Security

We take security seriously. Your architecture diagrams contain sensitive infrastructure details, and we treat them accordingly.

Encryption

All data encrypted in transit (TLS 1.3) and at rest (AES-256). Database backups are encrypted and retained for 30 days.

Infrastructure

Hosted on AWS with SOC 2-aligned security practices. Private subnets, security groups, and least-privilege IAM roles.

AI Data Handling

Prompts are sent to Anthropic and OpenAI for generation. We do not train AI models on your diagrams or prompts. Imported .drawio files are stored securely and never shared with AI providers.

Authentication

SSO via PropelAuth with Google, Microsoft, and GitHub. No passwords stored. Session tokens are short-lived and rotated.

Data Residency

All data stored in AWS US regions. EU data residency options are on our roadmap.

Compliance

SOC 2 Type II certification in progress. HIPAA, PCI-DSS, and GDPR compliance overlays are on our roadmap.