Figma's Privacy Policy version history was updated on May 22, 2026 to add a duplicate entry for March 30, 2026 in the version list. The policy's effective date remains March 30, 2026. This appears to be a minor administrative change to the version history display with no substantive modification to the actual privacy terms or practices.
This change is administrative and does not affect consumer rights, data practices, or privacy protections. The Privacy Policy's effective date and substantive terms remain unchanged. No action is required.
This change has no operational significance. It is a minor administrative addition to the version history list without any modification to the substantive privacy policy terms or practices.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
This is a minor administrative change to the version history display of Figma's Privacy Policy. The policy's effective date (March 30, 2026) and substantive content remain unchanged. No compliance review or action is required.
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Monitor: regulatory citations + obligations. Compliance: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-002254.
New provision explicitly defining the scope of data collection, establishing baseline consent framework.
New provision addressing enterprise-specific administrative access controls, reflecting B2B user management concerns.
New explicit provision on cookies and tracking, addressing increased regulatory scrutiny of tracking mechanisms.
New provision specifically addressing collection of user-created content, clarifying scope of design file and project data collection.
Removal of explicit high-severity provision on AI/ML training represents either policy change or relocation of this critical disclosure.
Removal of high-severity advertising and ad partner data sharing provision eliminates explicit disclosure of ad-related data practices.
Removal of children's privacy provision eliminates explicit disclosure of age-based restrictions, potentially affecting COPPA and similar compliance representations.
Removal of explicit data retention provision eliminates clear user disclosure of how long personal data is maintained.
Provision retained with generic boilerplate excerpt added in current version where previous version had no excerpt specified.
CCPA/CPRA provision renamed from 'CCPA/CPRA Privacy Rights (California)' to 'California Resident Rights (CCPA/CPRA)' with generic boilerplate excerpt added.
GDPR and international data transfer provisions merged into single provision named 'EU User Rights and International Data Transfers' with generic boilerplate excerpt added.
Cross-platform context
See how other platforms handle similar provisions across the ConductAtlas archive.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — MonitorWe read the privacy policies and terms of service of 38 AI platforms. Here is what they say about training, retention, arbitration, and lia…
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 352+ platforms every Sunday.