Privacy Policy


Our goal is to provide a safe and friendly tool and the environment with you to ensure your productivity at work. And we also take seriously the respect and protection of your privacy and security. As such, we are committed to pursuing and consecutively evolving best practices to support this principle. 


Be aware that you have your right not to use our Product and Services if you do not agree with this policy. This also means that you will agree with this policy and our Terms of services if you click on the checkbox to agree on our Privacy Policy and Terms of Services while signing up and continue to access and use our Product and Services.


What Information We Collect

The types of information we collect from you depend on how you use the Services, what Services you use, and what information you select to provide or make available to us. Your information is collected when you:


- Create or register an account, and when you administer your account
- Input information or data into any of our Services, or post or upload Content to our Services
- Submit your concerns, questions, requests, and other communications to us via forms, email, or other social media channels
- Contact us for support or to report a problem or concern
- Access all our websites or download our apps
- Integrate third-party products and services that contain your information and data with your UpDiagram account
- Take part in any promotions, demonstrations, contests, surveys, or other marketing events
- Interact with other UpDiagram users and guests on our community forums


User information

Your certain "personal information", such as your name, email address, gender, postal address and phone number. Also, we may collect your payment information, including payment method, credit card info, and your contact (name and postal address) which associate with your billing information, when you decide to use our payment services. If you are an end-user of an account created on your behalf by an UpDiagram customer (such as a manager of the organization or another individual), we may collect and process Customer Information about you on behalf of the UpDiagram customer with whom your use of the Services is associated.

Also, we can collect your information when you create your using third-party service (e.g: Google or other third-party services). If you access UpDiagram throughout the third-party services, we may collect data from the platform you use including your username, your name, profile picture, account ID number, login email address, location, the physical location of your access devices, gender and birthday. The information we receive depends on what information you (via your privacy settings) or the platform or service decide to give us.

UpDiagram services allow you to integrate third-party products and services to activate features and import content that meet your requirements. For instance, you can link or integrate your excel files to generate and import existing content in UpDiagram from information that contained in your files or you can integrate Slack, a workplace communication tool. When you decide to integrate the third-party products and services, you will be asked to create an account from the service provider or associate your existing account from that service provider (and, by doing so, agree to the privacy policy and/or terms and conditions of that third-party service provider). You may also be asked to empower UpDiagram to collect information from the third-party service provider on your behalf. Then, we can collect your username or user ID associated with that service provider to activate the Services to access your data and content from that third-party service provider. When completed, we are able to access the information you directly provide to us or was otherwise collected by the third-party service in accordance with the privacy practices of that third-party service. We will store the information and data we collect and link it with UpDiagram account and only use it to activate the integration of Services with third-party service providers and to perform actions requested or initiated by you, or that are reasonably necessary to carry out instructions provided by you.



This “Content” includes any information about you that you may choose to post, send, receive, and share. For instance, we collect the “Content” including the information and data you input to the project in UpDiagram (name, description, requirement, members, comments, and any of the relevant content in your project). Your Content also includes images, documents, files, and links you upload in UpDiagram. All information you provide us from any of our websites, support channels and our apps are also collected. You (and anyone who can interact with your use of the UpDiagram Products) can upload any information, data, content, material and you completely control and be responsible for the nature of the Content you upload. Our collection, use, and disclosure practices with respect to Content are separate from those with respect to other sorts of information we collect, including Customer Information. As mentioned above, we may also upload Content automatically with your approval from third-party service providers (such as name or user ID from your Google account).


Device, Connection and Location Information 

When you access to our websites, support channels or our apps, we may collect information about your devices (including computers, phones, tablets, or other ones) and other information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifier and crash data. This device information also includes your connection type and settings when you install, access, update or use our Services. IP address and/or country preference may be used to identify your location to provide you with better Service experience (such as languages and email marketing). Your device information can be limited to collect due to your type and settings of the device you use to access. Server and data center Service administrators can disable collection of this information via the administrator settings or prevent this information from being shared with us by blocking transmission at the local network level.


Cookies and Other Tracking Technologies 

UpDiagram and our third-party partners, including our advertising and analytics partners, use cookies and other tracking technologies (e.g., pixels from Facebook, Google Analytics) to provide functionality and to recognize you across different Services and devices.

We and third parties may use cookies, pixel tags, local storage, and other technologies to automatically collect information and provide content, advertising, or other functionality on the Services. Our uses of these tracking technologies fall into the following general categories:

1/ Strictly necessary: These cookies and other technologies are used to enable the Services to provide the feature you have requested, including identifying regular site behavior and remembering your current login.

2/ For functionality: These cookies are essential to track and remember choices to provide appropriate experience with your selection and to make your use of the Services more tailored.

3/ For performance and analytics: These cookies support collecting information on performance of Services we provide to enhance its quality and operation such as navigation, user experience, and marketing campaigns. This includes statistics from Google Analytics to identify how long the visitors stay as long on our homepage or how many times visitors click on our Call-to-action button. 

4/ Advertising or Targeting Related: our third-party partner can use cookies that collect your browsing habit or your current sites you have visited to deliver content, including ads relevant to your interests, on our Services or on third party sites.


How can you opt-out? 

If you would prefer not to accept cookies or wish to opt-out of our use of cookies, you can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from websites you visit. 

Use these links to find out more information about cookie settings for these common browsers:

  1. Internet Explorer
  2. Firefox
  3. Chrome
  4. Safari

If you do not accept cookies, however, disabling cookies may limit your ability to use the full functionality of  the Services.

You can manage to eliminate the HTML5 local storage objects from the management tools of some browsers. To disable the local shared object or flash player, please refer to this link. If you want to learn about advertising networks and how to disable this sharing information, you can refer to this link. You also have additional information about advertising networks and online behavioral advertising here: Browser check.

You will not be able to opt out of any cookies or other technologies that are “strictly necessary” for the Services.

This Cookies & Tracking Notice may be updated from time to time. We will notify you when we have any changes and updates via email.

If you have any questions about cookies and other technology tracking and how we use cookies that we are missing in this privacy policy, please contact us at


What do we use your data for

We use your information we collect for a variety of purposes and it also depends on what we collect from you. This information may be used to communicate with you, troubleshoot issues, secure against fraud and abuse, improve and update our Services, analyze how people use our Services, serve personalized advertising, and as required by law or necessary for safety and integrity.


For providing service and personalizing your experience

We use your information we collect to define and personalize the suitable services to you including processing transactions with you, activating your account/projects, supporting your use, operating, maintaining and enhancing the Services. We also use your domain email in order to figure out your affiliation with an organization or industry to personalize the content, experience and offer you receive from emails. For instance, we may send emails and suggest relevant project templates based on your industry background from your information profile or we may ask you for a special offer if you are into the discount campaign from us for your particular organization. To opt-out of this personalization, please contact


For research and development

We collect statistics and performance of the website (including users' feedback) to diagnose, identify and troubleshoot what we should do to make UpDiagram have always been up-to-date, smart, useful and suitable for every user. For instance, we collect feedback from users to estimate how good the UI/UX of UpDiagram Scrum view satisfies most of users’ needs. In contrast, we can collect performance from Analytics to read the trends, activity patterns, usage, and areas for integration from users to understand the market insight and what we need to focus on to enhance our Services. Besides, we select appropriate users through the information you provide and your uses with our Services to send new test new features and analyze their productivity with some users before rolling the feature out to all users. 


For Communication

We use your contact information (you provide us by signing up or you send messages from support channel) to directly communicate with you via email. The conversation includes the purposes of asking for feedback, announcing the new update of products and services, new discount campaigns, reminding events, confirming purchases, responding to your comments, questions and requests, and providing other customer support services.


Besides, when you enable the email notification in UpDiagram, we can send email notification if you and your team interact with you on the product and services. For instance, we will send you email notifications when your member makes changes on the project you are the owner or assigned. In addition, we send you promotional messages when you are onboard to a particular Service to facilitate your usage process. This kind of communication is not disabled for now. We will send you a notification if we find out the solution to help you opt-out of this communication.


To marketing our product and services

We also use your contact information to send communication for purposes of marketing and promotion. These promotional communications which may be of specific interest to you can be sent through email and our ads on other websites. In particular, the content of the email for marketing purposes includes new features, surveys, newsletters, and events. We also communicate with you about new Services, product offers, promotions, and contests that are permitted by applicable law. If you are concerned about how to opt-out this personal information used for marketing purposes, you can email us via or opt-out to receive a marketing email from us.


Customer support

We use information you provide to fix bugs or solve technical issues. It is also used to respond and assist your requests. In case of support needed from a third-party partner, we will share your information when we can get your permission to do that to satisfy your need but guarantee the quality of products and security.


General Security

We use the information you provide to verify an account, detect your activities, and prevent potential or actual security incidents. We also use that information to monitor and respond to protect against deceptive, sensitive, fraudulent, or illegal activity that violates the UpDiagram Term of services and legislation concerns.


Protect our business legislation of interests and rights

We use the information you provide to estimate and connect with legal claims, compliance, regulations to protect our legal interests and rights.


Your approval

We use the information you provide for specific purposes (not listed above) when we get your approval. To be specific, we may ask your permission to publish testimonials about your stories or your special cases for marketing purposes or product instruction.


Legal bases for processing (for EEA users)

We also provide Services following the legal bases under applicable EU laws that are appropriate for individuals in the European Economic Area (EEA). We will collect your information when we need your information and data to provide our Services and Product such as detecting issues, providing personal features, customer support, and guaranteeing the security of the Services. The information we collect satisfies the business legislation of interest and right, but we do not override your data protection interests. For instance, we collect your feedback to do research and develop our Services and product to keep it friendly and up-to-date, or we use the information for marketing purposes. We also collect information for specific purposes if you give us consent to do so. We process your data to comply with legal obligations as well. 


You have the right to change not to provide or let us use your information for a specific purpose later, but this will not affect any processing that has already taken place. You also have the right to disapprove that we or the third party cannot use your information for those services. However, if you refuse to let us use your information where we or a third party have a legitimate interest to do so, this means you are no longer using the Service in some cases.

How we share your data

We only share your information when you give us consent for a specific purpose or you ask us to do so. For instance, you agree to share your project template with the public after transferring your real data into sample one.


- We provide the vendors with the aspects of the Services including hosting, data storage, and payment processing.
- You have requested to integrate or link your account with third-party service providers to activate specific features or functionalities of Services. 
- We need support from the third-party for organizing marketing campaigns including advertising, email marketing, researching and analyzing market and analytics. For instance, we may add your email address in the email marketing providers to conduct our email campaigns to announce the promotion, feedback, new update from our Services.
- We need to provide the information that complies with applicable law such as government requests, law enforcement and to protect the right, interests, privacy, and security of both you, us, and others.
- We may share your data in necessary cases of reorganization, merger, joint venture, transfer, assignment or other disposition of UpDiagram.
- And we can share information for business legislation purposes which does not conflict with the statements made in Privacy Policy.


For collaboration: You can create content, which may contain information about you, and grant permission to others to see, share, edit, copy and download that content based on settings you or your administrator (if applicable) select. Some of the collaboration features of the Services display some or all of your profile information to other Service users when you share or interact with specific content.  For example, when you comment on an UpDiagram project, we display your profile picture and name next to your comments so that other users with access to your profile to understand who made the comment. Similarly, when you are assigned to a task on an UpDiagram project, your name and avatar will be displayed to the whole team in your projects. Every activity you have done during the project will be saved in the history of the project.


Managed accounts and administrators: If you register or access the Services using an email address with a domain that is owned by your employer or organization or associate that email address with your existing account, and such organization wishes to establish an account or site, certain information about you including your name, profile picture, contact info, content and past use of your account may become accessible to that organization’s administrator and other Service users sharing the same domain.  If you are an administrator for a particular site or group of users within the Services, we may share your contact information with current or past Service users, for the purpose of facilitating Service-related requests.


How to store your information

Information storage and security

We store the information with standard technical measures to secure the information we store to fulfill all the purposes mentioned above, without violating applicable laws.


How long we keep information

How long we keep information we collect about you depends on the type of information, as described in further detail below.  After such time, we will either delete or de-identify your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.  


Account information

We retain your information as long as your account is active or your account is de-active after the reasonable period and in case you need to reactivate from your requests.  If you decide to totally erase your account and all relevant information you provide, we will permanently delete your account. However, we will store some of the information for necessary and legal purposes including enforcing agreements, resolving disputes, developing, enhancing Services, and complying with legal obligations. The information we retain does not include what to directly identify and characterize you. We store what we use to analyze performance insight into the use of Services. 


Information you share on the Services: Besides, some of the information and content you provide will remain to allow your team in projects you used to associate or own them if your account is disabled or deleted. For instance, your messages/comments on the items or images you upload in the projects will be stored so that your team can keep track of the progress of work, but the information to characterize and identify you is deleted.


Managed accounts: If the Services are made available to you through an organization (e.g., your organization admins, employers), we retain your information as long as required by the administrator of your account.  For more information, see "Managed accounts and administrators" above.


Marketing information: If you have elected to receive marketing emails from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our Services, such as when you last opened an email from us or ceased using your UpDiagram account. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.


Delete your UpDiagram account

For more information, please review this Deletion policy


How to secure your information

We implement standard technical and organizational measures to retain and ensure security for your information we collect. However, there is no impenetrable system because of the inherent nature of the Internet. This means there is no system that can 100% protect your information not to being lost, disclosed, or accessed. If you have any concerns about your information security or believe it may not be under safety, you can contact us at


If you use our server or data center Services, responsibility for securing storage and access to the information you put into the Services rests with you and not UpDiagram. We strongly recommend that server or data center users configure SSL to prevent interception of information transmitted over networks and to restrict access to the databases and other storage points used.


How to access and manage your information

When you decide to use UpDiagram and provide your information for us, you also have the right to manage your own information as well.


If you need to manage your information, you can send us your request to:

- Make a copy of the information or obtain access to it
- Ask to confirm your information
- Receive an electronic copy of the personal information you provide
- Request to send your information to another company
- Seek correction of inaccurate, untrue, incomplete, or improperly processed personal information
- Refuse to UpDiagram’s use of your data and information (including marketing purposes) or withdraw your consent
- Ask to disable, restrict or permanently delete your information
- And other requests that do not violate applicable laws and our rights and interests.


Your request is limited in certain cases. For instance, you cannot request us to reveal or disclose some personal information about another person, including that person is your team member and your employee. Also, you cannot ask us or your administrator to delete information that we are permitted by the applicable laws or have legitimate interests to store your information. If you have requested us to send your information to third parties, such as installing your favorite apps, you need to contact the third-party service providers to delete your information. If there are any unresolved concerns, you have the right to ask for help from a data protection authority in your country.


Updating your information: you are able to access your personal information and update it within your General Information Profile settings. If you need to change some information that is not available to update directly on your account, you can contact us for support via For instance, you are signing up your account under, and you need to update your email account to, we can process your request and update your new email account.


Deactivating or deleting your account: You can request us to deactivate or delete your account if you do not desire to continue to use our Service for a while or permanently. If you wish to do so, please contact us via for support. In contrast, your information that is permitted by applicable laws to retain and what you upload in your project is not deleted.


Cleaning your information: You also can ask us to delete your personal information about you. For instance, if you have uploaded your Drive account information in the privacy comment to help you easily access your account during using our Services, we will support deleting that kind of information. However, some of the information such as images, documents that are under your organization’s control will not be deleted due to your project’s administrator agreement. This may be retained for recording purposes, keeping the work progress of your team members, completing transactions, or complying with the legal obligations.


Stopping using your information: You can request us to stop using your information if you believe we have no right to do so or you want to withdraw your consent to let us use your information via For instance, you can ask us to delete your account and personal information permanently when you have no need to use our Services anymore. However, the only information that can be used to identify or characterize you and will not affect any processing that has already taken place at the time is deleted (this is mentioned above with the example at Legal bases for processing for EEA users). You also make a request not to use your information for marketing purposes. Be aware of that, it takes time for us to process your request. If there is a delay or dispute as to whether we have the right to continue using your information, we will restrict any further use of your information until the request is honored.


“Do Not Track” (DNT): DNT is the feature that is available in some browsers to send a signal to websites you visit not to track your information. Our Services have not responded to the DNT signals yet. Any update about this information will be updated and published to you and all users when it is ready. 


Opt out of communications: You may opt out of receiving promotional communications from us by using the unsubscribe link within each email, updating your email preferences within your Service account settings menu, or by contacting us to have your contact information removed from our promotional email list or registration database.  Even after you opt out from receiving promotional messages from us, you will continue to receive transactional messages from us regarding our Services. You can opt out of some notification messages in your account settings. Please note, you will continue to receive generic ads.


Data portability: Data portability is the ability to obtain some of your information in a format you can move from one service provider to another (for instance, when you transfer your mobile phone number to another carrier).  Depending on the context, this applies to some of your information, but not to all of your information.  Should you request it, we will provide you with an electronic file of your basic account information and the information you create on the spaces under your sole control.


Turn off Cookie Controls: For more information, see "Cookies and Other Tracking Technologies" above.


International Transfers

We collect information globally and may transfer, process and store your information outside of your country of residence, to wherever we or our third-party service providers operate for the purpose of providing you the Services.  Whenever we transfer your information, we take steps to protect it. 

We also process some personal information that European Union users provide us following the data processing agreements that include the EU Standard Contractual Clauses (SCC). Please contact us at for more information.


International transfers to third parties: Some of the third parties described in this privacy policy, which provide services to us under contract, are based in other countries that may not have equivalent privacy and data protection laws to the country in which you reside. When we share information of customers in the European Economic Area, the UK, or Switzerland, we make use of the European Commission-approved standard contractual data protection clauses, binding corporate rules for transfers to data processors, or other appropriate legal mechanisms to safeguard the transfer.

Policy towards children

We are not directed to children under the age of 16 (or others as limited by local law). We do not knowingly collect personal information from children under 16. We will take steps to delete such information if we know the information we collect from individuals under 16. We may accept not to delete children’s information if their local authority does not restrict the age of users to collect information and we get their parents or legal guardian agreement. If there are any concerns about children’s information or believe your children provide us their information, please contact us at


Users in California

Users who are California residents have certain rights under the California Consumer Privacy Act, (“CCPA”). If you are an eligible California user, included in these rights are:


- “Right to Know” — You have the right to request to know more about the categories and specific pieces of personal information that we have collected about you and access a copy of your personal information.
- “Right to Correction” — You have the right to have inaccurate personal information about you corrected.
- “Right to Deletion” — You have the right to request deletion of personal information that we have collected about you.
- “Right to Non-Discrimination” — If you choose to exercise any of your rights under CCPA, UpDiagram will treat you like all other users. In other words, there is no penalty for exercising your rights under CCPA.
- “Right to Opt-Out” - You have the right to opt out of the sale of your personal information.


CCPA has a specific definition of a “sale” and while UpDiagram does not, in the traditional sense, sell your personal information or the personal information of any of our users, we do use cookies that make non-personally identifiable information available to select third-parties. To opt out of such a “sale,” send your request via


To exercise any of these rights under CCPA, please email or write to us at UpDiagram, 55/21, Phan Dinh Phung, Tan Thanh, Tan Phu, Ho Chi Minh city, Vietnam. CCPA allows you to designate an authorized agent to make these requests on your behalf. For your protection, we may require that the request be sent through the email address associated with your account, and we may need to verify you and/or your agent’s identity before fulfilling your request.


Additionally, for more information about the personal information we collect and how we collect it, please see the sections above entitled “What Information We Collect”. 


To learn about the business and commercial purposes for which your personal information is collected and the categories of service providers who have access to your personal information, please see the sections above entitled “What do we use your data for” and “How we share your data.”


As a California resident, you also have the right to request certain details about what personal information we share with third parties for those third parties’ direct marketing purposes. To submit your request, send an email to with the phrase “Shining the light law on California” and include your mailing address, state of residence, and email address.


Since there is no widely accepted standard for the browser-initiated Do Not Track signal, we do not currently recognize or respond to Do Not Track signals.


Users in Nevada

If you are a resident of the State of Nevada, please see below for Nevada-specific privacy disclosures:

For residents of the State of Nevada, Chapter 603A of the Nevada Revised Statutes permits a Nevada resident to opt out of future sales of certain covered information that a website operator has collected or will collect about the resident. Although we do not currently sell covered information, please contact us at to submit such a request.


Users in Australia

If you are an Australia resident and you have a complaint, you may refer it to the office of the Australian Information Commissioner (“OAIC”). You can contact OAIC by visiting; forwarding an email to; telephoning 1300 363 992; or writing to OAIC at GPO Box 5218, Sydney NSW 2001. You may contact our privacy team at to make a complaint about a breach of the Australian Privacy Principles which will be responded to within 30 days.


Users in the European Economic Area (“EEA”) and United Kingdom (“UK”)

If you are located in the EEA or UK, you have the right to request access to your data in a portable format and to request the rectification, erasure, restriction of processing, or objection to processing of your personal data. You may use the information in Section “User information” to submit your request. Additionally, if you are located in the EEA, UK, or Switzerland, you also have the right to lodge a complaint with your supervisory authority.


Personal data is also processed outside of the UK, Switzerland, and the EEA by UpDiagram including to process transactions, facilitate payments, and provide support services as described in “How we share your data”. We use Standard Contractual Clauses adopted by the European Commission to facilitate transfers of personal data from the EEA to third countries and have entered into data processing agreements with UpDiagram to restrict and regulate their processing of your data. By submitting your data or using our Services, you consent to this transfer, storage, and processing by UpDiagram.



Data backup policy


UpDiagram runs daily incremental back-ups and full back-ups once every week. In a Data Center, back-up data is stored in the same location as the original and is encrypted at rest. Every week, UpDiagram also restores and validates back-ups. The retention duration applied for all backed up data is 3 months. In case a specific customer requests to restore their data , UpDiagram will restore the data from the backup and make it available to them.



Data retention policy


All Customer Data and Personal Data processed by UpDiagram on behalf of and in accordance with the recorded instructions of Customer in connection with the Online Services will be returned to or destroyed upon reasonable request by Customer, unless prohibited by law, at all locations where it is stored, within 30 days of the request, provided that it is no longer required for the provision of the Online Services or the purposes for which a data subject had authorized the processing of the data. UpDiagram  makes sure that the Customer Data or Personal Data is only processed as needed for the purposes specified in the applicable Data Protection Requirements or other applicable law, and only to the extent and for the specific period as required by the applicable Data Protection Requirements or other applicable law, provided that UpDiagram will ensure that the Customer Data or Personal Data is processed only as necessary for the purpose specified in the applicable Data Protection Requirements or other applicable law and no other purpose, and the Customer Data or Personal Data remains protected by the Applicable Data Protection Requirements or other applicable law.