Structurizr is built using a number of cloud-based services including Pivotal Web Services, Amazon RDS and SendGrid. This page describes how your data is secured and the data storage options you have.


Your password is stored using a one-way hashing algorithm, called bcrypt, with a random salt.

API keys and secrets

Your API keys and secrets are stored encrypted, with a random salt.

Sharing token

The token used in workspace sharing links is also stored encrypted, with a random salt.


There are a number of options for storing your workspace data (the JSON representation), each of which has a different balance between security and usability.

How is data stored by default?

Your workspaces are stored on our servers using AES encryption with a 128-bit key, a random salt and a passphrase that resides on the server. A small quantity of metadata (workspace name, description and a low resolution thumbnail) is stored unencrypted to make rendering your dashboard page easier.

Can I encrypt my own data?

For additional peace of mind, we support client-side encryption on paid plans.

Can I use Structurizr without uploading my software architecture model to the cloud?

Yes, paid options include local storage, the on-premises API and the on-premises UI.

Server locations

Structurizr is deployed onto Pivotal Web Services Cloud Foundry, which is itself hosted on Amazon EC2 in US-East-1. You can find more information on the Pivotal Web Services Knowledge Base.

Data is stored in Amazon RDS, which is also hosted on Amazon EC2 US-East-1.