Figma · Figma Privacy Policy

GDPR Rights for EU/UK Users

Medium severity
Share 𝕏 Share in Share

What it is

If you are in the EU or UK, you have rights under GDPR including the right to access your data, have it deleted, correct inaccuracies, restrict processing, receive a portable copy, and object to certain processing.

Why it matters

GDPR grants EU and UK users among the strongest data privacy rights in the world, and Figma must legally honor these requests in a timely manner.

Institutional analysis (Compliance & legal intelligence)

Figma's designation of a data controller and reliance on SCCs for international transfers creates accountability under GDPR Articles 13-15 (transparency), Article 17 (erasure), and Article 20 (portability). DPO engagement and Article 30 Records of Processing Activities (ROPA) compliance should be verified in enterprise procurement due diligence.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Consumer impact

Figma collects a broad range of personal data including usage patterns, device information, and payment details, and may use this data for AI/ML model improvement and targeted advertising. Your design content and collaboration activity may be processed and shared with third-party service providers and advertising partners. You can submit a privacy rights request (access, deletion, opt-out of data sale/sharing) through Figma's privacy request form at https://www.figma.com/privacy-request/.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Export Your Data
    Within 30 days
    Email privacy@figma.com stating your GDPR right to data portability or access. Include your account email and specify the data categories you are requesting. Figma must respond within one month.

Applicable agencies

  • FTC
    While the FTC is not a GDPR enforcement authority, it oversees US-side compliance with cross-border data transfer commitments that underpin EU-US data flows.
    File a complaint →

Provision details

Document information
Document
Figma Privacy Policy
Entity
Figma
Document last updated
March 24, 2026
Tracking information
First tracked
March 20, 2026
Last verified
March 20, 2026
Record ID
CA-P-00206005
Document ID
CA-D-00206
Evidence Provenance
Source URL
https://www.figma.com/legal/privacy/
Wayback Machine
View archived versions →
SHA-256
253b198f1fbf60b34a986a2e93d09220cb0fa33fe4d49a8da4f60a06511ca255
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Figma | Document: Figma Privacy Policy | Record: CA-P-00206005
Captured: 2026-03-20 05:46:58 UTC | SHA-256: 253b198f1fbf60b3…
URL: https://conductatlas.com/platform/figma/figma-privacy-policy/gdpr-rights-for-euuk-users/
Accessed: April 4, 2026
Classification
Severity
Medium
Categories
Privacy Consent Data sharing Governing law

Other provisions in this document