What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: This policy engages GDPR and UK GDPR (covering EU and UK users, with a legal bases table and DPO contact provided), the California Consumer Privacy Act and CPRA (with explicit CCPA rights disclosures and a Do Not Sell or Share mechanism), and COPPA (restricting service use to users 13 and older, or 16 in certain jurisdictions). Cross-border data transfers from the EU and UK to the US are addressed through Standard Contractual Clauses. The FTC has jurisdiction over Figma's …

How does Figma's Figma Privacy Policy affect users?

The policy establishes that Figma collects personal data, design file content, and communications as part of platform operation and may share this data with service providers, advertising partners, and affiliates. The policy further establishes that content submitted through AI features may be used for AI model training unless the account holder disables the AI data training setting in account or organization settings.

How often is Figma's Figma Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Figma updates this document?

Yes. Monitor subscribers ($19/month) can add Figma to their watchlist and receive same-day email alerts whenever this document or any other Figma document changes.

CA-D-000544

Figma Privacy Policy

Figma

Last change detected June 4, 2026 Privacy policy

SHA-256: f11a30262ea94e79e9b… 7 versions captured 6 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Figma ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

10 Total

1 High severity

7 Medium severity

2 Low severity

Summary

This document establishes Figma's policies governing collection, use, and sharing of personal data, account information, file content, communications, usage metrics, and device information from users of its design and collaboration platform. The policy authorizes Figma to use content submitted through AI-powered features to train and improve AI models, with an exception permitting paid and organizational account holders to opt out of this use through account settings. The policy specifies that Figma shares collected data with service providers, advertising partners, and affiliates.

Technical / Legal Breakdown

This document is Figma's Privacy Policy, governing the collection, use, and disclosure of personal information in connection with Figma's design, collaboration, and AI-assisted services, with legal bases including consent, contract performance, and legitimate interests depending on jurisdiction. The policy states that Figma collects a broad range of data including account information, payment data, device and usage data, location information, and user-generated content, and the terms authorize use of this data for service delivery, analytics, marketing, safety, and to train or improve Figma's AI and machine learning features, subject to certain opt-out rights. A notable provision is the explicit disclosure that content submitted to AI features may be used to improve AI models, with an opt-out available for professional and organizational accounts but requiring affirmative action; the policy also asserts broad discretion to share data with third-party service providers, advertising partners, and corporate affiliates, which is common in the SaaS industry but warrants review given the breadth of design content and business-sensitive materials users may store. The policy engages GDPR and UK GDPR for EU and UK users (with a dedicated legal bases table and Data Protection Officer contact), CCPA and CPRA for California residents (with explicit rights disclosures and a Do Not Sell or Share opt-out), and COPPA for users under 16. Material compliance considerations include ensuring that AI training data use is supported by adequate legal bases under GDPR, that opt-out mechanisms for AI feature training are operationally effective, and that data transfers from the EU and UK to the US are covered by Standard Contractual Clauses or equivalent transfer mechanisms as asserted by the policy.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

6 important changes detected

7 versions captured · Last updated: June 2026

June 4, 2026

low

What changed Figma's privacy policy underwent a minor revision on June 4, 2026, in which several historical version dates were removed from the version history section. The effective date of the policy remains June 2, 2026. This appears to be a formatting or administrative update to the policy documentation itself, with no material changes to the substantive privacy terms or practices described in the policy.

Why this matters This change affects the presentation of Figma's privacy policy documentation rather than the substantive privacy practices or terms themselves. The policy effective date remains June 2, 2026, and the operational content of the privacy terms is unchanged. No action is required on the part of users.

View full change record →

June 3, 2026

low

What changed Figma updated its Privacy Policy version history on June 3, 2026. The change added a single entry to the version history list, showing an additional June 2, 2026 version record. This appears to be a documentation update to the policy's version timeline with no change to the substantive privacy terms themselves.

Why this matters This change is a documentation update to Figma's Privacy Policy version history and does not modify any substantive privacy protections, data collection practices, or user rights. The policy's effective date remains June 2, 2026, and the operational terms governing data handling are unchanged.

View full change record →

June 2, 2026 low

Figma updated its Privacy Policy effective date from May 27, 2026 to June 2, 2026. This is a routine effective date change that appears to reflect when the policy document …

View change record →

June 2, 2026 unknown

Figma updated their Figma Privacy Policy on June 02, 2026. Change detected: 2 sentence(s) modified. Document contained 331 sentences after update.

View change record →

May 28, 2026 unknown

Figma updated their Figma Privacy Policy on May 28, 2026. Change detected: 4 sentence(s) added, 3 sentence(s) removed, 7 sentence(s) modified. Document contained 331 sentences after update.

View change record →

May 22, 2026 low

Figma's privacy policy version history was updated on May 22, 2026 to add a duplicate entry for March 30, 2026. The policy effective date remains March 30, 2026, and the …

View change record →

Recent Provision Changes Jun 4, 2026

10 provisions unchanged.

View full change record →

High — 1 provision

AI Feature Content Used for Model Training Compare →

Figma may use the content you submit through its AI tools to train and improve its AI systems. If you are on a paid Professional or Organizational plan, you can opt out of this use in your account settings.

Added May 11, 2026 Standard Seen across 284 platforms

Medium — 7 provisions

Third-Party Data Sharing and Advertising Partners Compare →

Figma shares your personal data with a range of outside companies including payment processors, analytics firms, and advertising partners to support its business operations.

Added May 11, 2026 Standard Seen across 252 platforms
GDPR Legal Bases and Data Subject Rights Compare →

If you are in the EU, UK, or Switzerland, Figma processes your data under GDPR and provides you with rights to access, correct, delete, or export your personal data.

Added May 11, 2026 Standard Seen across 284 platforms
California Resident Rights and Do Not Sell or Share Compare →

California residents have specific legal rights under CCPA, including the right to know what data Figma has about them, delete it, correct it, and opt out of Figma sharing their information with advertising partners.

Added May 11, 2026 Standard Seen across 284 platforms
Cross-Border Data Transfers via Standard Contractual Clauses Compare →

Figma transfers EU, UK, and Swiss user data to the US and other countries using Standard Contractual Clauses, which are a legally recognized mechanism for protecting personal data during international transfers.

Added May 11, 2026 Standard Seen across 284 platforms
Age Restriction and Children's Privacy Compare →

Figma's services are intended for users 13 and older (16 in some EU countries), and Figma states it does not knowingly collect data from younger children.

Added May 11, 2026 Standard Seen across 284 platforms
User Content and Design File Data Collection Compare →

Figma collects the actual content of your design files, comments, and messages, as well as detailed data about how you use the platform, including how often and for how long you use specific features.

Added May 11, 2026 Standard Seen across 284 platforms
Cookie and Tracking Technology Use Compare →

Figma and its advertising and analytics partners use cookies and tracking tools to monitor how you use Figma and other websites, and this data is used for analytics, personalization, and advertising purposes.

Added May 11, 2026 Standard Seen across 284 platforms

Low — 2 provisions

Data Retention Compare →

Figma keeps your personal data for as long as it considers necessary for business, legal, or fraud prevention purposes, after which it states it will delete or anonymize the data.

Added May 8, 2026 Standard Seen across 284 platforms
Business Transfers and Corporate Transactions Compare →

If Figma is sold, merged, or acquired, your personal data may be transferred to the new owner as part of the business transaction.

Added May 11, 2026 Standard Seen across 284 platforms