Track 3 platforms and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This is Figma's Privacy Policy, covering how Figma collects and uses personal information from users of its design platform, including websites, mobile apps, APIs, and the Figma Community. The policy states that when the 'Content Training' setting is enabled by an administrator, Customer Content uploaded to Figma may be used to train Figma's AI models, with de-identification steps described but not detailed. The policy also discloses that when a user views or interacts with a file, information including their IP address and specific actions taken may be made available to the file's administrator.
This document is Figma's Privacy Policy, effective June 2, 2026, governing the collection, use, and disclosure of personal information across Figma's websites, mobile applications, APIs, and design tool services globally. The policy states that Figma collects account information, payment metadata, communication data, customer content, usage data, technical data, and candidate information, and asserts legal bases for processing under contract performance, legitimate interests, consent, and legal obligation frameworks consistent with GDPR-style requirements. Notably, the policy authorizes AI training on Customer Content when a 'Content Training' toggle is enabled in administrative settings, and permits sharing of user interaction data including IP address and file activity with file administrators, which creates operational exposure for users who may not be aware their viewing activity is disclosed to file owners. The policy engages GDPR, UK GDPR, Swiss data protection law, CCPA, and multiple U.S. state comprehensive privacy laws, and discloses participation in the EU-U.S. Data Privacy Framework, UK Extension, and Swiss-U.S. DPF, with the FTC holding enforcement jurisdiction. Compliance teams should evaluate the administrator data access provisions, the opt-in default structure for AI content training, and the broad organizational data disclosure clause, particularly for enterprise and education account deployments.
Institutional analysis available with Compliance
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.
Get Compliance8 important changes detected
9 versions captured · Last updated: July 2026
Figma's privacy policy underwent a minor revision on June 4, 2026, in which several historical version dates were removed from the version history section. The effective date of the policy …
View change record →Figma updated its Privacy Policy version history on June 3, 2026. The change added a single entry to the version history list, showing an additional June 2, 2026 version record. …
View change record →Figma updated its Privacy Policy effective date from May 27, 2026 to June 2, 2026. This is a routine effective date change that appears to reflect when the policy document …
View change record →Figma updated its Privacy Policy on June 2, 2026 with two sentence-level modifications. The changes involve formatting adjustments to the version history listing and a minor punctuation update to the …
View change record →Figma updated its privacy policy on May 28, 2026 to expand protections for children under 13 using its services. The policy now restricts children's access to education-focused agreements only, prohibits …
View change record →Figma's privacy policy version history was updated on May 22, 2026 to add a duplicate entry for March 30, 2026. The policy effective date remains March 30, 2026, and the …
View change record →Every distinct legal provision identified in this document. Featured provisions appear above with analysis.
Monitoring
Figma has updated this document before.
Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
Compliance Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Get ComplianceCross-platform context
See how other platforms handle Account Deletion Required for Personal Data Deletion and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.