Figma updated their Privacy Policy on March 31, 2026, making two notable changes. First, the primary contact email for privacy-related requests changed from support@figma.com to privacy@figma.com, and the Data Protection Officer contact for UK and EEA users changed from FigmaDPO@Fieldfisher.com (an external law firm) to privacy@figma.com (an in-house address). Second, some navigation links in the policy were reorganized, including the removal of a Candidate Privacy Notice link and updates to the document version history reflecting the new March 30, 2026 effective date.
The shift from an external law firm DPO contact to a generic internal email address may affect how EU and UK users can exercise GDPR data rights and reach a designated DPO, which is a regulated transparency requirement. Organizations relying on Figma's documented DPO contact for their own compliance records must update those records.
Figma has updated the contact email for privacy questions and data rights requests from support@figma.com to privacy@figma.com. For users in the UK and European Economic Area, the Data Protection Officer contact has also changed from an external law firm address (FigmaDPO@Fieldfisher.com) to the same in-house address (privacy@figma.com). If you have previously saved or bookmarked Figma's privacy contact details, you should update them to privacy@figma.com.
Figma changed its privacy contact email from support@figma.com to privacy@figma.com and replaced the external DPO contact (FigmaDPO@Fieldfisher.com at Fieldfisher law firm) with an internal address (privacy@figma.com) for UK and EEA users. This touches GDPR Art. 37-39 (DPO designation and contact details), as the published DPO contact point has changed. Organizations relying on Figma's published DPO contact for their own vendor management records or DPAs should update their documentation. Action is required to update internal vendor records and any DPA or privacy notice referencing the prior DPO contact.
1. GDPR Art. 37(7) — requires the controller to publish the DPO contact details. Changing the DPO contact from an identified external firm (Fieldfisher) to a generic internal email raises questions about whether the designated DPO's identity remains sufficiently transparent and whether the new contact satisfies the publication requirement.
Compliance intelligence locked
Obligation analysis, escalation trigger, board language, and recommended action.
Watcher: regulatory citations + obligations. Professional: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-000205.
ConductAtlas Policy Archive Entity: Figma | Document: Figma Privacy Policy | Record: CA-C-000205 Captured: 2026-03-31 06:04:04 UTC URL: https://conductatlas.com/change/2026-03-31-figma-figma-privacy-policy-205/ Accessed: April 4, 2026
Figma updated their Terms of Service on March 31, 2026 by reorganizing some navigation links in their document footer or …
Create a free account and add Figma to your watchlist. We'll email you the moment something changes.