Skip to content

Privacy and security information#

When using Neptune in your project, there are several things you can do to control what data is logged and who can access it.

The following sections list some considerations and tips, which may be useful especially if you're working with sensitive data.

Data stored by Neptune#

For our SaaS offering (in which you use the Neptune web app at https://app.neptune.ai as opposed to a self-hosted solution), we store logged metadata on our servers. This metadata refers to any data stored in a Neptune run, model, or project which can be displayed in the web app (UI) or fetched via API.

What does the metadata consist of?

The logged metadata is a combination of:

  1. Basic metadata logged automatically by the Neptune API (unless disabled).
  2. Metadata logged manually, by using methods from the Neptune API.
  3. Tags, descriptions, or other metadata manually added through the Neptune app.

For details, see the next section: Neptune API

How can I get a snapshot of all the metadata logged?

To process your entire project:

For individual runs or other Neptune objects, the most straightforward way to see the data is to:

  • App: Explore the All metadata section. Here you can also preview file-like data.
  • API: Use the get_structure() method on a Neptune object in your code to see the complete data structure and types.

Neptune API#

Tracking artifact metadata#

Instead of uploading data and other files directly, you can track and version them using Neptune artifacts. When tracked this way, Neptune only logs metadata (such as hash and size) and not the artifact contents themselves.

For remote tracking, Neptune supports Amazon S3, Google Cloud Storage (GCS), and other S3-compatible providers. While you can download remotely tracked artifacts via the Neptune API, the artifacts themselves are not stored on Neptune servers – only their reference.

To learn more, see Track artifacts.

Automatically logged metadata#

Neptune runs log certain metadata by default, such as system metrics, the source code used to initialize the run, and Git information.

You can control and disable these options as needed. For details, see What Neptune logs automatically.

Neptune client vs integrations#

Regarding the Neptune API, the following is good to know:

  • Working with the Neptune client library: If you're only using neptune (or neptune-client), you're fully in control of what is logged and sent to Neptune. See the below section for what's logged by default and how to turn it off.
  • Working with integrations: If you're using an integration library (such as neptune-pytorch), check the integration guide for what metadata is tracked by default and how to customize the logging.

Public and private projects#

Neptune projects have three levels of privacy:

  • Public: Visible to anyone on the internet.
  • Workspace: Only accessible to workspace members.
  • Private (on plans with project level access control): Only workspace members specifically assigned to the project can access it.

To improve the security, the ability to create public projects is disabled by default. Admins can enable this option in the workspace settings.

Additionally, you can manage which workspace members can access which projects by choosing a plan that includes access control. (Service accounts always need to be explicitly added to a project in order to access it.)

Deploying Neptune self-hosted#

If you need a completely self-hosted solution, you can also deploy Neptune on your own infrastructure.

Neptune only needs to connect to the internet to fetch the installation artifacts; otherwise it does not communicate outwards or send data anywhere (except for what you may have explicitly configured for your installation of Neptune).

To learn more, see Self-hosted Neptune.

SOC#

Neptune is SOC 2 compliant. You can learn more in the security portal .