1. Overview
diag ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy describes how we collect,
use, disclose, and safeguard your personal information when you use our system architecture diagramming platform.
By using diag, you agree to the collection and use of information in accordance with this policy. We will never
sell your personal data or your diagram content to third parties.
Information you provide directly:
- Account data: Username, email address, and hashed password when you register
- Diagram content: The nodes, edges, labels, and metadata you create within the Service
- Billing information: Payment card details processed securely by our payment provider (we do
not store raw card numbers)
- Communications: Messages you send to our support team
Information collected automatically:
- Usage data: Pages visited, features used, click patterns, session duration
- Technical data: IP address, browser type, operating system, screen resolution
- Log data: Server access logs including timestamps, HTTP methods, and response codes
- Session data: Session identifiers stored in secure, HTTP-only cookies
3. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Service
- Authenticate you and manage your account session
- Process payments and manage your subscription
- Send essential service communications (billing, security alerts, feature updates)
- Respond to your support requests
- Detect, investigate, and prevent fraudulent or unauthorized activity
- Analyze aggregate usage patterns to improve the product (using anonymized data)
- Comply with legal obligations
We do not use your diagram content for any purpose other than delivering the Service to you. We do not train
machine learning models on your content.
4. Sharing Your Information
We do not sell, rent, or trade your personal information. We may share your data only in these limited
circumstances:
- Service providers: Third-party vendors who help us operate the Service (e.g., cloud hosting,
payment processing, email delivery). These providers are contractually prohibited from using your data for their
own purposes.
- Legal compliance: When required by law, court order, or to protect the rights, property, or
safety of diag, our users, or the public.
- Business transfers: In connection with a merger, acquisition, or sale of assets, subject to
confidentiality obligations and this Privacy Policy.
- With your consent: In any other circumstances, only with your explicit consent.
5. Cookies & Tracking
We use a minimal set of cookies necessary to operate the Service:
- Session cookie: A secure, HTTP-only cookie that keeps you logged in. Expires when you sign
out or after a period of inactivity.
- Preference cookies: Optional cookies that remember your UI preferences (e.g., theme
settings).
We do not use advertising trackers, third-party analytics cookies, or cross-site tracking pixels. We do not
participate in any advertising networks.
You can control cookies through your browser settings. Disabling session cookies will prevent you from logging
in.
6. Data Retention
We retain your data for as long as your account is active or as needed to provide the Service.
- Account data: Retained until you delete your account, plus 30 days for recovery purposes
- Diagram content: Deleted 30 days after account deletion unless you export it first
- Server logs: Retained for up to 90 days for security and debugging purposes
- Billing records: Retained for 7 years as required by applicable tax law
7. Security
We take reasonable technical and organizational measures to protect your information:
- All data is encrypted in transit using TLS 1.3
- Passwords are hashed using bcrypt before storage — we never store plaintext passwords
- Session cookies are HTTP-only and SameSite-protected to prevent CSRF and XSS attacks
- Database access is restricted to authorized backend services only
- We conduct regular security reviews of our infrastructure
No system is completely secure. If you discover a security vulnerability, please disclose it responsibly to [email protected].
8. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your account and associated data
- Portability: Request your diagram data in a portable format (JSON export)
- Restriction: Request that we restrict processing of your data in certain circumstances
- Objection: Object to processing based on legitimate interests
To exercise any of these rights, email [email protected]. We will respond
within 30 days. You may also export or delete your diagrams at any time from within the application settings.
If you are in the European Economic Area, you have the right to lodge a complaint with your local data protection
authority.
9. Children's Privacy
The Service is not directed to children under the age of 16. We do not knowingly collect personal information
from anyone under 16. If you believe we have inadvertently collected data from a child, please contact us at [email protected] and we will promptly delete it.
10. International Data Transfers
Your information may be stored and processed in countries other than your own, including countries that may not
have the same data protection laws as your jurisdiction. We take appropriate safeguards to ensure your data
receives adequate protection wherever it is processed, including through data processing agreements with our
service providers.
11. Updates to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by
posting a prominent notice in the Service before the changes take effect. The "Last updated" date at the top of
this page reflects the most recent revision.
We encourage you to review this policy periodically. Your continued use of the Service after any changes
constitutes acceptance of the updated policy.
For privacy-related questions, data requests, or concerns, please contact us: