Your diagram data is secure and private

draw.io 10 Mar 2019

Share:

draw.io is a unique security-first diagramming tool in that we provide the application platform, but your diagram data only lives in your browser on your local device while you are working on it. Upon saving, your diagram data will be stored at the location you have chosen: in your cloud platform, on your local device, in GitHub, or to whichever integration you have selected. Your diagram data is never sent to our servers when you save your diagram.

If you export your diagram to an image (raster) format using an outdated browser such as Internet Explorer, or if you export your diagram to a PDF file, this is the only time your diagram data is sent to our servers - diagram conversion on our servers is not possible without seeing your diagram. As soon as the conversion to an image or a PDF file has completed and it has been delivered to you, all diagram data is immediately deleted - your diagram data is never saved or stored on our servers.

We are fully committed to data security and privacy

  • We don’t track your use of this website - there are no cookies, advertisements, analytics, browser fingerprinting or tracking beacons.
  • We don’t track your use of the draw.io apps (online, desktop or any of our first-party integrations).
  • As mentioned above, draw.io doesn’t allow your diagram data to be stored on our servers.

Because your sensitive diagram data doesn’t leave your infrastructure and is never stored on our servers, draw.io is a tool which lets you comply with data protection certifications (ISO 27000, 27001 and 27002) and the GDPR.

Read more about data protection and the GDPR at the European Commission’s website.

Application provision and error logging

In order to serve the app.diagrams.net online application, it needs to know your IP address and limited information about your device. This information is stored in logs to help the engineering staff debug errors when they occur, and non-technical staff do not have access. These logs are cyclically overwritten every 10 days.

If an error happens (software always causes errors), an error report is sent to our servers with the line of code in the draw.io application where the error occurred. These error reports never contain any diagram data or personal information.

All privacy and security processes and measures are fully documented on GitHub

draw.io's versioned security, privacy and legal documentation on GitHub

Offline and secure diagramming with the desktop app

If you want to diagram in a totally secure and offline environment, download and install draw.io desktop. This stand-alone version is available for MacOS, Windows and Linux.

Do you need to obfuscate your diagram’s text before you share it?

The anonymize plugin overwrites all text and metadata so you can safely share sensitive diagrams with clients or parters without fear of breaching non-disclosure clauses or the GDPR.

Go to https://app.diagrams.net/?splash=0&p=anon, create a diagram and see how it works. From the menu, select Extras > Anonymize Current Page to anonymise your diagram.

Select Extras > Anonymize Current Page from the menu

A diagram after all text has been scrambled by the anonymize plugin

Follow us on GitHub, Twitter, Facebook.

Share: