Lucidchart Security

We are dedicated to keeping your data private, safe, and secure.

  • Privacy

    Lucidchart claims no ownership over any document data. You retain all intellectual property and other rights to your documents and the information contained therein. We respect your privacy and will never make your documents publicly available without permission.

    To ensure the privacy of your information, all data is transferred between user devices and Lucidchart servers using up to 256-bit encrypted connection via TLS 1.2 and a world-class certificate provider. Lucidchart also employs encryption at rest (AES-256) to protect the secrecy of all data persisted by the application. The cryptographic keys used to secure Lucidchart are protected by Amazon’s Key Management Services.

    Lucidchart is EU-US Privacy Shield certified and committed to GDPR compliance.

    For more information, see our Privacy Policy and Terms of Service

  • Security and availability

    Security for your data is one of our top priorities, and we have a team dedicated to securing Lucidchart’s systems, processes, and controls. Lucidchart is powered by Amazon Web Services (AWS), the industry’s leading provider of secure computing infrastructure. We choose AWS because of their stringent security measures, which include the following certifications:

    • SOC 2 audits
    • Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS)
    • ISO 27001 certification
    • U.S. General Services Administration FISMA-Moderate level operation authorization

    To learn more about the security procedures employed by AWS, please review their documentation.

    You can securely access Lucidchart at any time and from any device or location, and we offer a 99.9% uptime guarantee to enterprise customers. Documents, account information, access control lists, and other persistent data is replicated across multiple availability zones using industry-standard database management systems, replication, and failover solutions.

  • Compliance certifications

    Lucidchart complies with applicable local and international requirements and maintains compliance certifications, including PCI, Privacy Shield, and SOC 2 (in progress).

  • Visibility and control

    Lucidchart enterprise features allow you to maintain governance of your accounts so you can better adhere to compliance requirements. These features include document sharing restrictions, IP whitelisting, and whitelisted domains. We offer Key Management Service (KMS), which allows customers to control their own unique encryption keys to add an additional level of security.

    We follow security best practices and protect your data by using the principle of least privilege access. A simple role-based permissions system allows administrators to manage access to documents owned by the account. The account management tools allow account and team admins to integrate with their identity management platform and control collaboration settings.