CA-C-001882
Figma — Figma Terms of Service
Entity
Date detected
March 19, 2026
Effective date
March 19, 2026
Severity
Low
Direction
Positive
Affected users
all users job applicants enterprise customers EU users
Taxonomy
Vendor disclosure shift
Changes
+2 sentences added · 2 sentences modified
Share 𝕏 Share in Share 🔒 PDF
Watch Figma Get alerts when this policy changes.
Watch — Free

Event Summary

Figma updated its Terms of Service footer on March 19, 2026 to add links to two new policy documents: a Candidate Privacy Notice and a Data Processing Addendum. The updated terms also reorganized existing policy links and added a link to a Figma Subprocessors page. These changes expand the policy documentation users can access but do not modify the substantive terms of service itself.

LOW

Consumer Impact

Figma made three new policy documents available through its Terms of Service: a Candidate Privacy Notice that explains how candidate data is handled, a Data Processing Addendum that governs how data is processed, and a public list of Figma Subprocessors. The updated terms do not change existing service requirements or user obligations, but do provide more detailed disclosure of privacy practices and vendor relationships. Users can review these documents by following the links in the updated footer.

Governance Analysis

The updated terms establish more accessible data processing documentation, which is operationally significant for organizations subject to data protection regulations. Availability of a Data Processing Addendum and Subprocessors list allows regulated organizations to evaluate Figma's vendor terms against their own data governance and contracting frameworks, particularly under GDPR and CCPA.

Available Actions

Review the Candidate Privacy Notice if you are applying for a role at Figma or its partners

If you use Figma for business purposes in regulated industries, request your Data Processing Officer or compliance team review the Data Processing Addendum and Subprocessors list

Key Clauses Affected

Candidate Privacy Notice link

Newly available disclosure document describing how job applicant data is collected and handled

Data Processing Addendum link

Newly available contractual framework for data controller/processor relationships, particularly relevant for GDPR-regulated organizations

Figma Subprocessors list link

Newly available transparency document listing third-party vendors that process user data on Figma's behalf

Full clause-by-clause analysis available with Compliance.
These clauses may change again. Get alerted when they do. Watch Figma — Free

This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology

Evidence Verification

✓ Verified
Previous Version
2044b292a5dac4ff964b3b7a832c7a5d5139537bdae138ca25a73e2f6a0dd777
April 19, 2026 06:16 UTC
✓ Verified
Current Version
bb36744c1a7d9f810f32e27ad2c4a1bf6daaeba748418fce1bd23d32a358a5d4
March 19, 2026 14:56 UTC
✓ Verified
Change Detected
March 19, 2026 14:56 UTC
Analysis Methodology
✓ Verified
Source Document
https://www.figma.com/legal/tos/
Citation Record
Entity: Figma
Document: Figma Terms of Service
Record ID: CA-C-001882
Captured: 2026-03-19 14:56:02 UTC
URL: https://conductatlas.com/change/2026-03-19-figma-figma-terms-of-service-1882/
Accessed: July 1, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
For legal and compliance teams

Institutional Analysis

Assessment

Figma expanded its policy disclosure by adding three new linked documents to the Terms footer: a Candidate Privacy Notice, Data Processing Addendum (DPA), and Figma Subprocessors list. This change improves transparency around data processing practices and vendor relationships. Organizations using Figma, particularly those in regulated industries or operating in the EU, may find these additions relevant to their data processing obligations and vendor management assessments. The DPA link may be especially relevant for business customers evaluating data controller/processor relationships under frameworks like GDPR. No new substantive obligations are imposed by adding these links, but the availability of a DPA and subprocessors list should be evaluated in the context of existing data processing agreements and vendor contracts.

Regulatory Exposure

GDPR (EU), CCPA (California), UK GDPR (UK), LGPD (Brazil). The addition of a Data Processing Addendum and Subprocessors list aligns with transparency requirements under these frameworks. GDPR Articles 28-32 establish obligations for data controller/processor relationships, including the requirement to execute a DPA and provide transparency about subprocessor use.

Full compliance analysis

Obligation analysis, escalation trigger, board language, and recommended action.

Monitor $19/mo Compliance $249/mo

Monitor: regulatory citations + obligations. Compliance: full compliance memo.

ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-001882.

Full Changes

See the full side-by-side comparison of every sentence added, removed, and modified.

🔒 Full diff — Monitor

Document Context

Version history → Policy drift analysis → Document page →
Document
Figma Terms of Service
Entity
Figma
Captured
March 19, 2026
Source URL
https://www.figma.com/legal/tos/
Other changes to Figma Terms of Service
Next change Mar 31, 2026
Figma removed links to two privacy-related resources from its Terms of Service footer on March 31, 2026: the 'Candidate Privacy …
Medium Negative
View full version history →
More from Figma
Jun 13, 2026 Unknown
Figma Privacy Policy
Jun 13, 2026 Unknown
Figma Terms of Service
Jun 13, 2026 Unknown
Figma Privacy Policy

Track Figma policy changes

Get alerted when this policy changes again — including what changed and why it matters.

Prefer a weekly summary instead?

Get the biggest policy changes across 320+ platforms every Sunday.