Introducing data governance and lockdown configuration options 12 Feb 2021

Share: is a unique security-first diagramming tool in that we provide the application platform, but your diagram data only lives in your computer memory while you are working on it. As you can store your diagrams on your preferred enterprise-level cloud storage platforms or on your local device, gives you control over your diagram data.

Some extended editor features, such as PDF generation (File > Export As > PDF), are only available from the server endpoints. In these cases, your diagram data is securely transmitted from your browser to our server endpoint, and when the converted file is sent back to your browser, your diagram data is deleted from the server.

Data is encrypted during all network transmission up to the endpoint processing.

Data governance regions for server endpoints

The online editor at is delivered via Cloudflare edge data centers and data transmitted outbound is directed via those same Cloudflare centers. The server endpoints are all located within AWS data centers. The features requiring server-side functionality are:

  • Translation of vsd, vss, and vdx files to vsdx. understands vsdx natively in JavaScript on the client.
  • Import of Gliffy files.
  • Migration of EMF images embedded in vsd/vsdx files. EMF licensing means only the Windows operating system may manipulate these.
  • Generation of PlantUML diagrams. PlantUML is written in Java.
  • Generation of PDFs of diagrams.
  • Collaborative editing by sending only deltas of changes to other editors.

Wherever possible we use serverless (AWS Lambda) functionality to reduce the attack surface of the endpoints. server endpoints are all in the EU (in Frankfurt, Germany).

Data transmission lockdown

Additionally, you can use the lockdown toggle in the editor configuration to disable data transmission apart from directly between your browser where you are editing your diagram, and the cloud platform or location you have chosen to store the diagram file.

Set server endpoints and disable data transmission

  1. Select Extras > Configuration to customise
    Access the configuration via Extras > Configuration
  2. To restrict data transmission to between your browser and your storage location, add the following JSON string: "lockdown": true.
    Set which server region to use and restrict data transmission to between browser and storage location only in the editor configuration JSON code
  3. Click Apply to save your changes, and then reload the editor (refresh the browser page).

Data residency in Atlassian Cloud

The architectures for for Confluence and Jira Cloud are identical to those used with However, you can set the data governance rules centrally for all users on your Confluence instance.

If you are using the apps for Confluence or Jira Cloud, Atlassian lets you additionally set your data residency region to choose where your data or in-scope product content resides. That means the content of your instance and associated metadata will be stored on servers in that region when it is at rest. Now, you can configure to match this.

  1. Go to the app configuration section in your Confluence Cloud settings.
  2. Add the following JSON string: "lockdown": true" to the configuration to restrict data transmission to between the browser and your Atlassian storage location.
    Configure for Confluence Cloud to lock down your diagram data to match your Atlassian data residency settings

Learn more about data storage and flow of diagram data in for Confluence and Jira Cloud and see how to administer in Confluence Cloud.

Follow us on GitHub, Twitter, Facebook.