Structurizr is built using a number of cloud-based services including Pivotal Web Services, Amazon RDS and SendGrid. This page describes how your data is secured and the data storage options you have.


Your password is stored using a one-way hashing algorithm, called bcrypt, with a random salt.

API keys and secrets

Your API keys and secrets are stored encrypted, with a random salt.

Sharing token

The token used in workspace sharing links is also stored encrypted, with a random salt.


There are a number of options for storing your workspace data (the JSON representation), each of which has a different balance between security and usability.

How is data stored by default?

Your workspaces are stored on our servers using AES encryption with a 128-bit key, a random salt and a passphrase that resides on the server. A small quantity of metadata (workspace name, description and a low resolution thumbnail) is stored unencrypted to make rendering your dashboard page easier.

If applicable, the full resolution image versions of your software architecture diagrams are stored as non-public objects using AES-256 encryption in Amazon S3. These are used for the image embed feature.

Can I encrypt my own data?

For additional peace of mind, we support client-side encryption on paid plans.

Can I use Structurizr without uploading my software architecture model to the cloud?

Yes, options include local storage and the on-premises installation.

Server locations

Structurizr is deployed onto Pivotal Web Services Cloud Foundry, which is itself hosted on Amazon EC2 in US-East-1. You can find more information on the Pivotal Web Services Knowledge Base.

Data is stored in Amazon RDS and S3, which is also hosted in US-East-1.