110 Total
33 High severity
58 Medium severity
19 Low severity
Summary

This is Figma's Privacy Policy, covering how Figma collects and uses personal information from users of its design platform, including websites, mobile apps, APIs, and the Figma Community. The policy states that when the 'Content Training' setting is enabled by an administrator, Customer Content uploaded to Figma may be used to train Figma's AI models, with de-identification steps described but not detailed. The policy also discloses that when a user views or interacts with a file, information including their IP address and specific actions taken may be made available to the file's administrator.

Technical / Legal Breakdown

This document is Figma's Privacy Policy, effective June 2, 2026, governing the collection, use, and disclosure of personal information across Figma's websites, mobile applications, APIs, and design tool services globally. The policy states that Figma collects account information, payment metadata, communication data, customer content, usage data, technical data, and candidate information, and asserts legal bases for processing under contract performance, legitimate interests, consent, and legal obligation frameworks consistent with GDPR-style requirements. Notably, the policy authorizes AI training on Customer Content when a 'Content Training' toggle is enabled in administrative settings, and permits sharing of user interaction data including IP address and file activity with file administrators, which creates operational exposure for users who may not be aware their viewing activity is disclosed to file owners. The policy engages GDPR, UK GDPR, Swiss data protection law, CCPA, and multiple U.S. state comprehensive privacy laws, and discloses participation in the EU-U.S. Data Privacy Framework, UK Extension, and Swiss-U.S. DPF, with the FTC holding enforcement jurisdiction. Compliance teams should evaluate the administrator data access provisions, the opt-in default structure for AI content training, and the broad organizational data disclosure clause, particularly for enterprise and education account deployments.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Get Compliance

8 important changes detected

9 versions captured · Last updated: July 2026

What changed Figma's Privacy Policy footer now includes a link to 'Digital Regulation Help Centre' alongside existing links to Community Code of Conduct, Privacy and Data Protection, and other governance documents. This is a navigation update that provides users with access to a new resource center on digital regulation topics. No material change to privacy rights, data practices, or consumer obligations.
Why this matters This change adds a new navigation link in the Privacy Policy footer. The updated policy now references a 'Digital Regulation Help Centre' alongside existing governance resources. No changes to data collection, processing, retention, rights, or consumer obligations are introduced by this modification.
View full change record →
What changed Figma updated a hyperlink label in its Privacy Policy on June 13, 2026. The previous text read 'Opens in a new tab Code of Conduct ↗' and now reads 'Opens in a new tab Figma Code of Conduct ↗'. This adds 'Figma' to the link text for clarity but does not change the underlying privacy practices, data handling, or user obligations.
Why this matters This change updates a hyperlink label in the Privacy Policy without modifying any underlying privacy practices, data collection procedures, or user rights. The revised link text now explicitly references 'Figma Code of Conduct' instead of simply 'Code of Conduct', providing clearer navigation. No action is required from users as a result of this change.
View full change record →

June 4, 2026 low

Figma's privacy policy underwent a minor revision on June 4, 2026, in which several historical version dates were removed from the version history section. The effective date of the policy …

View change record →
June 3, 2026 low

Figma updated its Privacy Policy version history on June 3, 2026. The change added a single entry to the version history list, showing an additional June 2, 2026 version record. …

View change record →
June 2, 2026 low

Figma updated its Privacy Policy effective date from May 27, 2026 to June 2, 2026. This is a routine effective date change that appears to reflect when the policy document …

View change record →
June 2, 2026 low

Figma updated its Privacy Policy on June 2, 2026 with two sentence-level modifications. The changes involve formatting adjustments to the version history listing and a minor punctuation update to the …

View change record →
May 28, 2026 medium

Figma updated its privacy policy on May 28, 2026 to expand protections for children under 13 using its services. The policy now restricts children's access to education-focused agreements only, prohibits …

View change record →
May 22, 2026 low

Figma's privacy policy version history was updated on May 22, 2026 to add a duplicate entry for March 30, 2026. The policy effective date remains March 30, 2026, and the …

View change record →
Featured — High severity
Featured — Medium severity

Complete Provision Index

Every distinct legal provision identified in this document. Featured provisions appear above with analysis.

110 provisions
12 featured
18 clause types
33 high severity
privacy_rights 23
data_sharing 19
data_collection 16
data_usage 13
contract_terms 8
disclosure_requirements 5
liability_limitation 4
ai_automated 3
data_retention 3
legal_jurisdiction 3
restricted_content 3
arbitration 2
enforcement_actions 2
policy_changes 2
account_control 1
indemnification 1
other 1
payment_fees 1

Monitoring

Figma has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Get Monitor Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Get Compliance

Cross-platform context

See how other platforms handle Account Deletion Required for Personal Data Deletion and similar clauses.

Compare across platforms →

Mapped Governance Frameworks

FAA
United States Federal
View official text ↗
Archival ProvenanceSource & Archival Record
Last Captured July 7, 2026 00:31 UTC
Capture Method Automated scheduled archival capture
Document ID CA-D-000544
Version ID CA-V-004556
SHA-256 f7f03821eec4a58f9dc0198f7828ff49a980d5d548d3fa82093da85a7a1559da
✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Governance Monitoring

Monitor governance changes across the platforms you rely on.

Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.

Create free account Compare plans