When you work on a draw.io diagram in Confluence Server or Cloud, the data is only stored as page attachments within Confluence, nowhere else. Your diagram data is never sent to our servers during save/load, even in transit.

On Confluence Server/DC, in the default setup, no diagram data is ever sent externally under any conditions. There is an option to connect to an external image generation server to improve font support the draw.io PDF export. Note that this is disabled by default and PDF export is still available via print to PDF.

draw.io can help you achieve ISO/IEC certifications

Because your diagram data is not shared or stored outside of your device and the platform where you save your diagram, draw.io can help you achieve certification under the ISO 27000, 27001 and 27002 standards, the three worldwide standards that cover data protection.

And if you are using draw.io for Confluence, you can diagram your processes. Along with the comprehensive and integrated revision history, your draw.io diagrams will help you get certified under ISO 19011 (auditing and quality management systems).

Diagrams also make audits more efficient

External corporate governance and financial audits, where business and IT processes are also assessed, are a common requirement especially for strictly regulated industries, non-profit organizations, and publicly traded companies which must be audited under the Sarbanes-Oxley Act to be listed on the American Stock Exchange. Diagrams of your processes make these audits less time consuming and much less stressful.

We care about your privacy

In addition to not allowing your diagram data to be stored on our servers, we have tools and processes in place to help you protect your information.

  • You can share a diagram without sharing the text and metadata: The anonymize plugin for draw.io overwrites all text and metadata in your diagram so you can share it without sharing any potentially sensitive information.
  • There is no analytics software of any kind injected in pages where draw.io runs.
  • No logging data is ever sent out from Confluence server/DC, logs write to the main Confluence log.

draw.io and the GDPR

We do not use web beacons, and we don’t profile you by your browser fingerprint. Your diagram data and your personal data is safe with draw.io. We’ve updated the draw.io privacy policy to be clear about how your diagram and personal data is protected, and to explain how we comply with the GDPR.

Read more about the personal data protection regulations, including the GDPR at the European Commission.