Uploaded data security

Hi there,

I’m writing a notebook where users can upload data and the Notebook makes calculations on it. Can I assure users that their data is completely private? This means that I have no way to access to the data, nor the staff at Observable. (I know, this question assumes that my code does not tamper with the data to save it somewhere else!)


Hi Pablo,

Assuming that you’re using a basic file input form, and processing the data within the notebook (not sending it via an API call to a different website), yes, you can assure users that their data is private, and that neither Observable staff or you yourself can access it.

Since all of the source code to a notebook is visible in the notebook, they can even verify that fact for themselves.

As a final note, when working with truly private, sensitive data, it’s important to trust your dependencies — any library you’re loading from npm, or any notebook that you’re importing cells from. I’d recommend auditing your notebook’s dependencies to ensure that they’re doing what you think they’re doing (no event-stream hijinks), and then pinning specific versions for your require and import calls.

Thanks! That’s what I thought. However, I was not aware of the imports… So I’ll check that carefully. Best regards