Figma Legal
The information provided here is for Figma customers and users who have questions about our terms, policies, intellectual property, and compliance.
Singapore’s Personal Data Protection Act (PDPA) 2012
Aim of the Act
Singapore’s PDPA is aimed at protecting individuals’ personal data while recognizing the need for organizations to collect, use or disclose personal data for legitimate and reasonable purposes.
Who does it apply to?
Singapore’s PDPA applies to private-sector organizations that collect, use, or disclose personal data in Singapore as part of their commercial activities. It does not apply to public agencies, to individuals handling data for purely personal or domestic purposes, or to business contact information (as defined under the PDPA).
Key Requirements
The PDPA sets standards for how organizations collect, use, protect, retain, and share personal data, and requires strong accountability, proper breach management, and safeguards for data transferred overseas.
Overview of our compliance approach
Figma maintains a robust privacy framework built on internationally recognised data protection standards, including principles found in laws like the GDPR. As the PDPA shares many of these same principles, Figma’s established processes and safeguards are designed to meet its requirements.
Refer to Figma’s Data Protection Addendum for more information.