Your password is stored using a one-way hashing algorithm, called bcrypt, with a random salt.
API keys and secrets
Your API keys and secrets are stored encrypted, with a random salt.
The token used in workspace sharing links is also stored encrypted, with a random salt.
There are a number of options for storing your workspace data (the JSON representation), each of which has a different balance between security and usability.
How is data stored by default?
Your workspaces are stored on our servers using AES encryption with a 128-bit key, a random salt and a passphrase that resides on the server.
Can I encrypt my own data?
For additional peace of mind, users on a paid plan can opt to use client-side encryption. In doing so, you encrypt your workspace using your own passphrase before uploading the encrypted JSON to Structurizr. Your passphrase never leaves your computer. When you load the workspace in your web browser, you will be prompted to enter your passphrase to decrypt it in the browser.
Can I use Structurizr without uploading my software architecture model?
Yes, users on a paid plan can opt to use the local storage feature. Here, instead of uploading your software architecture model to our servers, everything is instead retained within your web browser. In summary, you drag a file containing a JSON workspace into your web browser and modify the diagrams as usual. You can then save your workspace to local storage in your web browser, or export it back out of your web browser as text to store on your local file system.
Alternatively, you can host your own version of the Structurizr API via the on-premises API feature. Although the Structurizr application is still delivered via the cloud, you retain your data on your local servers.
Structurizr is deployed onto Pivotal Web Services Cloud Foundry, which is itself hosted on Amazon EC2 in US-East-1. You can find more information on the Pivotal Web Services Knowledge Base.
Data is stored in ClearDB, which is also hosted on Amazon EC2 US-East-1.