Lucid Suite
The Lucid Visual Collaboration Suite empowers teams to ideate, plan, design, build, and launch game-changing solutions—all from a shared infinite canvas. Through its products Lucidchart (intelligent diagramming application) and Lucidspark (virtual whiteboarding application) organizations can utilize the power of visual collaboration to clearly see and build the future together.
Features
- Infinite canvas: Boundless working area that supports collaboration across teams
- Templates: Pre-arranged shapes and components, accelerating the creation of visuals
- Shape libraries: Shapes grouped by frameworks to support diagram creation
- Integrations: Connectors built into other tools and systems of record
- Diagram types: Support for creation of ERDs, UML, BPMN, mindmaps
- Data linking: Visualize data in context of diagrams, brainstorms, projects
- Visual Activities: Dynamic surveys to gather insights from your team
- Collaborative AI: AI-powered capabilities to automate steps of the workflow
- Facilitator controls: Capabilities to enable better meetings and drive alignment
- Frames/Paths: Present content effectively to synchronous and asynchronous audiences
Benefits
- Collaborate effectively on projects with in person or remote teams.
- Clarify complex processes, systems, and workflows
- Create a repository of institutional knowledge
- Visualize and adjust project plans
- Visualize your org structure
Pricing
£17.99 a licence a month
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
9 8 8 7 9 6 7 9 7 4 8 1 7 9 9
Contact
Lucid Software Inc.
Roderick de Greef
Telephone: +1 (844) 465-8243
Email: uk.sales@lucid.co
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- No service constraints
- System requirements
-
- Mac: OS X Yosemite 10.10 or later
- Windows: Windows 7, 8, 8.1, 10, 11
- Linux : latest versions
- Chrome OS: latest stable version of Chrome OS
- IOS: iOS 13 or later
- Android: Android 8.1 or later (WebGL compatible)
- Google Chrome (three latest versions)
- Mozilla Firefox (three latest versions)
- Microsoft Edge (three latest versions)
- Apple Safari (two latest versions)
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- 24-hour support is available on business days, with full 24/5 coverage from Sunday 5pm to Friday 5pm Mountain time. Support team is staffed 24/5 (business days).
- User can manage status and priority of support tickets
- No
- Phone support
- No
- Web chat support
- No
- Onsite support
- No
- Support levels
- Lucid provides technical support for the Subscription Service (“Support”) through its online help center available at help.lucid.co. Support requests may be submitted to support@lucid.co. Technical product support is available 2am to 10pm Mountain Time (Utah, USA) Monday through Friday and 10am to 10pm Mountain Time (Utah, USA) on weekends and nationally recognized holidays.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
We offer many options within the service as you use it as well as the following resources:
Training Labs: Our interactive self-serve courses and live training workshops will help you get started quickly or dive deeper into visual collaboration with the Lucid Suite.
Lucid Community: Offers peer support, product feedback, inspiration, groups, and more.
Help Center: Find answers to questions, account management, billing, support and more. - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- At the end of the contract, all associated accounts will be downgraded to free accounts and will retain read-only access to all of their data. All data may be deleted at the request of the customer rather than downgrading accounts. Data will remain in backups for up to 6 months and cannot be deleted independently. If the customer wishes, they can get their data out of the system.
- End-of-contract process
-
After canceling a trial, your account is automatically downgraded to a limited, free plan. After canceling a paid subscription, your subscription will not renew and your plan will automatically downgrade to a limited, free plan at the end of your paid subscription period. Your documents will remain in your account and you can still view them. However, you will only have the features available on a free plan, and cannot edit documents with full functionality. You can re-subscribe at any time to continue editing all of your documents.
To permanently delete your account, personal information, and documents from our system, you can do so after you cancel your subscription(s).
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- The features on the mobile version may not be identical to the desktop experience.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
- A graphical user web interface used.
- Accessibility standards
- None or don’t know
- Description of accessibility
-
Users able to adjust the interface in several ways:
- Use high contrast colors
- Adjust text size and fonts
- Adjust line thickness
- View plain text names of colors
- Disable animations
- Adjust zoom settings
- Use keyboard shortcuts - Accessibility testing
- None.
- API
- Yes
- What users can and can't do using the API
-
Lucid offers three sets of APIs:
- Lucid's REST API allows developers to programmatically interact ( create, search, read contents of, trash, etc.) documents and folders. This API also provides endpoints for embedding documents, adding/removing collaborators, transfering content between users, and more.
- Lucid's Extension API allows developers to add functionality to Lucid editors. This API can import data, add/read/modify shapes and lines on the canvas, and define new shape libraries for internal or public distribution.
- Lucid's SCIM API offers user provisioning and group management, available for admins on an Enterprise account. - API documentation
- Yes
- API documentation formats
- HTML
- API sandbox or test environment
- No
- Customisation available
- Yes
- Description of customisation
-
Account administrators are able to adjust several security-related features such as:
- Password & Authentication requirements (e.g. SSO & SCIM)
- Sharing restrictions
- Domain lockdown
Admins are also able to customize document attributes, including:
- Classification
- Status
- Required document values (e.g. Title, Description, Features)
In addition, Lucid provides an integrations marketplace for various enhanced features and functionality with other applications.
Scaling
- Independence of resources
-
Lucid leverages AWS auto-scale groups, load balancers, and separated services in order to keep up with the demand of usage and to allow for continuous availability.
Lucid provides metrics around service availability and uptime at https://status.lucid.co/.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Depending on license, some usage data/information can be provided that includes boards created, shared, edited, new users, usage, etc., as well as who has not used the product during that same time frame to assist the customer in user management.
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Physical access control, complying with another standard
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Other
- Other data at rest protection approach
- Data at rest is protected through encryption using AES-256.
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Users can export their data using one of various integrations, including Google Drive, Microsoft OneDrive and API. For Lucidchart, users can export in Visio file formats, PDF, SVG, PNG, JPG, and more. For Lucidspark, users can export in PDF, PNG, JPEG, and SVG.
- Data export formats
-
- CSV
- ODF
- Other
- Other data export formats
-
- SVG
- PNG
- JPEG
- Data import formats
-
- CSV
- ODF
- Other
- Other data import formats
-
- SVG
- PNG
- JPG
- API
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- Service Level Agreements (SLAs) are negotiated and included in contractual agreements for Enterprise customers.
- Approach to resilience
- Our service is designed to be resilient through several measures. Firstly, all our systems are redundant, with all application services being in horizontal scaling groups. This ensures that services are not impacted during peak usage and above. Secondly, all our databases are configured for master-master replication, which allows for redundancy and high availability. We also utilize AWS availability zones for our production environment, providing at least three different, geographically separated locations where the application is hosted for high availability and redundancy. Lastly, we have a disaster recovery plan in place, which we validate by supporting application traffic on a secondary site utilizing a backup or live database.
- Outage reporting
- Our service reports outages through a public dashboard available at https://status.lucid.co/.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
- Access to data is restricted to those with a business need (support and operations) with RBAC controls to enforce access. Prior to access being provided, access is reviewed and approved by management with the process tracked through an internal ticketing system. Access reviews are performed on a quarterly basis. When users change roles or leave the company, access is removed within 48 hours. Support access the application through 2FA and VPN.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Dedicated link (for example VPN)
- Username or password
Audit information for users
- Access to user activity audit information
- No audit information available
- Access to supplier activity audit information
- No audit information available
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Moss Adams Certifications LLC
- ISO/IEC 27001 accreditation date
- 06/15/2023
- What the ISO/IEC 27001 doesn’t cover
- This certification covers Products, Assets, Technologies, and Processes at Lucid Software.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- 08/30/2021
- CSA STAR certification level
- Level 1: CSA STAR Self-Assessment
- What the CSA STAR doesn’t cover
- All parts of service are covered.
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- Self-Assessment
- PCI DSS accreditation date
- 02/24/2024
- What the PCI DSS doesn’t cover
- Lucid's PCI DSS Certification is limited to Lucid as a merchant and processing payments for its services. The certifications does not apply to content created by users or stored in documentation.
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
- SOC 2 Type 2
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
We have an Information Security Policy, a Data Retention Policy, Risk Management Policy, Third Party Risk Management Policy, and many others that are available on our Trust Center at https://trust.lucid.co
All policies are reviewed and approved by an executive annually.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
Our configuration management solution ensures all our machines are kept up-to-date with security patches. Our SaaS offering includes automated updates on the system side, so our customers do not need to apply these.
For change management, we have a documented process where we record the reason for change, what was changed, who approved it, and when. - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
Our vulnerability management process begins with the identification of potential threats and vulnerabilities. We use various sources to identify these, including the National Vulnerability Database, vulnerability mailing lists such as US-CERT Cyber Security Alerts, and threat intelligence feeds. Identified vulnerabilities are logged, prioritized, and assigned out to our Security Team. Vulnerabilities are tracked to resolution and records maintained indefinitely.
In terms of patch deployment, our production systems check for patches every 5 minutes. If there are updates, we apply the patches at that time. - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- Potential compromises are identified through various processes such as the National Vulnerability Database, Vulnerability mailing lists (e.g. US-CERT Cyber Security Alerts), and threat intelligence feeds. When we find a potential compromise, we respond to it as a security incident response team that operates under a clearly defined and thoroughly documented plan. We are equipped and ready to handle any potential security incidents any time they occur. Our response to incidents is swift as we operate 24x7x365.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
Lucid Maintains security incident response team that is equipped and ready to handle any potential security incidents any time they occur. This team operates under a clearly defined and thoroughly documented plan, outlining their respective roles and responsibilities. The plan ensures that, in the event of an incident, each team member knows their function, enabling a swift and coordinated response to effectively address and mitigate the impact of any security issues.
Users can report incidents to support@lucid.co or security@lucid.co
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Covid-19 recovery
- Equal opportunity
Covid-19 recovery
Lucid’s products support remote work by enabling collaboration on the platform in real time or offline. Visuals created in Lucidspark or Lucidchart serve to bridge communication gaps, increase participation, and elevate every voice whether someone works remote or in person.Equal opportunity
Lucid's products help contribute to workplace and collaboration equity by giving all participants the opportunity and ability to contribute and communicate equally. For example, by using Lucidspark, a virtual whiteboard, all employees can contribute and participate in structured problem-solving, regardless of if they work in office, work remotely, have different collaboration styles, are neurodivergent, or are at varying levels of seniority.
Pricing
- Price
- £17.99 a licence a month
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
-
3 editable Lucidchart documents with 60 shapes per document.
3 editable Lucidspark boards.
Access to 100 templates.
No guest collaboration or facilitation.