Security Overview

At Widgetbook, we prioritize the security and privacy of your data. Our commitment is to provide a secure platform for developing and cataloging your Flutter components without compromising on functionality or ease of use.

Data Handling and Privacy

Mocked Data Usage

We strongly advocate for your developers using Widgetbook to use mocked data instead of real user data for all of your components. By following this approach, the components in Widgetbook as well as Widgetbook Cloud builds, reviews and snapshots do not contain real user data ensuring that no sensitive or personal information is stored or displayed within our platform.

Source code

Besides builds, Widgetbook Cloud does not store any source code. Builds are compiled on your machine and sent as a compiled binary to Widgetbook Cloud servers. The original source code is in your full control and not sent or stored.

We store the following Git metadata:

  • Git commit hash and message
  • Git branch name
  • Git pull-request title and number

GDPR Compliance

Widgetbook and Widgetbook Cloud are fully compliant with the General Data Protection Regulation (GDPR). We ensure that all personal data is processed lawfully, transparently, and for specific purposes. Users have control over their data, and we provide mechanisms for data access, rectification, and deletion as required by GDPR.

Data Storage and Backup

We leverage secure cloud services for data storage and backups. Our cloud providers adhere to industry-standard security practices to maintain data integrity and availability.

Security Measures

Encryption Protocols

We implement encryption protocols to safeguard your data:

  • Data in Transit: All communication between your devices and our servers is encrypted using Transport Layer Security (TLS) protocols. This ensures data confidentiality and integrity during transmission.
  • Data at Rest: While we store minimal data, any sensitive information is protected using industry-standard encryption methods provided by our cloud service providers.

Access Controls

We enforce strict access controls to ensure that only authorized personnel can access system resources:

  • Authentication Mechanisms: Secure authentication is managed via robust authentication protocols.
  • Authorization Policies: Access rights are assigned based on roles and responsibilities to minimize unnecessary access to sensitive components.

User Responsibilities

While we are committed to maintaining a secure platform, we encourage users to adopt best practices:

  • Secure Credentials: Use strong, unique passwords and keep them confidential.
  • Data Awareness: Avoid uploading sensitive or personal data into the platform unless necessary.