Terms and Conditions
These Terms and Conditions (“Terms”) cover all of the ways in which we communicate with you on this website and in any related communications channels such as our feeds, social media and email. When you access our services, or sign up to hear from us, we understand that you are OK with these Terms.
draw.io is developed by JGraph. The draw.io apps for Confluence and Jira are developed in partnership with //SEIBERT/MEDIA.
We maintain various privacy and data security policies, as well as documented processes and testing results in the /jgraph/security-privacy-legal GitHub repository
Like all web servers, our web server logs information about which pages you access, and information about your device (device or browser type and IP). These logs are kept for 12 months.
We do not use permanent or session cookies. We do not use Google analytics or tracking pixels.
You may send us information, such as your name or email address if you submit a support request or send us a direct message on our social media channels (Facebook, Instagram, Twitter, Google Plus).
If you have submitted a support request, we will typically contact you by email to work out a resolution to the problem.
We retain email correspondence for 6 years, after which it is routinely deleted. Direct messages sent via social media accounts are routinely deleted after 6 months.
The www.draw.io server logs information about your device (device or browser type and IP) when you use the online application or the Trello Power-Up, to help us debug technical problems that may occur within the draw.io application. This information is stored in a cyclical log where the oldest data is overwritten by current data continuously. The cycle is about 10 days. These logs contain no diagram information. Only engineering staff are permitted access to server logs to resolve issues. No non-technical staff are permitted access, either directly or indirectly.
draw.io is as fully a client-side application as is technically possible – draw.io does not store your diagram data. When you choose to store your diagram on your local filesystem, localStorage in your browser, or in Google Drive, your diagram data and your preferences do not travel through our servers. Diagram data stored in the following applications and cloud services are covered by their respective privacy policies:
No personal information, or information stored is made available to JGraph when you use draw.io online, offline or within any of its integrations.
If you use Google Drive, you are permitted to change the permissions of your diagram. This sharing permissions dialog is entirely provided and served by Google.
Your diagram data may be securely sent to our image export servers and the resulting file returned in the following cases:
Note: Atlassian Cloud products generate a raster format image of your diagram every time you save. All data is only ever held in memory, never written to disk. The data is cleared from memory after the file has been successfully delivered to you.
If an error condition occurs whilst using the application, the application may send an error report back to the servers. This report contains the program line and condition that occurred. Such reports contain no personal information or parts of your diagram data, nor do they contain any substantial information regarding your usage of the application.
No data is transmitted from your server or client browser when you use draw.io to any third-party with one exception: When you search for an shape, if your keyword has no results in the list of local shapes, the keyword and the list of matching shapes is sent securely to www.draw.io. No diagram information, nor any information about you or your system or infrastructure is transmitted.
If you want to access, review or delete your personal information and communication prior to the routine deletion periods described above, please send an email to [email protected]. We will retain your request for modification or deletion as a record of our compliance with the GDPR.
We do not sell your personal information.
As a rule, we don’t share your information with third parties, unless it is a) with your consent, or b) required by law (in response to an appropriate legal process). We will object to requests for information about people who use our site that we believe to be improper.
The draw.io application and all draw.io websites use HTTP over TLS1.2+ (which builds upon HTTP over SSL) to ensure communication between you and our servers is encrypted and secure.
By the use of draw.io within GSuite, you grant JGraph the rights:
a) That your company, that owns the @domain.com of the Google account you use, permits us to reference them as a user of the Software in customer lists on the draw.io web-site, in marketing publications, in presentations to clients and at trade events.
b) To announce publicly when we pass a security audit set by your company on the draw.io web-site, in marketing publications, in presentations to clients and at trade events.
We do not set any cookies when you browse the draw.io websites.
We respect Do Not Track (“DNT”) settings in browsers. If you’re logged out of our Services and have DNT enabled, we will not set cookies.
To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.