If Figma is sold, merged, or acquired, your personal data may be transferred to the new owner as part of the business transaction.
This analysis describes what Figma's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
In the event of a corporate acquisition or merger, your Figma account data, design files, and personal information could be transferred to a new company whose privacy practices may differ from Figma's.
If Figma undergoes a merger, acquisition, or asset sale, your personal data, including design files and account information, may be transferred to a new corporate entity without requiring your consent, subject to notice requirements that may apply under applicable law.
How other platforms handle this
We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
Customer authorized Mistral AI to transfer Personal Data to any country deemed to have an adequate level of data protection by the European Commission. Customer also authorizes Mistral AI to perform International Data Transfers to (a) on the basis of adequate safeguards in accordance with Applicable...
Personal data collected by Unity may be transferred to and processed in countries outside of the European Economic Area, including the United States, where data protection laws may differ from those in your country. Where we transfer personal data from the EEA or the UK, we rely on appropriate safeg...
Monitoring
Figma has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may share or transfer your personal information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company. In such transactions, personal information is generally one of the business assets that is transferred.— Excerpt from Figma's Figma Privacy Policy
REGULATORY LANDSCAPE: Business transfer provisions in privacy policies are common and generally permissible under US law, but GDPR requires that personal data transferred in a corporate transaction continue to be processed in accordance with the original purposes and legal bases, or that data subjects are informed of material changes. The FTC has addressed privacy policy representations in corporate transactions, including through enforcement actions requiring that acquirers honor prior privacy commitments. GOVERNANCE EXPOSURE: Low to Medium. This is a standard clause in SaaS privacy policies, but the breadth of content data collected by Figma means that any corporate transaction could transfer significant volumes of proprietary user and organizational data to a new entity. Organizations with data sovereignty or confidentiality concerns should be aware of this provision. JURISDICTION FLAGS: EU and UK users' data transferred in a corporate transaction must continue to be processed in compliance with GDPR and UK GDPR, including transfer mechanism requirements if the acquirer is located outside adequate jurisdictions. California users retain CCPA rights following a business transfer. Data Protection Authorities may require notification of significant data transfers in corporate transactions. CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers should consider whether their data processing agreements with Figma include provisions governing data handling in corporate transactions, including the right to terminate and retrieve data if the acquirer does not meet contractual privacy standards. Change of control clauses in enterprise contracts should be reviewed. COMPLIANCE CONSIDERATIONS: Legal teams should monitor Figma corporate transactions and assess whether any change of control triggers DPA review, renegotiation rights, or regulatory notification obligations. Internal procedures for assessing vendor corporate transactions and their privacy implications should be documented.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
In the event of a corporate acquisition or merger, your Figma account data, design files, and personal information could be transferred to a new company whose privacy practices may differ from Figma's.
If Figma undergoes a merger, acquisition, or asset sale, your personal data, including design files and account information, may be transferred to a new corporate entity without requiring your consent, subject to notice requirements that may apply under applicable law.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Figma.