Security at Excalidraw
Thousands of customers trust Excalidraw to securely store their diagrams and data
Github security integration
We are using Github to keep up with security updates & scan for vulnerabilities.
We scan for service role keys during CI build and filter build process environment variables to ensure only those currently needed are used.
Data Encryption
Excalidraw+ customers' data is secured using AES-256 encryption at rest and TLS encryption in transit.
Additionally, sensitive details such as access tokens and keys undergo encryption at the application level before database storage.
Free Excalidraw user's data are stored locally, and when shared protected by End-to-End encryption.
Role-based access control
Organizational members in Excalidraw can be authorized to access specific resources.
Admins can control access, sharing & AI usage for the whole workspace and all its members.
Backups
All customer databases are backed up every day.
Point in Time Recovery allows restoring the database for 14 days.Payment processing
Excalidraw processes payments through Stripe and does not retain any personal credit card details of customers.
Stripe holds a highly recognized PCI Service Provider Level 1 certification.
SOC2
SOC2 compliance standard is an important security policy for handling sensitive customer data.
We are in the middle of obtaining the certification
Privacy
We prioritize privacy, using GDPR-compliant SimpleAnalytics for tracking and self-hosted Umami for in-app usage and tooling tracking.
Status page
Our servers and services are automatically monitored and publicly accessible at the status page
Enterprise
Safe space for your ideas and projects
Generate ideas, collaborate and implement. In real-time.
Simply with Excalidraw Enterprise.
coming soon