We believe you should know exactly what happens to your data. This policy is written in plain English — not legal boilerplate — because your trust matters to us.
DiagramIQ Pty Ltd ("DiagramIQ", "we", "our", "us") is an Australian proprietary company with ABN 57 687 546 701 and registered office at 81 Campbell St, Surry Hills, New South Wales, 2010, Australia.
We operate the DiagramIQ platform, available at app.diagramiq.io and related subdomains, as well as this marketing website at diagramiq.io.
We collect the following categories of personal data:
Account data: Name, email address, company name, job title, and billing address when you create an account or subscribe to a plan.
Usage data: Pages visited, features used, session duration, browser type, and device information collected via first-party analytics.
Cloud metadata: When you connect a cloud account, we collect resource metadata (names, IDs, configurations, relationships). We do not collect the contents of your application data, databases, or source code.
Communications: Messages you send to our support team, feedback submitted through the platform, and responses to surveys.
Payment data: Payment transactions are processed by Stripe. We store only the last four digits of your card, expiry date, and billing address. Full card details never touch our servers.
We use your data to:
— Provide and improve the DiagramIQ platform — Send transactional emails (account confirmations, invoices, security alerts) — Send product updates and changelogs (you can unsubscribe at any time) — Provide customer support — Detect and prevent fraud and abuse — Comply with legal obligations — Conduct aggregate, anonymised analytics on product usage
We do not sell your personal data to third parties. We do not use your cloud metadata to train machine learning models without your explicit consent.
For users in the European Economic Area, our legal bases for processing are:
Contract performance: Processing required to provide the service you have subscribed to.
Legitimate interests: Fraud detection, security monitoring, and aggregate analytics that do not override your fundamental rights.
Consent: Marketing emails and optional product research programmes. You may withdraw consent at any time.
Legal obligation: Retaining billing records and responding to lawful requests from authorities.
We retain your personal data for as long as your account is active. After account deletion, personal data is purged within 30 days, except where longer retention is required by law (e.g., billing records retained for 5 years under Australian tax law).
Cloud metadata and architecture diagrams are deleted within 72 hours of account deletion. Anonymised, aggregated usage statistics may be retained indefinitely.
Subject to applicable law, you have the right to:
— Access a copy of the personal data we hold about you — Correct inaccurate or incomplete data — Request deletion of your data ("right to be forgotten") — Restrict or object to processing — Data portability (receive your data in a machine-readable format) — Withdraw consent at any time
To exercise any of these rights, email privacy@diagramiq.io. We will respond within 30 days.
We use strictly necessary cookies to maintain your session and preferences. We use first-party analytics cookies to understand how people use our platform. We do not use third-party advertising cookies or cross-site trackers.
For full details, see our Cookie Policy.
We share data with the following categories of sub-processors:
Cloud infrastructure: AWS (hosting, storage, compute) Payments: Stripe (payment processing) Email delivery: Postmark (transactional email) Customer support: Intercom (support chat and ticketing) Error monitoring: Sentry (application error logging — anonymised)
A complete list of sub-processors is available on request.
DiagramIQ is primarily hosted in the United States (AWS us-east-1). For EU customers on Pro and Enterprise plans, EU data residency is available, ensuring your data never leaves the European Economic Area.
Transfers of personal data from the EEA to the US are governed by Standard Contractual Clauses approved by the European Commission.
We may update this Privacy Policy from time to time. Material changes will be communicated via email to account holders at least 14 days before they take effect. The date of the latest revision is shown at the top of this page.
For privacy enquiries, contact our Data Protection Officer at privacy@diagramiq.io or by post to:
DiagramIQ Pty Ltd, Attn: Data Protection Officer 81 Campbell St, Surry Hills, New South Wales, 2010, Australia