diagrammingOpen app

Privacy Policy

Last updated 2026-05-28. This policy describes what data diagramming.dev (the "Service") collects about you, why, who else handles it, and the controls you have. Diagramming is an open-source developer tool maintained on GitHub.

What we collect

We collect (a) a GitHub identity (your numeric GitHub id, login handle, name, and primary email) when you sign in, (b) the diagrams you create or open in the editor (nodes, edges, comments, layout state), (c) operational logs from the API, realtime, and MCP services (timestamps, request paths, status codes), and (d) cookies and session identifiers required to keep you signed in. We do not load third-party analytics, tracking pixels, advertising scripts, or fingerprinting tools.

GitHub OAuth scopes

Signing in requests the scopes read:user and repo. read:user reads your public profile to populate your account. repo is required so the editor can open, commit, and write back .diagram files inside the repositories you choose to connect — without it, the GitHub-native side of the product cannot work. We never push to repositories you have not explicitly chosen, and we do not enumerate your repos in the background.

Cookies and sessions

We use first-party cookies issued by Auth.js v5 to track your signed-in session: the session-token cookie (authjs.session-token,__Secure--prefixed in production), a CSRF token, and an OAuth callback marker. All are HttpOnly, SameSite=Lax, and Secure on the apex domain. We do not set advertising or tracking cookies.

Sub-processors

Diagramming is hosted on a small set of well-known infrastructure providers, each bound by their own published privacy commitments: Netlify (web frontend at diagramming.dev), Railway (the API, realtime, and MCP services), Cloudflare R2 (object storage for exported images, if you export), and Resend (transactional email when you invite someone via a share link). The PostgreSQL database lives inside the same Railway project as the API. No third party receives a copy of your diagram contents.

Diagram storage and retention

Diagrams live in two places: the durable text snapshot in PostgreSQL, and a live CRDT document used for real-time collaboration via Yjs and Hocuspocus. Updates flow between the two on a short debounce so the next person to open the diagram picks up where the last person left off. When you delete a diagram, we soft-mark it for removal immediately; the row and its CRDT history are purged on the next cleanup cycle. If you sign in via GitHub but never create a diagram, we still retain your account row so that returning to the product later does not re-prompt OAuth needlessly.

Share links and grants

When you create a share link to one of your diagrams, the link carries a per-link permission (view, comment, or edit) and an opaque token. When someone signed in opens the link, we record a membership row tying their account to your diagram at the link's permission so the editor recognises them on subsequent visits. You can revoke individual memberships from the share modal.

Agent tokens (MCP)

You can mint scoped agent tokens for individual diagrams so that an AI coding agent (via our MCP server) can read or write that diagram on your behalf. Agent tokens are short-lived (≤ 14 days), revocable from the share modal's Agents tab, and carry no GitHub access — only the diagram-specific scope you choose.

Your rights

You can export every diagram you own as .diagram text or as PNG from the editor. You can delete any diagram from the diagrams list. To delete your account entirely, open an issue or email us using the contact below and we will remove your account row, your diagrams, and the encrypted copy of your GitHub access token (held at rest under AES-256-GCM). Where applicable laws give you stronger rights — for example, GDPR or CCPA — we honor them on the same channel.

Security

All traffic to diagramming.dev is HTTPS-only. Your stored GitHub access token is encrypted at rest. Inter-service traffic between the web app and the API is CORS-scoped and credentialed; the realtime WebSocket connection is auth-checked on every open. We do not log secret material, and our error pages never echo identifiers back to the requester unless you are signed in as their owner.

Children

The Service is not directed to children under 13.

Changes to this policy

We will note material changes here with a new "last updated" date and, for substantive changes, a notice in the product after you sign in.

Contact

Open an issue at github.com/memphyssk/diagramming/issues or email privacy@diagramming.dev.