Figma updated its privacy policy on May 28, 2026 to expand protections for children under 13 using its services. The policy now restricts children's access to education-focused agreements only, prohibits using children's data to train AI models, disallows targeted advertising to children, and blocks third-party tracking of minors. Additionally, Figma clarified its approach to international child privacy by extending references to COPPA protections and adding explicit UK and EU GDPR representative contact information.
The updated terms now restrict how Figma may use personal information from children. Children may only use the Services through a Figma for Education Enterprise agreement with their school, and Figma explicitly prohibits using children's personal information to train or improve AI services, serve targeted advertisements, or enable third-party tracking. Parents may contact Figma if they learn a child provided personal information without consent outside of an education agreement.
The updated terms establish explicit restrictions on AI training, targeted advertising, and third-party tracking of child users, creating new operational obligations for educational institutions and AI service providers. This change also expands Figma's defined child age range across multiple jurisdictions, potentially triggering compliance reviews for organizations serving minors in California, the EU, and Japan.
→ If you are a parent and believe your child provided information to Figma outside of a school agreement, contact Figma at privacy@figma.com to request removal.
→ If you are an educational institution, verify that your Figma deployment is structured as a Figma for Education Enterprise agreement.
→ Educational institutions that do not operate under a Figma for Education Enterprise agreement may have non-compliant child user access.
→ AI service providers integrated with Figma who do not document compliance with the data use prohibition may expose the organization to regulatory scrutiny.
This is the 2nd significant Ai Training Rights change Figma has made since ConductAtlas began monitoring.
Across all monitored documents, Figma has made 3 significant changes.
Figma explicitly prohibits using children's personal information to train, fine-tune, or develop AI services, including large language models.
Children may only use Figma Services through a Figma for Education Enterprise agreement with their educational institution.
Figma prohibits third-party advertising partners from setting tracking technologies or collecting children's personal information.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
If your child uses Figma without going through a school agreement and provides personal information, you can contact Figma to report it.
Figma will not use data from children to build or improve its AI tools.
Children will not see ads personalized to their interests or behavior on Figma.
Third-party ad companies cannot track or collect data about children using Figma.
AI service providers working with Figma cannot use data entered into or generated by AI services to build better products.
Figma's May 28, 2026 update materially clarifies and restricts its collection and use of child personal information. The policy now references COPPA compliance (US Children's Online Privacy Protection Act) and age-specific definitions by jurisdiction (13+ US, 16+ California/EU, 18+ Japan). Organizations using Figma with child users should verify they operate under the required education enterprise agreements and understand that AI services cannot use child data for training. The update adds explicit GDPR representative contact information for UK and EU regulators, potentially indicating heightened regulatory scrutiny in those jurisdictions.
COPPA (US Children's Online Privacy Protection Act), GDPR (EU General Data Protection Regulation), California CCPA/CPRA (age-specific protections for minors), UK Data Protection Act 2018, Japan APPI (as referenced in age definitions)
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Monitor: regulatory citations + obligations. Compliance: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-002411.
Figma's Privacy Policy footer now includes a link to 'Digital Regulation Help Centre' alongside existing links to Community Code of …
Figma updated its Terms of Service footer navigation on July 7, 2026 to add a link to 'Digital Regulation Help …
Figma updated its privacy policy footer navigation on July 7, 2026 to add a link to 'Digital Regulation Help Centre' …
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them t…
ConductAtlas tracked the restructuring, new disclosures, and entity changes that followed the largest privacy fine in EU history.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do…
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 352+ platforms every Sunday.