Your security is our top priority
To protect your intellectual property and identifying information, Lucidchart employs a well-designed infrastructure and adheres to industry best practices.
Download our in-depth Security Whitepaper
- Lucidchart supports sign-on with a unique username and password, or single sign-on with Google/Yahoo.
- User passwords are never transmitted in plain text.
- Only salted one-way hashes of passwords are stored by our servers--never the passwords themselves.
- Individual user identity is authenticated and re-verified with each transaction, using a unique token created at login.
- We follow security best practices by using least privilege access principles to protect your data.
- Role-based permissions system is available to Lucidchart user administrators.
- Set required password strength
- Dictate the frequency of password resets
- Seize control of a user account if that user’s employment has ended
- Set permissions for each user, including view-only, edit, and document ownership
- Lucidchart claims no ownership over any documents created through our services. Users retain copyright and any other rights, including all intellectual property rights, on created documents and included content.
- We respect your privacy and will never make your documents publicly available without permission.
- Lucidchart performs regular internal security design reviews and contracts with a third-party penetration expert to test for application vulnerability threats and network vulnerability threats.
- These tests are carried out quarterly with industry-leading automated tools and extensive manual testing. Testing covers OWASP top-10 threats and WASC 26 classification sections.
- Our live systems are continuously monitored and supported; any issue will be reported and fixed as soon as possible.