Last updated: 20th January 2020
Personally identifiable information we collect
To fulfil your use of our services and customer support, you must provide us with certain personally identifiable information, including:
|Personal information stored||Why we require it||Special handling of personal information|
|Your e-mail address||
Your e-mail address is primarily used as your Structurizr account identifier. Unless you explicitly opt-in to receive marketing e-mails (when modifying your user profile), we will only send you the following types of e-mails:
|Password||Website sign in/authentication.||Your password is stored using a one-way hashing algorithm, called bcrypt, with a random salt.|
|Your name||E-mail correspondence and greeting (optional).||None|
|Your address||For display on invoices only.||None|
When you use this website as an authenticated user (ie. signed in), we record some information about important events related to your user account or workspaces; including:
These audit logs are created to help us with security of the service, and to allow us to diagnose certain categories of problems (e.g. a user cannot sign in, or verify their account). Your IP address is a part of these audit logs.
Credit card details
Although we provide an online payment facility for purchasing our paid services, Structurizr does not collect this information. By purchasing one of our paid services, you are entering your credit card details into a PCI compliant form that is hosted by Braintree Payments. We have no access to your credit card details.
Why we need your information and how we use it
We rely on a number of legal bases to collect, use, and share your information, including:
- as needed to provide our service, such as to fulfil your order, to settle disputes, or to provide customer support
- if necessary to comply with a legal obligation or court order or in connection with a legal claim, such as retaining information about your purchases if required by tax law
- as necessary for the purpose of our legitimate interests, if those legitimate interests are not overridden by your rights or interests, such as providing and improving our services
We use your information to provide the services you requested and in our legitimate interest to improve our services.
Information sharing and disclosure
Personally identifiable Information about our customers is important to our business. We share your personal information for very limited reasons in order to fulfil our service and provide customer support.
We engage certain trusted third parties (processors) to perform functions and provide services. The third parties that Structurizr Limited shares your information with are:
|Amazon Web Services||Name, address, e-mail address, hashed password and IP address.||We use some of the services provided by Amazon Web Services for data storage and e-mail.||AWS Data Privacy FAQ|
Website analytics and performance monitoring
We use Google Analytics to track website usage, inbound links, etc. You can find more information about this at How Google uses data when you use our partners' sites or apps. You can choose to opt-out of Google Analytics. We also use Pingdom to collect information about uptime and user response time metrics.
If we sell or merge our business, we may disclose your information as part of that transaction, only to the extent permitted by law.
Compliance with laws
We may collect, use, retain, and share your information if we have a good faith belief that it is reasonably necessary to:
- respond to legal process or to government requests;
- enforce our agreements, terms and policies;
- prevent, investigate, and address fraud and other illegal activity, security, or technical issues;
- protect the rights, property, and safety of our customers, or others.
We collect and retain personally identifiable information submitted to Structurizr Limited in an identifiable format for the amount of time necessary to meet your request, provide our service, or fulfil our legal or regulatory obligations, unless it is in our legitimate business interests and not prohibited by law to maintain the personally identifiable information for longer periods.
You may review and update your personally identifiable information after signing in to your Structurizr account. If you do not have an account or if you have questions about your account information or other personally identifiable information, please contact us.
If you are using our service in the European Economic Area (EEA) and Switzerland you also benefit from certain rights granted by applicable law but subject to limitations therein. These rights include the right of access, rectification, restriction, opposition, erasure and portability, and the right not to be subjected to automated decision-making. If you want to exercise those rights or find out more, please contact us.
The right to erasure (the right to be forgotten)
For Structurizr user accounts without any associated payments, you can delete your account after deleting all of your workspaces, using the link on your dashboard. Otherwise, please contact us.
Users in the European Economic Area (EEA) and Switzerland have the right to lodge a complaint with the Supervisory Authority for data protection in their country, should they find that we did not appropriately address their question or concern.
We are registered with the Office of the Information Commissioner, Jersey, Channel Islands under the Data Protection Register. Our registration number is: 62007.