Figma · Figma Privacy Policy

CCPA/CPRA Privacy Rights (California)

Medium severity
Share 𝕏 Share in Share

What it is

California residents have specific rights under state law, including the right to know what data is collected, to delete it, to correct it, to opt out of its sale or sharing, and to not be discriminated against for exercising these rights.

Why it matters

California users have stronger legal protections than users in most other US states, and Figma is obligated to honor these rights upon request.

Institutional analysis (Compliance & legal intelligence)

Figma's CCPA/CPRA compliance obligations include maintaining a compliant opt-out mechanism, honoring verified consumer requests within statutory timeframes (45 days, extendable by 45), and not retaliating against users who exercise rights. Compliance teams should audit Figma's data processing disclosures against CPRA's expanded sensitive data categories.

πŸ”’

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Consumer impact

Figma collects a broad range of personal data including usage patterns, device information, and payment details, and may use this data for AI/ML model improvement and targeted advertising. Your design content and collaboration activity may be processed and shared with third-party service providers and advertising partners. You can submit a privacy rights request (access, deletion, opt-out of data sale/sharing) through Figma's privacy request form at https://www.figma.com/privacy-request/.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Within 45 days
    Navigate to https://www.figma.com/privacy-request/, select 'Delete My Personal Information', verify your identity as prompted, and submit. Figma must respond within 45 days under CCPA.

Applicable agencies

  • State AG
    The California Attorney General and California Privacy Protection Agency (CPPA) enforce CCPA/CPRA rights for California residents.
    File a complaint →

Provision details

Document information
Document
Figma Privacy Policy
Entity
Figma
Document last updated
March 24, 2026
Tracking information
First tracked
March 20, 2026
Last verified
March 20, 2026
Record ID
CA-P-00206004
Document ID
CA-D-00206
Evidence Provenance
Source URL
https://www.figma.com/legal/privacy/
Wayback Machine
View archived versions →
SHA-256
253b198f1fbf60b34a986a2e93d09220cb0fa33fe4d49a8da4f60a06511ca255
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Figma | Document: Figma Privacy Policy | Record: CA-P-00206004
Captured: 2026-03-20 05:46:58 UTC | SHA-256: 253b198f1fbf60b3…
URL: https://conductatlas.com/platform/figma/figma-privacy-policy/ccpacpra-privacy-rights-california/
Accessed: April 4, 2026
Classification
Severity
Medium
Categories
Privacy Consent Data sharing

Other provisions in this document