Privacy policy
Last updated: 19th April 2020
Structurizr Limited ("us", "we", or "our") operates this website. This privacy policy describes how and when Structurizr Limited collects, uses, and shares information, when you use the Structurizr website and API (the "service") or contact us. This privacy policy does not apply to the practices of third parties that we do not own or control. By using our service, you agree to the collection and use of information in accordance with this policy.
Personally identifiable information we collect
To fulfil your use of our services and customer support, you must provide us with certain personally identifiable information, including:
Personal information stored | Why we require it | Special handling of personal information |
---|---|---|
Your e-mail address |
Your e-mail address is primarily used as your Structurizr account identifier. Unless you explicitly opt-in to receive marketing e-mails (when modifying your user profile), we will only send you the following types of e-mails:
|
None |
Password | Website sign in/authentication. | Your password is stored using a one-way hashing algorithm, called bcrypt, with a random salt. |
Your name | E-mail correspondence and greeting (optional). | None |
Your address | For display on invoices only. | None |
IP address |
When you use this website as an authenticated user (ie. signed in), we record some information about important events related to your user account or workspaces; including:
These audit logs are created to help us with security of the service, and to allow us to diagnose certain categories of problems (e.g. a user cannot sign in, or verify their account). Your IP address is a part of these audit logs. |
None |
Cookies
Please see the Cookie policy page for details of the cookies we use.
Credit card details
Although we provide an online payment facility for purchasing our paid services, Structurizr does not collect this information. By purchasing one of our paid services, you are entering your credit card details into a PCI compliant form that is hosted by Braintree Payments. We have no access to your credit card details.
Why we need your information and how we use it
We rely on a number of legal bases to collect, use, and share your information, including:
- as needed to provide our service, such as to fulfil your order, to settle disputes, or to provide customer support
- if necessary to comply with a legal obligation or court order or in connection with a legal claim, such as retaining information about your purchases if required by tax law
- as necessary for the purpose of our legitimate interests, if those legitimate interests are not overridden by your rights or interests, such as providing and improving our services
We use your information to provide the services you requested and in our legitimate interest to improve our services.
Information sharing and disclosure
Personally identifiable Information about our customers is important to our business. We share your personal information for very limited reasons in order to fulfil our service and provide customer support.
Service providers
We engage certain trusted third parties (processors) to perform functions and provide services. The third parties that Structurizr Limited shares your information with are:
Company | Information shared | Reason for sharing | Third-party privacy policy |
---|---|---|---|
Amazon Web Services | Name, address, e-mail address, hashed password and IP address. | We use some of the services provided by Amazon Web Services for data storage and e-mail. | AWS Data Privacy FAQ |
Zendesk | Name and e-mail address (only if you raise a support ticket while signed in). | We use Zendesk for managing support tickets. | Zendesk Privacy and Data Protection |
IP address (only when signing up and starting a subscription). | We use Google reCAPTCHA v2 to fight spam and abuse on our site. | Google Privacy Policy and Terms of Use |
Website performance monitoring
We use Pingdom to collect information about uptime and user response time metrics.
Business transfers
If we sell or merge our business, we may disclose your information as part of that transaction, only to the extent permitted by law.
Compliance with laws
We may collect, use, retain, and share your information if we have a good faith belief that it is reasonably necessary to:
- respond to legal process or to government requests;
- enforce our agreements, terms and policies;
- prevent, investigate, and address fraud and other illegal activity, security, or technical issues;
- protect the rights, property, and safety of our customers, or others.
Data retention
We collect and retain personally identifiable information submitted to Structurizr Limited in an identifiable format for the amount of time necessary to meet your request, provide our service, or fulfil our legal or regulatory obligations, unless it is in our legitimate business interests and not prohibited by law to maintain the personally identifiable information for longer periods.
Your rights
You may review and update your personally identifiable information after signing in to your Structurizr account. If you do not have an account or if you have questions about your account information or other personally identifiable information, please contact us.
If you are using our service in the European Economic Area (EEA) and Switzerland you also benefit from certain rights granted by applicable law but subject to limitations therein. These rights include the right of access, rectification, restriction, opposition, erasure and portability, and the right not to be subjected to automated decision-making. If you want to exercise those rights or find out more, please contact us.
The right to erasure (the right to be forgotten)
For Structurizr user accounts without any associated payments, you can delete your account after deleting all of your workspaces, using the link on your dashboard. Otherwise, please contact us.
Contact
If you have general questions about our Privacy Policy and practices or questions about your personal data, you may contact us.
Users in the European Economic Area (EEA) and Switzerland have the right to lodge a complaint with the Supervisory Authority for data protection in their country, should they find that we did not appropriately address their question or concern.
We are registered with the Office of the Information Commissioner, Jersey, Channel Islands under the Data Protection Register. Our registration number with the Jersey Office of the Information Commissioner is 62007.
Changes
We reserve the right to update or change our Privacy Policy at any time, and changes to our Privacy Policy will be posted on this page. If you have any questions about our Privacy Policy, please contact us.