Trust center
Security & compliance
We built Modudraft with a privacy-first stance from day one. Here's exactly what we collect, where it lives, and who can see it.
What we store
Anonymous / Free users
- Diagrams stored only in your browser's localStorage
- No account, no server storage
- Anonymous analytics events (page views, feature usage) — no PII
- Anonymized via Umami (GDPR-compliant, no cookie tracking)
Registered users (Pro / Team)
- Email address (for auth + billing)
- Diagram data (JSON) stored in encrypted database
- OAuth tokens for social login (Google, GitHub, Microsoft) — never your password
- No payment data stored by us — Stripe handles billing
Infrastructure
Service Provider Purpose
Web app Cloudflare Pages Serving the canvas application
API Cloudflare Workers Authentication, diagram sync
Database Neon (Postgres) User accounts and diagram metadata
File storage Cloudflare R2 Large diagram data (upcoming)
Analytics Umami Cloud Anonymized usage metrics — no PII, no cookies
Auth Better Auth (self-hosted) Session management on our infrastructure
All infrastructure is hosted in the US (Cloudflare) and EU-West (Neon). Data at rest is encrypted. Data in transit is encrypted with TLS 1.3.
Your data rights
Export
Download all your diagrams at any time from Account → Export data.
Delete account
Permanently delete your account and all associated data from Account → Delete account.
Access request
Email [email protected] for a full data export or GDPR subject access request.
Compliance
- GDPR — we process minimal data, honor erasure requests, and our analytics provider (Umami) is cookieless and GDPR-compliant.
- CCPA — we do not sell personal data to third parties.
- SOC 2 — not yet certified. In progress for Team plan.
Questions about security or a vulnerability to report?
[email protected]