Privacy Policy

This page contains information about the type of data collected and received through our website https://diagrams.app and related services (“Service”), and about how we use, share, retain and protect such data, as well as about the choices you have regarding that data. There is a separate privacy policy for our application available here.

Who We Are

The Service is provided by the German company Structured Path GmbH (“us,” “we,” or “our”), operating from Bergstraße 19, 01069 Dresden, Germany. We are the controller responsible for the processing of personal data through the Service with regard to  GDPR and CCPA compliance.

Information Collection and Use

We collect the necessary data in order to provide you with our Service, as well as to improve it. This data may contain certain personal information or personally identifiable information that can be used to contact or identify you (“Personal Data”).

Website Hosting

Squarespace. To host our website, we use the third-party service Squarespace (see Third Parties).

Squarespace collects Personal Data when you visit the website, including information about your browser, network and device, previously visited websites, and your IP address. Squarespace needs this data to run the website and to protect and improve its platform and services. Squarespace analyzes the data in a depersonalized form.

Squarespace uses cookies, which are small files or pieces of text that download to a device when you access our website. We leverage only the functional and required cookies, which allow Squarespace, our hosting platform, to serve our website to you securely.

For more information about how Squarespace uses data, visit https://www.squarespace.com/privacy.

Adobe Typekit. Our website uses font files from Adobe Typekit provided by Adobe (see Third Parties). To properly display our website to you, servers where the font files are stored may receive Personal Data about you, including information about your browser, network or device, and your IP address.

For more information about Adobe Typekit, see Adobe’s privacy policy at http://www.adobe.com/privacy/typekit.html.

Vimeo. Our website uses features provided by the Vimeo video portal (see Third Parties). If you visit one of our pages featuring an embedded video, a connection to the Vimeo servers is established. Vimeo then receives information about the visited page along with your IP address. This applies independently of whether or not you are logged into your Vimeo account. If you are logged into your Vimeo account, Vimeo allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your Vimeo account.

For more information about Vimeo, see Vimeo’s privacy policy at https://vimeo.com/privacy.

The legal basis for the processing of Personal Data for our website, the main part of our Service, is Art. 6 (1) (b) GDPR.

Website Analytics

We employ several third-party services to allow us to monitor and analyze web traffic, and to keep track of user behavior. See the list below for detailed information.

Google Analytics. Our website uses Google Analytics, a web analytics service operated by Google (see Third Parties).

Google Analytics uses cookies, meaning small files or pieces of text that download to your device, allowing your use of the site to be analysed. Among other things, a web analysis service collects data on which website you came from, which subpages of the website were accessed, and how often, when and for how long a subpage was viewed. This information is normally transmitted to a Google server in the USA and stored there. Google might transfer the Personal Data collected via this technical procedure to third parties.

Google Analytics cookies are stored based on Art. 6 (1) (f) GDPR. We, the operator of the website, have a legitimate interest in analyzing user behavior to optimize both our website and its advertising.

We have activated the IP anonymization feature on our website. Your IP address will be shortened by Google within the European Union and other areas party to the European Economic Area agreement prior to transmission to the United States. Only in exceptional cases will the full IP address be sent to a Google server in the US before being shortened. Google will use this information to evaluate your use of the website on our behalf, to compile reports on website activity, and to provide other services to us regarding website activity and Internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

You can prevent these cookies from being stored by selecting the appropriate settings in your browser. However, please note that if you do this, you may not be able to use all features of the website to the fullest extent possible. In addition, a cookie already set by Google Analytics can be deleted at any time via your Internet browser or using other software programs.

You can prevent the data generated by cookies about your use of the website (including your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing a browser plugin which informs Google Analytics via JavaScript that no data and information about website visits may be transmitted to Google Analytics. This browser plugin can be downloaded at https://tools.google.com/dlpage/gaoptout.

You can also prevent the collection of your data by Google Analytics by clicking on this link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site.

Our website uses Google Analytics’ demographic features. This allows reports to be generated containing statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This collected data cannot be traced or attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account, or you can forbid the collection of your data by Google Analytics as described in the section titled “Refusal of data collection.”

We have entered into an agreement with Google for the outsourcing of our data processing, and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Further information and Google’s applicable privacy regulations can be found at https://policies.google.com/privacy and https://marketingplatform.google.com/about. For a list of the cookies related to the Google Analytics service, please refer to https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage.

Google Tag Manager. Our website uses Google Tag Manager, an integrated snippet of code for tracking user behavior across our website operated by Google (see Third Parties). Google Tag Manager does not directly set any cookies or record any data, but rather triggers other services outlined in this document, which may in turn record data (e.g. Google Analytics).

For more information about Google Tag Manager, see its privacy policy at https://marketingplatform.google.com/about/analytics/tag-manager/use-policy.

Google Ads. Our website uses Google Ads, an online advertising program operated by Google (see Third Parties).

As part of Google Ads, we use the conversion tracking feature. When you click on an ad served by Google, a conversion tracking cookie is set that expires after 30 days and is not used for personal identification of the user. Should you visit certain pages of the website before the cookie expires, Google and the website can tell that a user clicked on the ad and proceeded to that page. 

Each Google Ads advertiser has a different cookie. Thus, cookies cannot be tracked using the website of a Google Ads advertiser. The information obtained using the conversion cookie is leveraged for creating conversion statistics for the Google Ads advertisers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, advertisers do not obtain any information that can be used to identify users personally.

If you do not wish to participate in tracking, you can opt out by disabling the Google Conversion Tracking cookie in your browser settings. You will then cease to be included in conversion tracking statistics.

Conversion cookies are stored based on Art. 6 (1) (f) GDPR. We, the operator of the website, have a legitimate interest in analyzing user behavior to optimize both our website and its advertising.

For more information about Google Ads and Google Conversion Tracking, see the Google Privacy Policy at https://policies.google.com/privacy.

Newsletter

To provide you with the newest information about our Service, we offer an email newsletter. You can subscribe to the newsletter with your email address through our website.

We use the service Squarespace Email Campaigns by Squarespace (see Third Parties) to manage our newsletter list, meaning that your email address is stored with this third party. Neither Squarespace nor we will ever sell or share your email address with any other party unless legally compelled to do so.

Squarespace is used for sending out emails on our behalf. Furthermore, it provides us with data concerning your email activity such as the place, date and time where and when you open our messages, the device type you are using, and your interactions with our messages such as clicking a link.

You can unsubscribe from our newsletter at any time by clicking on the unsubscribe link provided at the bottom of the email. You can also email us to unsubscribe or delete your email address completely.

The legal basis for the processing of Personal Data for our newsletter service is Art. 6 (1) (a) and Art. 7 GDPR.

Contact and Support Emails

Should you email us directly or via the contact form on our website, we will collect the data provided, including your contact details, in order to respond to your email and for necessary follow-ups. Email data is stored with our email hosting provider Blueboard (see Third Parties).

Additionally, all support inquiries, along with your contact information, are stored with Freshdesk, our helpdesk software operated by Freshworks (see Third Parties). Contact information includes your email address or Twitter handle depending on how the request is submitted, as well as your name if provided.

We will not share the data you enter into the contact form or send us via direct email with any other third party without your permission, and we will process it only with your consent per Art. 6 (1) (a) GDPR. You may revoke your consent at any time by sending us a request. The data processed before we receive your request may still be legally processed.

We will retain this data until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer applies (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.

You can find more information on Freshworks’ privacy policy at https://www.freshworks.com/privacy.

Beta Program

To test beta versions of Diagrams and discover bugs and issues early on in the development process, we run a Beta Program that you can voluntarily sign up for. Your name and email address entered in the signup form will be used for sending out invites and occasional emails regarding the Beta Program.

We use multiple services to manage our beta tester list. The raw data collected from the signup form is stored in Google Docs provided by Google Inc. After you sign up, we transfer your name and email address to Mailchimp, a service we use for keeping track of and emailing the beta testers. Finally, after we invite you to the Beta Program, your email address is entered into App Center, a service used for distributing beta versions. App Center sends an initial invitation email and notification emails every time a new beta version is released.

Your name and email address will be shared with these Third Parties (see Third Parties). Neither one of these Third Parties nor we will ever sell or share your name or email address with any other party unless legally compelled to do so.

You can find more information on Mailchimp’s privacy policy at https://mailchimp.com/legal/privacy.

If you do not wish to participate in the Beta Program anymore, you can either individually unsubscribe from the Mailchimp and App Center services or contact us to remove your data from each service involved, according to Art. 17 GDPR.

The legal basis for the processing of Personal Data for our Beta Program is Art. 6 (1) (a) and Art. 7 GDPR.

Third Parties

We make use of third-party companies and individuals to facilitate our Service, to provide the Service on our behalf, or to assist us in analyzing how our Service is used.

We share your information only with your explicit consent, or where permitted by data protection law. The information we share is limited to the data necessary for these third parties to provide their services, and they are obligated not to disclose or use it for any other purpose.

Adobe

Adobe Systems Software Ireland Limited
4-6 Riverwalk
Citywest Business Campus
Dublin 24
Ireland

Purpose: Fonts provider
Service: Adobe Typekit
Personal data: Tracking data
Place of processing: USA

Blueboard

Blueboard s.r.o.
Holzova 134
628 00 Brno
Czech Republic

Purpose: Email hosting
Personal data: Email traffic data
Place of processing: Czech Republic

Freshworks

Freshworks Inc.
2950 S. Delaware Street, Suite 201
San Mateo CA 94403
USA

Purpose: Help desk service
Service: Freshdesk
Personal data: Contact information and support inquiries
Place of processing: Germany

Google

Google Inc.
1600 Amphitheatre Parkway
Mountain View CA 94043
USA

Purpose: Analytics and conversion tracking services, beta tester information
Personal data: Analytics and tracking data, name and email addresses of beta testers
Place of processing: USA

Mailchimp

Rocket Science Group LLC
675 Ponce De Leon Ave NE
Suite 5000
Atlanta, GA 30308
USA

Purpose: Management of beta testers
Personal data: Names and email addresses
Place of processing: USA

Microsoft

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Purpose: Management of beta testers
Service: App Center
Personal data: Names and email addresses
Place of processing: USA

Squarespace

Squarespace, Inc.
8 Clarkson St,
New York 
NY 10014 
USA

Purpose: Website hosting and email marketing service
Personal data: Tracking data and email addresses
Place of processing: USA

Vimeo

Vimeo Inc.
555 West 18th St.
New York City, New York, 10011
USA

Purpose: Video hosting service
Personal data: Tracking data
Place of processing: USA

Data Transfer and Security

Your information, including Personal Data, may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

If you are located outside of Germany and choose to provide information to us, please note that we transfer all data, including Personal Data, to Germany and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

We take the protection of your Personal Data very seriously and will take all steps reasonably deemed necessary to ensure that it is treated securely and in accordance with this Privacy Policy. We disclose and transfer your Personal Data only to the Third Parties listed in this Privacy Policy. We will not transfer your Personal Data to an organization or a country unless there are adequate controls in place, including the security of your Personal Data.

Data Disclosure

We may disclose your Personal Data in the good faith belief that such action is necessary:

  • to comply with a legal obligation;

  • to protect and defend the rights or property of Structured Path GmbH;

  • to prevent or investigate possible wrongdoing in connection with the Service;

  • to protect the personal safety of users of the Service or of the public;

  • or to protect against legal liability.

Children’s Privacy

Our Service does not address anyone under the age of 18 ("Children"). We do not knowingly collect Personal Data from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verification of parental consent, we will take steps to remove that information from our servers.

Your Rights in Fulfillment of the GDPR

Right to Disclosure. You have the right to ask for confirmation as to whether your data is being processed, and you have the right to access this and further information, as well as a copy of the data in accordance with Article 15.

Right to Rectification. In accordance with Article 16, you have the right to ask for the completion or correction of data concerning you.

Right to Delete. In accordance with Article 17, you have the right to request that the data in question be deleted without delay or, alternatively, to require a restriction on the processing of data in accordance with Article 18.

Right to Restriction of Processing. Under certain conditions, which are regulated in Article 18, you have the right to restrict the processing of your Personal Data. Requirements are, e.g., the omission of the necessity of the data for the original purpose or if there is reasonable doubt as to the accuracy of this data in our processing. While the processing is restricted in accordance with Article 18, the data in question may be processed only with your consent or in connection with legal proceedings, except for its storage.

Right to Data Portability. You have the right to request all data you provided to us in common, machine-readable formats in accordance with Article 20. We will provide you with instructions to obtain your data in cases where we do not have direct access to the requested data.

Complaint Law. According to Article 77, everyone has the right to lodge a complaint with the competent supervisory authority.

Right to Withdrawal. You have the right to revoke granted consent under Article 7 (3) with effect for the future.

Right of Opposition. Article 6 (1) (e) or (f) formulates the lawfulness of data processing without the explicit consent of the data subject. You have the right to object at any time to any such processing of your data in accordance with Article 21 in the future. The objection may, in particular, be made against processing for direct marketing purposes.

In this context, we explicitly document that we do not perform any data processing for the purpose of profiling users or for the purpose of automated decision-making.

Your Rights in Fulfillment of the CCPA

The California Consumer Privacy Act (“CCPA”) provides consumers with specific rights regarding their Personal Data. You have the right to request that we disclose certain information to you about our collection and use of your Personal Data over the past 12 months. In addition, you have the right to request that we delete Personal Data collected from you.

We do not sell your Personal Data and will not discriminate against you for exercising a CCPA right.

In compliance with California law, should you choose to exercise your applicable CCPA rights, we will not charge you different prices or provide you a different quality of service. If we ever offer a financial incentive or product enhancement that is contingent upon you providing your Personal Data, we will not do so unless the benefits to you are reasonably related to the value of the Personal Data that you provide to us.

Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy of our Service at any time. Changes and clarifications will take effect immediately upon posting on the website. You are advised to review this Privacy Policy periodically for any changes.

In case we make material changes to the Privacy Policy, we will notify you here and via the email newsletter that it has been updated so that you are aware of what information we collect, how we use it, and under what circumstances we disclose it.

Contact Us

If you have any questions about this Privacy Policy, please contact us by email at mail@diagrams.app. Our further contact details can be found in the Legal Notice.

Last updated: March 11, 2021