When you upload designs, files, or other content to Figma, you grant Figma a worldwide, royalty-free license to use, copy, modify, and display that content — including to improve Figma's products and services, which includes AI and machine learning features.
This analysis describes what Figma's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The provision establishes the scope of authorized use of Customer Content by Figma and its service providers, and creates a requirement that users consult separate documentation (Figma AI Terms) to understand and control AI-related processing of their content. This structure separates the general service authorization from AI-specific settings and transparency mechanisms.
The removal of the Subprocessors list link makes it less convenient for users, particularly enterprise and EU-based customers who rely on this information for data protection compliance, to verify which third parties Figma engages to process their data. While the subprocessor information may still exist on Figma's website, removing the direct link from the Terms of Service reduces accessibility and transparency. Enterprise customers and those subject to GDPR may need to contact Figma directly to access current subprocessor information.
View change record →Designers and organizations who store proprietary or client-sensitive design files on Figma may find that their creative work and embedded personal data are used to train Figma's AI models, which could raise intellectual property and data privacy concerns for professionals working under client confidentiality obligations.
How other platforms handle this
By making any User Content available to Calm, you hereby grant to Calm a non-exclusive, transferable, sublicensable, worldwide, royalty-free, license to use, store, publish, translate, reproduce, adapt, copy, modify, create derivative works based upon, publicly display, publicly perform, and distrib...
By making creations available on Patreon or otherwise posting on Patreon, you grant us a royalty-free, perpetual, irrevocable, non-exclusive, sublicensable, worldwide license covering your creation or what you post in all formats and channels now known or later developed anywhere in the world to use...
By making available any Content through the Service, you grant to Pinterest a non-exclusive, transferable, sublicensable, royalty-free, worldwide license to use, copy, modify, create derivative works based upon, distribute, publicly display, publicly perform and distribute your Content in connection...
Monitoring
Figma has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Customer authorizes Figma and its service providers to use Customer Content for the sole purpose of providing the Services and performing activities contemplated by these Terms (such as maintaining, securing, debugging, and otherwise performing quality control for the Services). Also, the Figma AI terms (available at figma.com/legal/ai-terms) explain certain AI-related settings that apply to Customer Content, and how to control those settings.— Excerpt from Figma's Figma Terms of Service
1) REGULATORY FRAMEWORK: This provision implicates GDPR Arts. 6(1)(b) and 6(1)(f) (lawful basis for processing), Art. 13 (transparency/disclosure obligations), and Art. 22 (automated decision-making) for EEA users whose personal data may appear in design files used for AI training. The EU AI Act (Regulation 2024/1689), particularly Arts. 10 and 53 relating to training data governance for general-purpose AI models, is directly relevant for EEA enterprise customers. CCPA §1798.100 is implicated for California users whose personal information may be embedded in design content. The FTC Act Section 5 applies if AI training use was not clearly disclosed at the time of data collection. Primary enforcement: Irish DPC (GDPR), CPPA (CCPA), FTC (US). 2)
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
We read the privacy policies and terms of service of 38 AI platforms. Here is what they say about training, retention, arbitration, and liability.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The provision establishes the scope of authorized use of Customer Content by Figma and its service providers, and creates a requirement that users consult separate documentation (Figma AI Terms) to understand and control AI-related processing of their content. This structure separates the general service authorization from AI-specific settings and transparency mechanisms.
Designers and organizations who store proprietary or client-sensitive design files on Figma may find that their creative work and embedded personal data are used to train Figma's AI models, which could raise intellectual property and data privacy concerns for professionals working under client confidentiality obligations.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Figma.