// Trust & Security Report

    Cinergix Pty Ltd (Australia) logo

    Cinergix Pty Ltd (Australia)

    Creately is an AI-powered visual collaboration and diagramming platform. Main products: Creately SaaS (cloud) and Creately Enterprise On-Premise for self-hosted deployments. Supports flowcharts, org charts, mind maps, UML, ERDs, network diagrams, and AI-assisted diagram generation.

    Certifications held

    4

    Maturity

    Growth

    Trains on your data

    Unknown

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type 2
    HELD

    We have successfully completed a SOC 2 Type 2 audit. The audit confirms that security controls protect customer data and validates adherence to Trust Services Criteria for Security, Availability, and Confidentiality.

    Verify on creately.com
    ISO 27001:2022
    HELD

    Creately is ISO 27001 certified. This demonstrates they maintain a comprehensive Information Security Management System meeting global standards for risk management and operational excellence.

    Verify on creately.com
    HIPAA
    HELD

    We support healthcare and life sciences organizations by maintaining HIPAA compliance. They provide necessary safeguards for electronic Protected Health Information and will sign Business Associate Agreements with enterprise partners.

    Verify on creately.com
    GDPR
    HELD

    We are fully committed to GDPR compliance and the protection of individual privacy rights. They offer regional data hosting in the United States, Europe (EU), and Australia to meet data sovereignty requirements.

    Verify on creately.com
    > Show 5 unconfirmed / not-held certifications
    PCI-DSS
    NOT CONFIRMED

    Creately uses PCI-DSS Level 1 certified payment processors for credit card processing. This is the payment processor's certification, not Creately's own.

    source: creately.com
    ISO 27017 (Cloud Data Protection)
    NOT CONFIRMED

    no public evidence

    source: creately.com
    ISO 27018 (Cloud Personal Data Protection)
    NOT CONFIRMED

    no public evidence

    source: creately.com
    FedRAMP
    NOT CONFIRMED

    no public evidence

    source: creately.com
    ISO/IEC 42001 (AI Governance)
    NOT CONFIRMED

    no public evidence

    source: creately.com

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Offered

    Data region

    Multi-region: United States, European Union, Australia, Middle East

    AI training stance not explicitly addressed in public documentation. Privacy Policy mentions using data to 'improve our Service' but does not specify whether customer diagrams or content are used for model training. No explicit opt-out mentioned. Contact support for clarification.

    // Security controls

    Encryption in Transit

    TLS 1.2 or higher

    creately.com

    Encryption at Rest

    AES-256 encryption

    creately.com

    Access Control

    Role-Based Access Control (RBAC), Single Sign-On (SSO)

    creately.com

    Audit Logging

    Comprehensive audit logs tracking system activity (who, what, when, where)

    creately.com

    Data Centers

    Physical security with controlled-access data centers

    creately.com

    // Products & data scope

    Creately SaaSCloud-based Visual Collaboration

    data: Stored in user-selected regional data center (US, EU, Australia, Middle East)

    Standard cloud offering with shared infrastructure

    Creately Enterprise On-PremiseSelf-Hosted Visual Collaboration

    data: Customer-controlled infrastructure

    For organizations requiring local deployment; supports white-labeling and custom integrations

    // At a glance

    Pricing model

    Freemium SaaS with tiered paid plans; custom enterprise pricing

    Self-hostable

    Yes

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Cinergix Pty Ltd (Australia)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    creately.com

    > Browse all vendor trust reports