Security Overview
At Widgetbook, we prioritize the security and privacy of your data. Our commitment is to provide a secure platform for developing and cataloging your Flutter components without compromising on functionality or ease of use.
Mocked Data Usage
We strongly advocate for your developers using Widgetbook to use mocked data instead of real user data for all of your components. By following this approach, the components in Widgetbook as well as Widgetbook Cloud builds, reviews and snapshots do not contain real user data ensuring that no sensitive or personal information is stored or displayed within our platform.
Source code
Besides builds, Widgetbook Cloud does not store any source code. Builds are compiled on your machine and sent as a compiled binary to Widgetbook Cloud servers. The original source code is in your full control and not sent or stored.
We store the following Git metadata:
- Git commit hash and message
- Git branch name
- Git pull-request title and number
GDPR Compliance
Widgetbook and Widgetbook Cloud are fully compliant with the General Data Protection Regulation (GDPR). We ensure that all personal data is processed lawfully, transparently, and for specific purposes. Users have control over their data, and we provide mechanisms for data access, rectification, and deletion as required by GDPR.
Data Storage and Backup
We leverage secure cloud services for data storage and backups. Our cloud providers adhere to industry-standard security practices to maintain data integrity and availability.
Encryption Protocols
We implement encryption protocols to safeguard your data:
- Data in Transit: All communication between your devices and our servers is encrypted using Transport Layer Security (TLS) protocols. This ensures data confidentiality and integrity during transmission.
- Data at Rest: While we store minimal data, any sensitive information is protected using industry-standard encryption methods provided by our cloud service providers.
Access Controls
We enforce strict access controls to ensure that only authorized personnel can access system resources:
- Authentication Mechanisms: Secure authentication is managed via robust authentication protocols.
- Authorization Policies: Access rights are assigned based on roles and responsibilities to minimize unnecessary access to sensitive components.