Lucid security

We are dedicated to keeping your data private, safe, and secure across Lucidchart, Lucidspark, and Lucidscale.

Contact sales

Table of Contents

Get the answers you needLucid’s approach to securityPrivacySecurity practicesCompliance certificationsSecurity and availabilityVisibility and controlVulnerability disclosureEnterprise Shield security add-onAI in Lucid

Get the answers you need

Lucid maintains up-to-date security documentation, certifications, and answers to commonly asked questions in our trust center so you can get answers to your security questions in an instant. Our trust center includes our SOC 2, CAIQ, and SIG documentation, in addition to 30+ more documents.

Access the trust center

Lucid’s approach to security

Lucid recognizes that your data is a valuable asset that must be protected. Read our white paper for more details about how our security policies, practices, and procedures safeguard customer data in Lucidchart, Lucidspark, and Lucidscale.

Privacy

Lucid claims no ownership over any document data. You retain all intellectual property and other rights to your documents and the information contained therein. We respect your privacy and will never make your documents publicly available without permission.

To ensure the privacy of your information, all data is transferred between user devices and Lucid servers using up to 256-bit encrypted connection via TLS 1.2 and a world-class certificate provider. Lucid also employs encryption at rest (AES-256) to protect the secrecy of all data persisted by the application. The cryptographic keys used to secure Lucid are protected by Amazon’s Key Management Services.

Lucid is committed to CCPA and GDPR compliance and ensures that it uses an approved framework (e.g., Standard Contractual Clauses or the EU-U.S. Data Privacy Framework) to transfer customers’ personal data from the EEA, UK, or Switzerland to the U.S. In addition, all of Lucid’s sub-processors utilize either the Data Privacy Framework, SCCs or Binding Corporate Rules to transfer personal data from the EEA, UK, or Switzerland to the US and Lucid is also ISO 27701 certified.

For more information, see these resources:

  • Privacy Policy
  • Terms of Service
  • Data Processing Addendum (for Enterprise customers)
  • FAQ

Security practices

We know that cloud storage requires extra effort to protect your data. Lucidscale security includes processes to keep your data secure and accessible to the right people. We use best practices for security for all three cloud providers that integrate with Lucidscale: AWS, Azure, and GCP. 

Learn more about third-party access, permissions, user IDs, and storage practices for AWS, Azure, and GCP data.

Compliance certifications

Lucid complies with applicable local and international requirements and maintains compliance certifications, including:

Security and availability

Security for your data is one of our top priorities, and we have a team dedicated to securing Lucid’s systems, processes, and controls. Lucid is powered by Amazon Web Services (AWS), the industry’s leading provider of secure computing infrastructure.
We choose AWS because of their stringent security measures, which include: 

  • SOC 2 audits  
  • Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS)
  • ISO 27001 certification    
  • U.S. General Services Administration FISMA-Moderate level operation authorization
  • FedRAMP Authorized at the Moderate security impact level

To learn more about the security procedures employed by AWS, please review their security documentation and compliance documentation.

You can securely access Lucid products at any time and from any device or location. Lucid offers a 99.9% uptime guarantee to enterprise customers. We do this by replicating documents, account information, access control lists, and other persistent data across multiple availability zones using industry-standard database management systems, and failover solutions.

Visibility and control

Lucid enterprise features allow you to maintain governance of your accounts so you can better adhere to compliance requirements. These features include document sharing restrictions, allowed IP restrictions, and allowed domains. 

We follow security best practices and protect your data by using the principle of least privilege access. A simple role-based permissions system allows administrators to manage access to documents owned by the account. The account management tools allow account and team admins to integrate with their identity management platform and control collaboration settings.

Vulnerability disclosure

Lucid enables third-party researchers to find and report security bugs in our products through our bug bounty program, hosted by HackerOne. If you would like to join our program, please send your HackerOne username to security@lucid.co.

If you believe you have found a security bug in our products, you are also welcome to send the details directly to security@lucid.co rather than making your report through HackerOne. However, bounties will only be awarded through our HackerOne program.

Enterprise Shield security add-on

Enterprise Shield is Lucid’s security add-on for Enterprise and FedRAMP Authorized accounts. It adds an enhanced layer of fortified security and granular control to Lucid’s already highly secure platform.

With Enterprise Shield, admins get advanced capabilities designed to protect sensitive data, control content access, and enhance compliance.

Learn more about Enterprise Shield

AI in Lucid

Lucid is committed to the security of AI in our platform. AI capabilities are optional, and users are free to stop using them at any time. Lucid generative AI features utilize the Microsoft Azure OpenAI Service. Lucid’s collaboration with Microsoft Azure OpenAI Service entails storing generative AI inputs and outputs for a limited duration, ensuring functionality and compliance while prioritizing user privacy.

Customer data is not used to train any generative AI models available to third parties. Lucid stores anonymized and redacted prompts and responses for its own internal error handling and analysis, ensuring there is no direct connection to individual Lucid users or documents. Both Lucid and Microsoft adhere to stringent policies that segregate user data from model training processes, ensuring customer data remains a standalone entity used solely for its intended purpose and maintaining a high standard of user privacy and data confidentiality.

Learn more about AI privacy and security

Resources

Lucid security white paper

Lucid AI security white paper

Lucid KMS white paper

Securely collaborate with your team anytime, anywhere

Contact sales

Solutions

  • Digital transformation
  • Cloud migration
  • New product development
  • Efficiency through AI
  • View more

Resources

  • Customers
  • Developers
  • Security
  • Support
  • Training labs
  • User community
  • Partners
  • Newsletter
PrivacyLegalCookie privacy choicesCookie policy
  • linkedin
  • twitter
  • instagram
  • facebook
  • youtube
  • glassdoor
  • tiktok

© 2024 Lucid Software Inc.