Powered by Perforce
Gliffy is owned by Perforce, a longstanding and trusted name in the software industry. Perforce is committed to ensuring data security for customers across all its product offerings, including Gliffy, so you can rest assured that the information contained within your diagrams is safe and secure.
To learn more about Perforce’s data security standards and practices, visit the official Perforce site:
ISO 42001 Certified & SOC 2 Compliant
Gliffy was among the first apps to earn Atlassian’s Cloud Fortified status and achieve ISO 42001 certification—one of the world’s first international standards for responsible AI management. In addition, our Cloud apps are SOC 2 Type II compliant, underscoring our ongoing commitment to enterprise‑grade security and trust.
These credentials demonstrate our ability to meet enterprise-level standards for reliability, support, and security (including control implementation and validation, risk assessment, testing, and more).
Led by CISO Aaron Kiemele
As the guide for the ongoing maturation of the information security program, Aaron Kiemele is the Chief Information Security Officer (CISO) at Perforce Software. With a technical foundation, Aaron approaches managing an information security program through a foundation of practical, actionable approaches to protecting the confidentiality, integrity, and availability of systems, networks, services, and data.
Aaron’s experience ranges from network engineering to executive leadership roles — including CTO and CISO — with highly regulated industries, which includes healthcare, government, defense, and payment/finance.
With a “Secure by Design and Compliant by Default” approach, Aaron and his team guides the diverse Perforce product lines through their compliance and regulatory obligations. This work is performed with the help of designated liaisons each time, acting as subject matter experts and points of contact to provide tactical support.
Gliffy for Security-Focused Teams
While all Gliffy's Atlassian apps are secure and supported, we offer Gliffy Diagrams | Zero Egress & Isolated Cloud-Ready as a Cloud option specifically for teams working in regulated industries. Gliffy Zero Egress ensures no diagram data ever leaves your Atlassian environment and maintains ITAR, GDPR, HIPAA, and SOC 2 compliance.
Our Data & Security Practices
Personal Information
Personal information (billing information) is not stored within Gliffy, and we do not sell or share your personal information.
Diagram Data
Diagram data stored in Confluence or Jira is covered by Atlassian’s privacy policy. Gliffy’s web-based application, Gliffy Online, does not store diagram data on local devices or Gliffy servers.
Bug Bounty Program
Gliffy participates in the Atlassian Marketplace’s Bug Bounty Program, allowing security researchers to test the application for vulnerabilities and report any vulnerabilities discovered.
Error Capture & Reporting
In the event of an error condition, the information collected for troubleshooting does not contain personal information or complete diagram data.
Encryption
All customer data is encrypted using HTTPS over Transport Layer Security (TLS) 1.2 or higher. All document content is encrypted at rest with AES-256. The encryption is transparent; keys are managed by our cloud infrastructure provider.
Business Continuity Plan
Gliffy is aligned with Perforce Software’s Business Continuity Plan to manage and minimize the effects of unplanned disruptive events (cyber, physical, or natural).
Gliffy Online
Hosted Security
Gliffy Online servers and customer data are hosted on Amazon Web Services (AWS). Information about AWS Security can be found on the official AWS site.
Backups & Reliability
AWS services are used for daily backups. All our systems are fully redundant and clustered, and Disaster Recovery testing is periodically performed to ensure operations are restored in a timely manner.
Payment Information
All payments made for Gliffy Online use Stripe (PCI Certified). For additional information, please visit Stripe’s privacy page. No credit card data or payment related information is stored on Gliffy systems.