Security Overview
At Widgetbook, security and privacy are at the core of our platform. We are committed to safeguarding your data while ensuring a seamless experience for developing and cataloging your Flutter components.
Mocked Data Usage
We strongly encourage developers to use mocked data instead of real user data when using Widgetbook. This ensures that no sensitive or personal information is stored or displayed in Widgetbook or Widgetbook Cloud, including builds, reviews, and snapshots.
Source Code Protection
Widgetbook Cloud does not store source code. Builds are compiled on your local machine or CI/CD and uploaded as a binary artifact to our servers, ensuring that the original source code remains under your full control.
We store only minimal Git metadata necessary for collaboration and traceability:
- Git commit hash and message
- Git branch name
- Git pull request title and number
Data Retention Policies
- Builds, Reviews, and Use-Cases are retained for 90 days and automatically deleted afterward.
- Security logs, including audit and access logs, are retained for up to one year for internal security monitoring.
GDPR Compliance
Widgetbook and Widgetbook Cloud are fully GDPR-compliant. We ensure:
- Transparent and lawful processing of personal data.
- Mechanisms for users to access, rectify, and delete their data.
- Adherence to data minimization principles by storing only necessary information.
For further details, refer to our Privacy Policy.
Secure Cloud Infrastructure
Widgetbook’s infrastructure is hosted within AWS’s secure data centers, ensuring high availability, robust security, and compliance with industry standards. AWS continuously assesses risks, implements stringent security measures, and undergoes regular audits to maintain the highest security standards. For more details, refer to AWS Compliance Programs.
Our reliance on AWS’s globally distributed infrastructure allows us to deliver a resilient, high-performance platform, with built-in redundancy and failover mechanisms to safeguard your data. Additionally, AWS data centers are designed to meet strict regulatory and security requirements, ensuring the confidentiality, integrity, and availability of your data at all times.
Encryption
We use industry-standard encryption to protect data at all stages:
- Data in Transit: All communication between your devices and Widgetbook servers is secured using TLS 1.2/1.3 encryption.
- Data at Rest: Sensitive data is encrypted using AES-256 and other industry best practices provided by our cloud providers.
Access Controls
To prevent unauthorized access, Widgetbook enforces strict access control mechanisms:
- Authentication: Secure authentication via OAuth and third-party identity providers.
- Role-Based Access Control (RBAC): Permissions are assigned based on roles (e.g., administrator, member) to ensure least-privilege access.
Third-Party Risk Management
Widgetbook relies on trusted cloud service providers:
- AWS for hosting and infrastructure security (see AWS Security).
- Neon for database management (see Neon Security).
- Clerk for authentication services (see Clerk Security).
We conduct regular risk assessments to ensure these providers maintain compliance with security best practices.
User Responsibilities
While we ensure a secure infrastructure, we encourage users to follow best security practices:
- Use strong, unique passwords and protect access credentials.
- Avoid uploading sensitive data unless necessary.
- Review permissions regularly to maintain proper access control.
For any security concerns or responsible disclosures, please reach out to contact@widgetbook.io.