If Figma is sold, merged, or acquired, your personal data may be transferred to the new owner as part of the business transaction.
This analysis describes what Figma's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
In the event of a corporate acquisition or merger, your Figma account data, design files, and personal information could be transferred to a new company whose privacy practices may differ from Figma's.
If Figma undergoes a merger, acquisition, or asset sale, your personal data, including design files and account information, may be transferred to a new corporate entity without requiring your consent, subject to notice requirements that may apply under applicable law.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Your personal information may be transferred to, stored, and processed in the United States or other countries outside of your country of residence, which may have data protection laws that are different from those in your country.
In the event of a merger, acquisition, reorganization, bankruptcy, or other similar event, your personal data may be transferred to a successor entity or third party as part of that transaction.
Monitoring
Figma has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may share or transfer your personal information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company. In such transactions, personal information is generally one of the business assets that is transferred.— Excerpt from Figma's Figma Privacy Policy
REGULATORY LANDSCAPE: Business transfer provisions in privacy policies are common and generally permissible under US law, but GDPR requires that personal data transferred in a corporate transaction continue to be processed in accordance with the original purposes and legal bases, or that data subjects are informed of material changes. The FTC has addressed privacy policy representations in corporate transactions, including through enforcement actions requiring that acquirers honor prior privacy commitments. GOVERNANCE EXPOSURE: Low to Medium. This is a standard clause in SaaS privacy policies, but the breadth of content data collected by Figma means that any corporate transaction could transfer significant volumes of proprietary user and organizational data to a new entity. Organizations with data sovereignty or confidentiality concerns should be aware of this provision. JURISDICTION FLAGS: EU and UK users' data transferred in a corporate transaction must continue to be processed in compliance with GDPR and UK GDPR, including transfer mechanism requirements if the acquirer is located outside adequate jurisdictions. California users retain CCPA rights following a business transfer. Data Protection Authorities may require notification of significant data transfers in corporate transactions. CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers should consider whether their data processing agreements with Figma include provisions governing data handling in corporate transactions, including the right to terminate and retrieve data if the acquirer does not meet contractual privacy standards. Change of control clauses in enterprise contracts should be reviewed. COMPLIANCE CONSIDERATIONS: Legal teams should monitor Figma corporate transactions and assess whether any change of control triggers DPA review, renegotiation rights, or regulatory notification obligations. Internal procedures for assessing vendor corporate transactions and their privacy implications should be documented.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
In the event of a corporate acquisition or merger, your Figma account data, design files, and personal information could be transferred to a new company whose privacy practices may differ from Figma's.
If Figma undergoes a merger, acquisition, or asset sale, your personal data, including design files and account information, may be transferred to a new corporate entity without requiring your consent, subject to notice requirements that may apply under applicable law.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Figma.