defaults to being private. You are the only one who can access your uploaded content, unless you choose to share it with others through our sharing and public features. For example, you can share a project with a collaborator, invite additional members to your team or set a project’s visibility to public.

Curvenote employees never access your data unless required by you for support reasons. If you require support you can share your project with

Passwords and Personal Information

We do not intentionally store sensitive Personal Identifying Information on the Curvenote platform (e.g. SSN, physical addresses, etc.). We use a 3rd party provider for authentication to allow users to login to use our services (including password management and external authentication), you can read more security statements about the Identity Platform or more details in our Privacy Statement.

Content Retention

We run automated backups nightly that backup all content, images and notebooks on Curvenote. We keep these backups for 30 days.

3rd-party Services

Curvenote leverages the following 3rd-party services and APIs:

These services provide the highest standards and are regularly externally audited, Curvenote does not audit them by its own means.

Contact Us

We take system vulnerabilities very seriously. Please contact if you need more information about our security practices or to report a security vulnerability.