Security Overview

Mermaid Studio operates completely inside the secure sandbox of your web browser. The app compiles, syntax-checks, and renders Mermaid syntax in memory locally. There are no backend database servers or external APIs involved in processing your diagrams.

Your system designs, sequence architectures, and proprietary flowchart text inputs are never sent over the internet. Because all calculations and renderings take place locally, it is virtually impossible for network-based interception or server-side leaks of your private source materials to occur.

Mermaid Studio utilizes local HTML5 canvas drawing elements and client-side serializers for image exports. All stylesheet cleanups (such as removing remote imports to prevent cross-origin canvas tainting) are done directly in browser sandbox memory, keeping your environment secured from cross-site scripting (XSS) risks.

We run standard npm package updates and security audits to keep all project dependencies clean. Mermaid Studio relies on the official, open-source `@uiw/react-codemirror` and `mermaid` packages, which undergo regular security reviews by the global development community.