I have developed an online app using Streamlit, which functions effectively and meets my requirements. The app is a simple tool for uploading datasets and performing data cleaning. I am now inquiring about the data protection measures in place.
Could you please clarify whether the dataset I uploaded is shared with any third party? I am particularly interested in understanding how data protection is implemented. Is the data hosted locally on my device, or is the dataset stored elsewhere with the code executed remotely? I am concerned about the security of the data in my files and want to ensure that it remains inaccessible and confidential. Could you guide this matter?
Two years ago Streamlit was SOC 2 Type 1 compliant.
When Streamlit is described as SOC 2 Type 1 compliant, focusing on security and confidentiality, it means they have been audited and found to have appropriate systems in place to ensure the security of the system (protecting against unauthorized access) and the confidentiality of the information processed by the system (ensuring that sensitive data is accessed only by authorized individuals) at a specific point in time.
To add a few more details…
Streamlit has a sever-client structure. The server executes the Python code and the client is a browser, typically on a different computer from the server.
When you deploy an app on Community Cloud, for example, all the files in your GitHub repository are copied into a container that executes the Python code of your app. If your app saves any files to disk, they would be saved into this container (server).
When you use something like
st.file_uploader, the data is sent from the client to the server and held in memory. It doesn’t result in a saved file on disk unless you explicitly perform an operation to create and save the data to a file. (And even if you did, rebooting the app would delete it.)
Additionally details can be found in our Trust and Security policy.