// Trust & Security Report
Eraser Labs, Inc.
AI co-pilot for technical design and documentation — generates and maintains diagrams (architecture, entity relationships, flow charts, sequences). Includes markdown support, version history, API, and GitHub integration. Available in multi-tenant, single-tenant, and private cloud (BYOC) deployments.
Certifications held
2
Maturity
Growth
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 5 unconfirmed / not-held certifications
source: docs.eraser.ioNo public evidence found on vendor domain. SOC 2 Type 2 is offered instead as primary information security certification.
source: eraser.ioNo evidence of HIPAA compliance, BAA, or healthcare-specific certifications found on vendor domain.
source: eraser.ioPrivacy policy mentions 'no transfer of Your Personal Data will place to an organization or a country unless there are adequate controls in place' but no explicit GDPR compliance certification or DPA framework stated.
source: eraser.ioNo public evidence found. Eraser notes 'we will not store or collect Your payment card details' (Stripe handles payments).
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not offered
Data region
Not explicitly specified; privacy policy states data processing may occur at 'Company's operating offices and in any other places where the parties involved in the processing are located.' Multi-tenancy default, but BYOC (private cloud) option available for data residency control.
Vendor explicitly states: 'OpenAI nor Eraser will use your data to train AI models.' However, 'Eraser may analyze your usage to improve and enhance our AI feature.' OpenAI retains API requests/responses for up to 30 days per their usage policy.
// Security controls
Data Backup & Recovery
Version history & snapshots available; users responsible for independent backup of content
eraser.ioThird-Party Service Providers
Google Analytics, Amplitude (analytics); SendGrid (email); Stripe (payments)
eraser.ioTrust Portal Access
Available for enterprise customers; includes SOC 2 Type 2 report and annual penetration test report. Contact: hello@eraser.io
docs.eraser.io// Products & data scope
data: Diagrams, design docs, markdown content, version history, user data
Available in free, paid, and enterprise tiers. Supports architecture diagrams, ERDs, flow charts, sequence diagrams. API available. Markdown-based with export to PNG/SVG/PDF/MD.
data: Diagram prompts, generated diagrams
Uses OpenAI API; neither Eraser nor OpenAI trains models on user data. OpenAI retains requests/responses up to 30 days.
data: API-based diagram generation and management
Launching MCP Server per homepage. Allows integration with other AI tools and workflows.
// What to watch
- No ISO 27001 certification — only SOC 2 Type 2 offered as primary security certification
- No HIPAA compliance or BAA availability — healthcare/regulated use cases not explicitly supported
- No explicit GDPR compliance statement or DPA framework — privacy policy addresses data transfers but no formal compliance posture stated
- Data residency not guaranteed in multi-tenant default — international data transfers possible (US-based service providers); BYOC option mitigates for on-premise needs
- Privacy policy mentions analytics data collection (Google Analytics, Amplitude) — may raise concerns for GDPR-sensitive organizations
- Trust Portal not directly accessible online (must request via hello@eraser.io) — transparency slightly limited compared to vendors with public trust portals
- Encryption details not publicly specified — best practices assumed but not documented on public pages
- AI training policy clear but OpenAI 30-day retention of API requests/responses not widely advertised — could be concern for sensitive technical diagrams
// At a glance
Pricing model
Freemium (free tier), subscription tiers, enterprise pricing available. No public pricing details for enterprise.
Self-hostable
Yes
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Eraser Labs, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
eraser.io