To ensure a secure connection from users’ browsers to our service, we support encrypted connections of up to AES-256 and TLS 1.2, backed by certificates from a world-class certificate provider.
Lucidchart also employs encryption at rest to protect the secrecy of all data persisted by the application. The cryptographic keys used to secure Lucidchart are protected by Hardware Security Modules (HSM) and are never introduced into the Lucidchart environment.
To provide rigorous access controls, we have both network layer (IP) and transport layer (TCP) firewalls that segregate network traffic between application tiers.
Our network is built using Amazon's secure Virtual Private Cloud (VPC) technology, adding an extra layer of protection against intrusion.
Disaster recovery and backups
Your data is backed up hourly to multiple physical locations across several Availability Zones.
Once a week, the most recent versions of database snapshots are stored in encrypted form to a secure off-site location.
Lucidchart conducts monthly validations of our backups to ensure that they can be used for restoration in case of emergency.
We quantify our reliability by offering a 99.9% uptime guarantee to enterprise customers. This guarantee ensures the constant deployment of our services, 24 hours a day, 7 days a week, 365 days a year.
Secure data centers
Amazon Web Services (AWS) powers the server requirements for thousands of high-profile companies and government entities. We have partnered with AWS to provide our web and data services because of their stringent security measures, which include compliance with the following certifications and third-party attestations:
- SAS70 Type II audits
- Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS)
- ISO 27001 certification
- U.S. General Services Administration FISMA-Moderate level operation authorization
To learn more about the security procedures employed by AWS, please review their documentation.
Lucidchart supports sign-on with a unique username and password, or single sign-on with Google/Yahoo.
User passwords are never transmitted in plain text.
Only salted one-way hashes of passwords are stored by our servers—never the passwords themselves.
Individual user identity is authenticated and re-verified with each transaction, using a unique token created at login.
We follow security best practices by using least privilege access principles to protect your data.
Role-based permissions system is available to Lucidchart user administrators.
- Set required password strength
- Dictate the frequency of password resets
- Seize control of a user account if that user’s employment has ended
- Set permissions for each user, including view-only, edit, and document ownership
Lucidchart claims no ownership over any documents created through our services. Users retain copyright and any other rights, including all intellectual property rights, on created documents and included content.
We respect your privacy and will never make your documents publicly available without permission.
Lucidchart performs regular internal security design reviews and contracts with a third-party penetration expert to test for application vulnerability threats and network vulnerability threats.
These tests are carried out quarterly with industry-leading automated tools and extensive manual testing. Testing covers OWASP top-10 threats and WASC 26 classification sections.
Our live systems are continuously monitored and supported; any issue will be reported and fixed as soon as possible.
Lucidchart works with leading enterprises.Learn about Enterprise