Safeguarding your trust: Lucid’s dedication to data security

Reading time: about 8 min

Topics:

Lucid tips and updates

At Lucid, our commitment to security isn't just a promise; it's ingrained in every line of code, every feature, and every decision we make. From the beginning, we’ve taken a proactive approach to creating a safe and trustworthy environment for visual collaboration.

With Lucid, you get all the benefits of visual collaboration—including connecting hybrid teams, sharing ideas and information, and clarifying complex concepts—without sacrificing the peace of mind that comes from knowing your data is secure.

While no platform can promise impenetrable security, Lucid’s dedication to proactively identifying, reducing, and correcting risks means that we do everything in our power to safeguard our platform and your data. In this article, we’re filling you in on our security features, ways we follow industry best practices, and our impressive security certifications.

Dive deeper

While this article provides an overview of our security features, certifications, and commitments, you can dive even deeper into this topic by reading our security whitepaper.

Check it out

Security: Protecting your data and securing the platform

When it comes to security, our north star is the principle of least privilege. The principle of least privilege means that users’ access rights are limited to only what they strictly require to do their jobs—nothing more, nothing less.

These are a few of the ways we abide by this principle and take measures to ensure the security of your account and documents:

Access limitations

Our customers have unprecedented control over their accounts. Only those directly involved with your account have access to any of your information, and even then, our internal teams can’t see any of your documents without you providing us with a PIN. These measures add additional layers of security to your account and ensure that you have complete control.

We have a simple role-based permissions system that allows administrators to manage access to documents owned by the account. That means that admins on your team can restrict access to any and all documents created within your Lucid account.

Lucid’s admin dashboard provides teams with total control and visibility over their account.

Information security governance

Securing customer data is a primary objective of the highest levels of management at Lucid. That’s why we have an entire team dedicated to securing Lucid’s systems, processes, and controls. Our security team is the backbone of so much of what we do to build an environment cemented in industry best practices.

On a daily basis, our team develops and implements Lucid’s overall security program, which includes training sessions, internal audits, and compliance evaluations. They also assist our operations teams in maintaining event reporting-related systems, identity management, configuration management, and ensuring our organization as a whole is properly geared to accommodate the security requirements of our customers.

Secure infrastructure

Our applications are powered by Amazon Web Services (AWS). AWS is the leading provider of secure computing infrastructure, which is why it’s a perfect fit for our high standards. We opted for AWS because it meets stringent security requirements, including heightened control over our infrastructure.

AWS has achieved several certifications attesting to its stellar reputation, including:

SOC 2 Type ll audits
ISO 27001 certification
U.S. General Services Administration FISMA Moderate level operation authorization
Level 1 service provider under the Payment Card Industry (PCI) Data Security Standards (DSS)

Data encryption

We understand the sensitivity of private business documents, ideas, communication, and personally identifiable information all too well, which is why data encryption is a top priority for Lucid. To protect the privacy of customer information, all data is transferred between user devices and Lucid servers using up to 256-bit encryption via TLS 1.2 and a world-class certificate provider. We also encrypt data at rest to protect the secrecy of all data persisted by the applications.

Enterprise Shield add-on

Lucid’s Enterprise license includes security, compliance, and unique admin capabilities to ensure standard security practices across our platform. Enterprise customers who want more granular control of their data have the option to upgrade to the Enterprise Shield add-on.

Enterprise Shield creates an enhanced layer of fortified security and control on Lucid’s already highly secure platform. It streamlines processes for safeguarding sensitive data while providing elevated compliance controls.

With Enterprise Shield, admins can:

Automatically identify sensitive data, such as PII, in documents and use granular controls to dictate how to protect enterprise data.
Control exactly who gets access to data and add additional layers of protection to prevent any unauthorized access.
Enhance compliance by supporting legal discovery, compliance, and data governance needs with content lifecycle management.

Lucid’s enterprise features also include Key Management Service (KMS), which allows customers to control their own unique encryption keys to add an additional level of security.

Compliance: Collecting certifications and maintaining requirements

Lucid understands the value of obtaining vital industry security certifications and maintaining local and international requirements. That’s why we’ve invested in our infrastructure and protocols to ensure we build the most trust possible with our customers.

Recently, Lucid was granted two exciting certifications that demonstrate our continued dedication to security. Those certifications include the ISO 27001 and the CASA certification. Typically, these certifications (especially the ISO 27001) take a considerable amount of time to obtain because the requirements are so intense.

When Lucid was audited for these certifications, we were able to move through the process at breakneck speed because we were already adhering to so many industry best practices.

Lucid holds and maintains several compliance certifications, including:

GDPR compliant
PCI compliant
SOC 2 Type ll audited (representing an external verification of Lucid’s internal processes and controls)
EU–U.S. and Swiss–U.S. Privacy Shield certification and adherence to their principles
ISO 27001
Cloud Application Security Assessment (CASA)
FedRAMP Authorized
IRAP Assessed at the PROTECTED Level

Data governance: Granting unprecedented visibility and control to admins

At Lucid, we believe in data ownership. Lucid claims no ownership over any documents created in our software, and our users retain copyright and any other rights, including all intellectual property rights, on any created documents or content. We’re incredibly passionate about this initiative, and our enterprise features allow organizations to maintain governance of their accounts to better adhere to compliance requirements across many industries.

Lucid’s philosophy when it comes to our customer relationships is that we’re here to be partners. That means we encourage open lines of communication and have intimate conversations with our enterprise partners about their unique needs, concerns, or compliance requirements to ensure the utmost security and peace of mind when investing in Lucid.

Account and document controls

Lucid’s account management tools allow admins to manage their accounts and documents, including various custom security settings and measures.

A few of Lucid’s standard admin settings to manage include:

Domain control: Using this feature, new users at your organization are automatically placed under a single Enterprise account that you control.
Domain restrictions: With this setting, admins can choose whom employees share their documents with or invite to join the account.
Document sharing: It’s much easier to protect company assets when you know how they’re being distributed, and with document sharing, you get complete control and visibility.
Document discovery: Our document discovery feature allows you to search, view, and edit sharing permissions for any documents that your team’s account owns.

Examples of more granular Enterprise Shield controls include:

Automatic content inspection: Lucid continuously scans documents for sensitive information, such as PII, and flags it in the admin panel.
Revoking external shares: Remove any external collaborators for any documents, particularly those with sensitive information.
Classification controls: Prevent mishandling of sensitive information by setting sharing restrictions for documents based on classification. For example, if something is marked as confidential, sharing can be turned off immediately.
Audit logs: Lucid's audit logs are designed to enable detection and prevention of potential security threats by providing a record of all user activities and system changes.

You can find even more standard admin controls, group management capabilities, integrations, and other features on the team settings page where admins can:

Restrict publishing and embedding of documents as web pages, exportable documents, and images.
Restrict the generation of public links to documents.
Restrict user login to whitelisted IP addresses.
Create share links that expire.
Force session timeouts.

Additionally, Enterprise Shield admins can:

Set sharing permission at the group level.
View revision histories for all documents on the account.
Create a document retention policy to delete documents automatically after a certain time period.
Apply legal holds to manage and preserve documents.
Use an API to search for all documents and folders on the account.

Why should you trust Lucid?

Security threats are constantly changing and evolving, which means every software is vulnerable to external and internal threats. Lucid acknowledges the element of unknown and embraces the process of proactively implementing security measures to create the safest possible environment for collaboration.

Lucid’s commitment to security is why some of the world's largest financial institutions trust us with their data.

You don’t have to take our word for it. In a 2023 commissioned Total Economic Impact™ study conducted by Forrester Consulting on behalf of Lucid, a technology strategy manager in the financial services industry said:

"The Lucid Suite came across as one of the most secure [solutions] in terms of controls [and] compliance, and we have a very heavy-handed assessment."

Our proactive approach and dedication to creating the safest environment possible for visual collaboration help us to build long-lasting relationships with our customers. You can rely on us to fuel secure collaboration and innovation for your teams.

See how Lucid can power secure collaboration for your organization.

About Lucid

Lucid Software is the leader in visual collaboration and work acceleration, helping teams see and build the future by turning ideas into reality. Its products include the Lucid Visual Collaboration Suite (Lucidchart and Lucidspark) and airfocus. The Lucid Visual Collaboration Suite, combined with powerful accelerators for cloud and process transformation, empowers organizations to streamline work, foster alignment, and drive business transformation at scale. airfocus, an AI-powered product management and roadmapping platform, extends these capabilities by helping teams prioritize work, define product strategy, and align execution with business goals. The most used work acceleration platform by the Fortune 500, Lucid's solutions are trusted by more than 100 million users across enterprises worldwide, including Google, GE, and NBC Universal. Lucid partners with leaders such as Google, Atlassian, and Microsoft, and has received numerous awards for its products, growth, and workplace culture.

Bring your bright ideas to life.

By registering, you agree to our Terms of Service and you acknowledge that you have read and understand our Privacy Policy.