Security & sovereignty
Clear commitments, written for your DPO as much as for you.
🇫🇷 Hosting in France
The application, its database and your diagram library run on infrastructure located in France. No replication or backup outside the European Union.
✦ European AI
AI features are powered by Mistral models served from European infrastructure through the AI SmartTalk platform. Prompts and diagrams are processed in the EU and never used to train models.
⚖️ EU AI Act
Mermaid Studio is a limited-risk AI system under the EU AI Act: AI-generated content is always clearly identified as such, and a human stays in control of every output.
🔒 Your data, your rules
Your diagrams are private by default. Publishing is an explicit action you can reverse at any time. Deleting a diagram removes it and its version history permanently.
🛡️ Security measures
OAuth 2.0 with PKCE for authentication, httpOnly cookies, TLS everywhere, rate limiting, strict input validation and security headers on every response.
📋 GDPR rights
Access, rectification, erasure, portability: exercise your rights at any time through your AI SmartTalk account or by contacting us. We respond within 30 days.
✉️ Security contact
Found a vulnerability or have a compliance question? Write to us — we read every report.