diagram2codePrivacy Policy
Last updated: April 2, 2026
1. Overview
Diagram2Code ("we", "us", "the Service") is a developer tool that converts entity-relationship diagrams into SQL DDL and ORM model code. This Privacy Policy explains what data we collect, why we collect it, and how we handle it. We are committed to collecting the minimum data necessary to operate the Service.
2. Diagram Data
We do not store your diagrams. When you submit a diagram for conversion, it is processed in server memory to produce the output and then discarded. Diagram content is never written to a database, persisted to disk, included in logs, or used for any purpose other than generating the requested output.
The same applies to diagrams submitted through the REST API: each request is stateless, and diagram text is not retained after the response is sent.
3. Data We Collect
3.1 Server Logs
Our web server produces standard access logs containing the following fields for each request:
- Timestamp
- HTTP method and path (e.g.,
POST /api/v1/convert/sql) - HTTP response status code
- Response size in bytes
- Request latency in milliseconds
- IP address (anonymised to /24 subnet for IPv4 after 24 hours)
Request bodies are never written to logs. Log data is retained for a maximum of 30 days and used solely for debugging, abuse detection, and service reliability.
3.2 Rate-Limit and Quota Counters
To enforce rate limits and monthly conversion quotas, we maintain counters in Redis. These counters are keyed to your anonymised IP address. They contain no personal information and expire automatically.
3.3 Analytics
We use privacy-friendly, cookie-free analytics to measure aggregate traffic patterns (page views, referrer domains, country-level geolocation). No personal identifiers are tracked. Individual sessions are not tracked across page loads. We do not use Google Analytics or Facebook Pixel.
4. Cookies
The Diagram2Code web UI sets one first-party cookie: d2c-theme, which stores your light/dark mode preference. It contains no personal data and is not used for tracking. No third-party cookies are set.
5. Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Mermaid.js (CDN) | Live diagram preview (client-side only) | None — loaded from your browser |
| jsDelivr CDN | Delivers the Mermaid.js script | Your IP address (standard CDN request) |
We do not sell, rent, or share personal data with any other third parties.
6. Data Retention
- Diagram content: Not retained (processed in-memory only)
- Server logs: 30 days, then deleted
- Rate-limit counters: Expire automatically at the end of each rate-limit window
7. Your Rights
Depending on your jurisdiction, you may have the right to access, correct, export, or delete the personal data we hold about you. To exercise any of these rights, contact us. We will respond within 30 days.
If you are located in the European Economic Area, you have rights under the GDPR. If you are a California resident, you have rights under the CCPA. These rights include the right to know what data we collect, the right to deletion, and the right to opt out of sale (we do not sell data).
8. Security
All traffic between your browser and our servers is encrypted via TLS 1.2+. We follow security best practices including regular dependency audits, least-privilege server configuration, and automatic OS patching.
9. Children's Privacy
The Service is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has submitted personal data to us, contact us and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. Continued use of the Service after the update constitutes acceptance of the revised policy.
11. Contact
Questions about this Privacy Policy? Use our contact form or open an issue on GitHub.