CA-C-002411
Figma — Figma Privacy Policy (Superseded URL)
Entity
Date detected
May 28, 2026
Effective date
May 27, 2026
Severity
Direction
Positive
Affected users
minors parents educational institutions all users
Taxonomy
Ai training rights
Changes
+4 sentences added · −3 sentences removed · 7 sentences modified
Share 𝕏 Share in Share 🔒 PDF
Watch Figma Get alerts when this policy changes.
Watch — Free

Event Summary

Figma updated its privacy policy on May 28, 2026 to expand protections for children under 13 using its services. The policy now restricts children's access to education-focused agreements only, prohibits using children's data to train AI models, disallows targeted advertising to children, and blocks third-party tracking of minors. Additionally, Figma clarified its approach to international child privacy by extending references to COPPA protections and adding explicit UK and EU GDPR representative contact information.

MEDIUM

Consumer Impact

The updated terms now restrict how Figma may use personal information from children. Children may only use the Services through a Figma for Education Enterprise agreement with their school, and Figma explicitly prohibits using children's personal information to train or improve AI services, serve targeted advertisements, or enable third-party tracking. Parents may contact Figma if they learn a child provided personal information without consent outside of an education agreement.

Governance Analysis

The updated terms establish explicit restrictions on AI training, targeted advertising, and third-party tracking of child users, creating new operational obligations for educational institutions and AI service providers. This change also expands Figma's defined child age range across multiple jurisdictions, potentially triggering compliance reviews for organizations serving minors in California, the EU, and Japan.

Available Actions

If you are a parent and believe your child provided information to Figma outside of a school agreement, contact Figma at privacy@figma.com to request removal.

If you are an educational institution, verify that your Figma deployment is structured as a Figma for Education Enterprise agreement.

If No Action Is Taken

Educational institutions that do not operate under a Figma for Education Enterprise agreement may have non-compliant child user access.

AI service providers integrated with Figma who do not document compliance with the data use prohibition may expose the organization to regulatory scrutiny.

Historical Context

This is the 2nd significant Ai Training Rights change Figma has made since ConductAtlas began monitoring.

Across all monitored documents, Figma has made 3 significant changes.

Key Clauses Affected

AI training prohibition for children

Figma explicitly prohibits using children's personal information to train, fine-tune, or develop AI services, including large language models.

Education agreement requirement

Children may only use Figma Services through a Figma for Education Enterprise agreement with their educational institution.

Third-party advertising restriction

Figma prohibits third-party advertising partners from setting tracking technologies or collecting children's personal information.

Full clause-by-clause analysis available with Compliance.
These clauses may change again. Get alerted when they do. Watch Figma — Free

This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology

Evidence Verification

✓ Verified
Previous Version
1df317e1e0ebf34a5aa253e38dd6b1103bbcbec3efa2924e8d9655568ae193ea
May 22, 2026 00:31 UTC
✓ Verified
Current Version
4704c89abdcdc2baffd662be8cf7fcb0e4d63f05803458e8dc00364c227712f3
May 28, 2026 00:22 UTC
✓ Verified
Change Detected
May 28, 2026 00:22 UTC
Analysis Methodology
✓ Verified
Source Document
https://www.figma.com/privacy/
Citation Record
Entity: Figma
Document: Figma Privacy Policy (Superseded URL)
Record ID: CA-C-002411
Captured: 2026-05-28 00:22:53 UTC
URL: https://conductatlas.com/change/2026-05-28-figma-figma-privacy-policy-superseded-url-2411/
Accessed: July 12, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.

Impact Summary

4
New obligations
1
Expanded
Parents Added

If your child uses Figma without going through a school agreement and provides personal information, you can contact Figma to report it.

Consumers Added

Figma will not use data from children to build or improve its AI tools.

Consumers Added

Children will not see ads personalized to their interests or behavior on Figma.

Consumers Added

Third-party ad companies cannot track or collect data about children using Figma.

Data controllers Added

AI service providers working with Figma cannot use data entered into or generated by AI services to build better products.

For legal and compliance teams

Institutional Analysis

Assessment

Figma's May 28, 2026 update materially clarifies and restricts its collection and use of child personal information. The policy now references COPPA compliance (US Children's Online Privacy Protection Act) and age-specific definitions by jurisdiction (13+ US, 16+ California/EU, 18+ Japan). Organizations using Figma with child users should verify they operate under the required education enterprise agreements and understand that AI services cannot use child data for training. The update adds explicit GDPR representative contact information for UK and EU regulators, potentially indicating heightened regulatory scrutiny in those jurisdictions.

Regulatory Exposure

COPPA (US Children's Online Privacy Protection Act), GDPR (EU General Data Protection Regulation), California CCPA/CPRA (age-specific protections for minors), UK Data Protection Act 2018, Japan APPI (as referenced in age definitions)

Full compliance analysis

Obligation analysis, escalation trigger, board language, and recommended action.

Monitor $19/mo Compliance $249/mo

Monitor: regulatory citations + obligations. Compliance: full compliance memo.

ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-002411.

Full Changes

View complete diff →

Document Context

Version history → Policy drift analysis → Document page →
Document
Figma Privacy Policy (Superseded URL)
Entity
Figma
Captured
May 28, 2026
Source URL
https://www.figma.com/privacy/
Other changes to Figma Privacy Policy (Superseded URL)
Previous change May 22, 2026
Figma's privacy policy version history was updated on May 22, 2026 to add a duplicate entry for March 30, 2026. …
Low Neutral
Next change Jun 2, 2026
Figma updated its Privacy Policy on June 2, 2026 with two sentence-level modifications. The changes involve formatting adjustments to the …
Low Neutral
View full version history →
More from Figma
Jul 7, 2026 Low
Figma Privacy Policy (Superseded URL)

Figma's Privacy Policy footer now includes a link to 'Digital Regulation Help Centre' alongside existing links to Community Code of …

Jul 7, 2026 Low
Figma Terms of Service (Superseded URL)

Figma updated its Terms of Service footer navigation on July 7, 2026 to add a link to 'Digital Regulation Help …

Jul 7, 2026 Low
Figma Privacy Policy

Figma updated its privacy policy footer navigation on July 7, 2026 to add a link to 'Digital Regulation Help Centre' …

Related Analysis
Privacy · May 8, 2026
Meta Removed 438 Sentences From Its Privacy Policy. Here Is What Disappeared.

ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them t…

Privacy · May 7, 2026
TikTok Rewrote Its Privacy Policy After a $600M EU Fine

ConductAtlas tracked the restructuring, new disclosures, and entity changes that followed the largest privacy fine in EU history.

Privacy · April 16, 2026
23andMe Is Bankrupt. What Happens to Your DNA Now?

Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do…

Track Figma policy changes

Get alerted when this policy changes again — including what changed and why it matters.

Prefer a weekly summary instead?

Get the biggest policy changes across 352+ platforms every Sunday.