What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: This policy engages GDPR and UK GDPR (covering EU and UK users, with a legal bases table and DPO contact provided), the California Consumer Privacy Act and CPRA (with explicit CCPA rights disclosures and a Do Not Sell or Share mechanism), and COPPA (restricting service use to users 13 and older, or 16 in certain jurisdictions). Cross-border data transfers from the EU and UK to the US are addressed through Standard Contractual Clauses. The FTC has jurisdiction over Figma's …

How does Figma's Figma Privacy Policy affect users?

The policy establishes that Figma collects personal data, design file content, and communications as part of platform operation and may share this data with service providers, advertising partners, and affiliates. The policy further establishes that content submitted through AI features may be used for AI model training unless the account holder disables the AI data training setting in account or organization settings.

How often is Figma's Figma Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Figma updates this document?

Yes. Watcher subscribers ($9.99/month) can add Figma to their watchlist and receive same-day email alerts whenever this document or any other Figma document changes.

CA-D-000544

Figma Privacy Policy

Figma

Last change detected May 5, 2026 Privacy policy

SHA-256: 058c63680da2853d71c… 1 version captured 0 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Figma ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

10 Total

1 High severity

7 Medium severity

2 Low severity

Summary

This document establishes Figma's policies governing collection, use, and sharing of personal data, account information, file content, communications, usage metrics, and device information from users of its design and collaboration platform. The policy authorizes Figma to use content submitted through AI-powered features to train and improve AI models, with an exception permitting paid and organizational account holders to opt out of this use through account settings. The policy specifies that Figma shares collected data with service providers, advertising partners, and affiliates.

Technical / Legal Breakdown

This document is Figma's Privacy Policy, governing the collection, use, and disclosure of personal information in connection with Figma's design, collaboration, and AI-assisted services, with legal bases including consent, contract performance, and legitimate interests depending on jurisdiction. The policy states that Figma collects a broad range of data including account information, payment data, device and usage data, location information, and user-generated content, and the terms authorize use of this data for service delivery, analytics, marketing, safety, and to train or improve Figma's AI and machine learning features, subject to certain opt-out rights. A notable provision is the explicit disclosure that content submitted to AI features may be used to improve AI models, with an opt-out available for professional and organizational accounts but requiring affirmative action; the policy also asserts broad discretion to share data with third-party service providers, advertising partners, and corporate affiliates, which is common in the SaaS industry but warrants review given the breadth of design content and business-sensitive materials users may store. The policy engages GDPR and UK GDPR for EU and UK users (with a dedicated legal bases table and Data Protection Officer contact), CCPA and CPRA for California residents (with explicit rights disclosures and a Do Not Sell or Share opt-out), and COPPA for users under 16. Material compliance considerations include ensuring that AI training data use is supported by adequate legal bases under GDPR, that opt-out mechanisms for AI feature training are operationally effective, and that data transfers from the EU and UK to the US are covered by Standard Contractual Clauses or equivalent transfer mechanisms as asserted by the policy.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

High — 1 provision

AI Feature Content Used for Model Training Compare →

Figma may use the content you submit through its AI tools to train and improve its AI systems. If you are on a paid Professional or Organizational plan, you can opt out of this use in your account settings.

Added May 11, 2026 Common Seen across 104 platforms

Medium — 7 provisions

Third-Party Data Sharing and Advertising Partners Compare →

Figma shares your personal data with a range of outside companies including payment processors, analytics firms, and advertising partners to support its business operations.

Added May 11, 2026 Standard Seen across 246 platforms
GDPR Legal Bases and Data Subject Rights Compare →

If you are in the EU, UK, or Switzerland, Figma processes your data under GDPR and provides you with rights to access, correct, delete, or export your personal data.

Added May 11, 2026 Standard Seen across 262 platforms
California Resident Rights and Do Not Sell or Share Compare →

California residents have specific legal rights under CCPA, including the right to know what data Figma has about them, delete it, correct it, and opt out of Figma sharing their information with advertising partners.

Added May 11, 2026 Standard Seen across 262 platforms
Cross-Border Data Transfers via Standard Contractual Clauses Compare →

Figma transfers EU, UK, and Swiss user data to the US and other countries using Standard Contractual Clauses, which are a legally recognized mechanism for protecting personal data during international transfers.

Added May 11, 2026 Standard Seen across 246 platforms
Age Restriction and Children's Privacy Compare →

Figma's services are intended for users 13 and older (16 in some EU countries), and Figma states it does not knowingly collect data from younger children.

Added May 11, 2026 Standard Seen across 262 platforms
User Content and Design File Data Collection Compare →

Figma collects the actual content of your design files, comments, and messages, as well as detailed data about how you use the platform, including how often and for how long you use specific features.

Added May 11, 2026 Standard Seen across 251 platforms
Cookie and Tracking Technology Use Compare →

Figma and its advertising and analytics partners use cookies and tracking tools to monitor how you use Figma and other websites, and this data is used for analytics, personalization, and advertising purposes.

Added May 11, 2026 Standard Seen across 251 platforms

Low — 2 provisions

Data Retention Compare →

Figma keeps your personal data for as long as it considers necessary for business, legal, or fraud prevention purposes, after which it states it will delete or anonymize the data.

Added May 8, 2026 Standard Seen across 223 platforms
Business Transfers and Corporate Transactions Compare →

If Figma is sold, merged, or acquired, your personal data may be transferred to the new owner as part of the business transaction.

Added May 11, 2026 Standard Seen across 246 platforms