Privacy policy

Last updated: 19th April 2020

Structurizr Limited ("us", "we", or "our") operates this website. This privacy policy describes how and when Structurizr Limited collects, uses, and shares information, when you use the Structurizr website and API (the "service") or contact us. This privacy policy does not apply to the practices of third parties that we do not own or control. By using our service, you agree to the collection and use of information in accordance with this policy.

Personally identifiable information we collect

To fulfil your use of our services and customer support, you must provide us with certain personally identifiable information, including:

Personal information stored	Why we require it	Special handling of personal information
Your e-mail address	Your e-mail address is primarily used as your Structurizr account identifier. Unless you explicitly opt-in to receive marketing e-mails (when modifying your user profile), we will only send you the following types of e-mails: User account events: sign up confirmation, account verification, password reset, password change, e-mail address change, account locked, etc. Payment events: trial activation, purchase confirmation, subscription payment confirmation, subscription cancellation, etc. Workspace events: addition of user to a workspace, etc. Support requests: support and help requests via the support form on your dashboard/workspace pages. Other: essential service information (e.g. service unavailability, breaking changes to the Structurizr API, etc).	None
Password	Website sign in/authentication.	Your password is stored using a one-way hashing algorithm, called bcrypt, with a random salt.
Your name	E-mail correspondence and greeting (optional).	None
Your address	For display on invoices only.	None
IP address	When you use this website as an authenticated user (ie. signed in), we record some information about important events related to your user account or workspaces; including: User account events: signed up, account verified, signed in, sign in failed, account locked, e-mail address changed, password changed, forgot password requested, user type changed (e.g. free to paid plan), on-premises installation downloaded, etc. Workspace events: created, deleted, read via API, written via API, failed API authentication, API key/secret pair regenerated, visibility changed (public, shareable, private), etc. These audit logs are created to help us with security of the service, and to allow us to diagnose certain categories of problems (e.g. a user cannot sign in, or verify their account). Your IP address is a part of these audit logs.	None

Cookies

Please see the Cookie policy page for details of the cookies we use.

Credit card details

Although we provide an online payment facility for purchasing our paid services, Structurizr does not collect this information. By purchasing one of our paid services, you are entering your credit card details into a PCI compliant form that is hosted by Braintree Payments. We have no access to your credit card details.

Why we need your information and how we use it

We rely on a number of legal bases to collect, use, and share your information, including:

as needed to provide our service, such as to fulfil your order, to settle disputes, or to provide customer support
if necessary to comply with a legal obligation or court order or in connection with a legal claim, such as retaining information about your purchases if required by tax law
as necessary for the purpose of our legitimate interests, if those legitimate interests are not overridden by your rights or interests, such as providing and improving our services

We use your information to provide the services you requested and in our legitimate interest to improve our services.

Information sharing and disclosure

Personally identifiable Information about our customers is important to our business. We share your personal information for very limited reasons in order to fulfil our service and provide customer support.

Service providers

We engage certain trusted third parties (processors) to perform functions and provide services. The third parties that Structurizr Limited shares your information with are:

Company	Information shared	Reason for sharing	Third-party privacy policy
Amazon Web Services	Name, address, e-mail address, hashed password and IP address.	We use some of the services provided by Amazon Web Services for data storage and e-mail.	AWS Data Privacy FAQ
Zendesk	Name and e-mail address (only if you raise a support ticket while signed in).	We use Zendesk for managing support tickets.	Zendesk Privacy and Data Protection
Google	IP address (only when signing up and starting a subscription).	We use Google reCAPTCHA v2 to fight spam and abuse on our site.	Google Privacy Policy and Terms of Use

Website performance monitoring

We use Pingdom to collect information about uptime and user response time metrics.

Business transfers

If we sell or merge our business, we may disclose your information as part of that transaction, only to the extent permitted by law.

Compliance with laws

We may collect, use, retain, and share your information if we have a good faith belief that it is reasonably necessary to:

respond to legal process or to government requests;
enforce our agreements, terms and policies;
prevent, investigate, and address fraud and other illegal activity, security, or technical issues;
protect the rights, property, and safety of our customers, or others.

Data retention

We collect and retain personally identifiable information submitted to Structurizr Limited in an identifiable format for the amount of time necessary to meet your request, provide our service, or fulfil our legal or regulatory obligations, unless it is in our legitimate business interests and not prohibited by law to maintain the personally identifiable information for longer periods.

Your rights

You may review and update your personally identifiable information after signing in to your Structurizr account. If you do not have an account or if you have questions about your account information or other personally identifiable information, please contact us.

If you are using our service in the European Economic Area (EEA) and Switzerland you also benefit from certain rights granted by applicable law but subject to limitations therein. These rights include the right of access, rectification, restriction, opposition, erasure and portability, and the right not to be subjected to automated decision-making. If you want to exercise those rights or find out more, please contact us.

The right to erasure (the right to be forgotten)

For Structurizr user accounts without any associated payments, you can delete your account after deleting all of your workspaces, using the link on your dashboard. Otherwise, please contact us.

Contact

If you have general questions about our Privacy Policy and practices or questions about your personal data, you may contact us.

Users in the European Economic Area (EEA) and Switzerland have the right to lodge a complaint with the Supervisory Authority for data protection in their country, should they find that we did not appropriately address their question or concern.

We are registered with the Office of the Information Commissioner, Jersey, Channel Islands under the Data Protection Register. Our registration number with the Jersey Office of the Information Commissioner is 62007.

Changes

We reserve the right to update or change our Privacy Policy at any time, and changes to our Privacy Policy will be posted on this page. If you have any questions about our Privacy Policy, please contact us.