Privacy Policy

May 23, 2018

Protecting your privacy is important to us. Accordingly, we’re providing this Privacy Policy to explain our practices regarding our online information practices and the information we may collect, and how we intend to use and disclose information that we receive when you use our Services. Our Services include your use of our websites including figma.com, designsystems.com and any other websites that we may later own or operate (“Site” or “Sites”); mobile applications (“App(s)”), application program interface(s) (“API(s)”) and our design tool services and other products and services we may later own or operate (collectively “Services”) . This Privacy Policy applies to Personal Information that is collected, used or Processed by Figma in the course of our business and applies only to those websites, services and Apps included within “Services” and doesn’t apply to any third-party websites, services or applications, even if they are accessible through our Services. Also, please note that, unless we define a term in this Privacy Policy, all capitalized words used in this Privacy Policy have the same meanings as in our Terms of Service. Everyone whose responsibilities include the Processing of Personal Information on behalf of Figma are expected to protect that information and data by adhering to this Privacy Policy. This Privacy Policy is intended to meet requirements globally, including those in North America, Europe, APAC, and other jurisdictions.

This policy applies to all Figma’s operating divisions, subsidiaries, affiliates, and branches and any additional subsidiary, affiliate, or branch of Figma that we may later form.

How we collect and use information

Our primary goals in collecting information are to provide and improve our Services, to administer your use of the Services (including your account, if you are an account holder), and to enable you to enjoy and easily navigate our Services. The types of Personal Information we may collect (directly from you or from Third-Party sources) and our privacy practices depend on the nature of the relationship you have with Figma and the requirements of applicable law. Some of the ways that Figma may collect Personal Information include:

  • You may provide Personal Information directly to Figma by interacting with the Services, participating in surveys, and requesting services.
  • As you navigate the Services, certain passive information may also be collected about your visit, including through cookies and similar technologies as described below.

We endeavor to collect only that information which is relevant for the purposes of Processing.

Figma collects certain Personal Information about its current, prospective and former clients, customers, users, visitors, guests and employees (collectively “you” or “Individuals”).

Information You Provide Directly to Us. When you use the Services or engage in certain activities such as creating an Account with Figma, we may ask you to provide some or all of the following types of information:

  • Account Information. When you create an Account we’ll collect certain information that can be used to identify you, such as your name, email address, personal website, and picture (“Personally Identifiable Information” or “Personal Information”). We may also collect certain information that is not Personal Information because it cannot be used by itself to identify you.
  • Information Collected Using Cookies. We collect certain information through the use of “cookies,” which are small text files that are saved by your browser when you access our Services. We may use both session cookies and persistent cookies to identify that you’ve logged in to the Services and to tell us how and when you interact with our Services. We may also use cookies to monitor aggregate usage and web traffic routing on our Services and to customize and improve our Services. Unlike persistent cookies, session cookies are deleted when you log off from the Services and close your browser. Although most browsers automatically accept cookies, you can change your browser options to stop automatically accepting cookies or to prompt you before accepting cookies. Please note, however, that if you don’t accept cookies, you may not be able to access all portions or features of the Services. Some third-party services providers that we engage (including third-party advertisers) may also place their own cookies on your browser. Note that this Privacy Policy covers only our use of cookies and does not include use of cookies by such third parties.
  • Information Related to Use of the Services. Our servers automatically record certain information about how a person uses our Services (we refer to this information as “Log Data”), including both Account holders and non-Account holders (either, a “User”). Log Data may include information such as a User’s Internet Protocol (IP) address, browser type, operating system, the web page that a User was visiting before accessing our Services, the pages or features of our Services to which a User browsed and the time spent on those pages or features, search terms, the links on our Services that a User clicked on and other statistics. We use this information to administer the Services and we analyze (and may engage third parties to analyze) this information to improve and enhance the Services by expanding their features and functionality and tailoring them to our Users’ needs and preferences. We may use a person’s IP address to fight spam, malware and identity theft. We also use IP addresses to generate aggregate, non-identifying information about how our Services are used. We may, with your permission, collect information about your operating system’s installed fonts in connection with providing the Services to you. Combined with other system information, this information could be used to give your computer a unique fingerprint/signature and enable us to track your usage of our Services after you log out.
  • Location Information. In some cases we collect and store information about where you are located, such as by converting your IP address into a rough geolocation. We may use location information to improve and personalize our Services for you.
  • Meetups and/or Conferences. If you participate in conferences or meetup events, whether organized by Figma or a third-party, Figma may collect or obtain, and retain information you provide in connection with signing up and/or participating in that event.

Sharing with other Service users. When you use the Services, we share certain information about you with other Service users.

  • For collaboration: You can create content, which may contain information about you, and grant permission to others to see, share, edit, copy and download that content based on settings you or your administrator (if applicable) select. Some of the collaboration features of the Services display some or all of your profile information to other Service users when you share or interact with specific content. For example, when you comment, we display your profile picture and name next to your comments so that other users with access to the comment understand who made it. Similarly, when you join a team, your name, profile picture and contact information will be displayed in a list for other team members so they can find and interact with you. Please be aware that some content can be made publicly available, meaning any content posted, including information about you, can be publicly viewed and indexed by and returned in search results of search engines. You can check the settings at any time to confirm whether particular content is public or private.
  • Managed accounts and administrators: If you register or access the Services using an email address with a domain that is owned by your employer or organization, or associate that email address with your existing account and such organization wishes to establish a Figma services account, certain information about you including your name, profile picture, contact info, content, and account use may become accessible to that organization’s administrator and other Figma service users, as permitted by your administrator, to provide you additional products and services or to integrate with Figma or other products and services. For example, your organization may request that we provide extra security controls around your account to protect information about your organization or your organization may request that we link your Figma account with your organization’s account to enhance collaboration and functionality among tools you use. If you are the administrator of a team, organization or enterprise account within the Services, we may share your contact information with current or past Service users, for the purpose of facilitating Service-related requests.

Information You Submit Through Services. You agree that Figma is free to use information regarding your use of the Services, for any purpose including developing, manufacturing, and/or marketing goods or Services. Figma does not, however, claim any ownership rights in any User Content (as defined in our Terms of Service) that you make available through the Services and nothing in these privacy policy will be deemed to restrict any rights that you may have to use and exploit your User Content.

Information From Other Sources. We may receive information about you from other sources, including through Third-Party services and organizations to supplement information provided by you. For example, if you access our Services through a Third-Party application, such as an App Store or SNS, we may collect information about you from that Third-Party application that you have made public via your privacy settings. Information we collect through App Stores or SNS accounts may include your name, your SNS user identification number, your SNS user name, location, sex, birth date, email, profile picture, and your contacts on the SNS. This supplemental information allows us to verify information that you have provided to Figma and to enhance our ability to provide you with information about our business, products, and Services.

Third party websites, social media platforms, and software development kits

The Site may contain links to other websites and other websites may reference or link to our Site or other Services. These other domains and websites are not controlled by us, and Figma does not endorse or make any representations about Third-Party websites or social media platforms. We encourage our users to read the privacy policies of each and every website and application with which they interact. We do not endorse, screen or approve, and are not responsible for the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk.

Figma’s Services may include publicly accessible blogs, community forums, or private messaging features. The Site and our other Services may also contain links and interactive features with various social media platforms (e.g., widgets). If you already use these platforms, their cookies may be set on your device when using our Site or other Services. You should be aware that Personal Information which you voluntarily include and transmit online in a publicly accessible blog, chat room, social media platform or otherwise online, or that you share in an open forum may be viewed and used by others without any restrictions. We are unable to control such uses of your information when interacting with a social media platform, and by using such services you assume the risk that the Personal Information provided by you may be viewed and used by third parties for any number of purposes.

We use Third-Party software development kits (“SDKs”) as part of the functionality of our Services. Third-Party SDKs may allow Third Parties including advertisers to collect your personal information to provide content that is more relevant to you. You may opt out of tracking by following the instructions provided below.

Third Party Payment Processing

We may sell services or merchandise through our Services. When you make purchases through the Services, we may process your payments through a Third-Party application, including the Apple App Store, Google Play App Store, Amazon App Store (together with any similar applications, “App Stores”), Social Networking Sites (“SNS”) such as Facebook, and/or payment processing services such as Stripe. The Third-Party application may collect certain financial information from you to process a payment on behalf of Figma, including your name, email address, address and other billing information.

Information we share with Third-Parties

We will not share any Personal Information that we have collected from you except as described below:

Information Shared with Our Services Providers. We may engage third party service providers to work with us to administer and provide the Services. These third-party services providers have access to your Personal Information for the purpose of performing services on our behalf. The types of service providers (processors) to whom we entrust Personal Information service providers for: (i) provision of IT and related services; (ii) provision of information and services you have requested; (iii) payment processing; (iv) customer service activities; and (v) in connection with the provision of the Services. Figma has executed appropriate contracts with the service providers that prohibit them from using or sharing Personal Information except as necessary to perform the contracted services on our behalf or to comply with applicable legal requirements

Information Shared with Business Partners. We may share Personal Information with our business partners, and affiliates for our and our affiliates’ internal business purposes or to provide you with a product or service that you have requested. We may also provide Personal Information to business partners with whom we may jointly offer products or services, or whose products or services we believe may be of interest to you. In such cases, our business partner’s name will appear, along with Figma’s. Figma requires our affiliates and business partners to agree in writing to maintain the confidentiality and security of Personal Information they maintain on our behalf and not to use it for any purpose other than the purpose for which we provided them.

Information Shared for Marketing. Through our Services, we may allow Third-Party advertising partners to set tracking tools (e.g., cookies) to collect information regarding your activities (e.g., your IP address, page(s) visited, time of day). We may also share such de-identified information as well as selected Personal Information (such as demographic information and past purchase history) we have collected with Third-Party advertising partners. These advertising partners may use this information (and similar information collected from other websites) for purposes of delivering targeted advertisements to you when you visit non-Figma related websites within their networks. This practice is commonly referred to as “interest-based advertising” or “online behavioral advertising. We may allow access to other data collected by the Site to facilitate transmittal of information that may be useful, relevant, valuable or otherwise of interest to you. If you prefer that we do not share your Personal Information with Third-Party advertising partners, you may opt out of such sharing at no cost by following the instructions below.

Information Shared with Third Parties. We may share aggregated information and non-identifying information with third parties for industry analysis, demographic profiling and other similar purposes.

Information Disclosed in Connection with Business Transactions. Information that we collect from our users, including Personal Information, is considered to be a business asset. As a result, if we go out of business or enter bankruptcy or if we are acquired as a result of a transaction such as a merger, acquisition or asset sale, your Personal Information may be disclosed or transferred to the third-party acquirer in connection with the transaction as permitted by law and/or contract. In such event, we will endeavor to direct the transferee to Personal Information in a manner that is consistent with the Privacy Policy in effect at the time such Personal Information was collected.

Information Disclosed for Our Protection and the Protection of Others. It is our policy to protect you from having your privacy violated through abuse of the legal system, whether by individuals, entities or government, and to contest claims that we believe to be invalid under applicable law. However, it is also our policy to cooperate with government and law enforcement officials and private parties. Accordingly, we reserve the right to disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary: (i) to satisfy or comply with any applicable law, regulation or legal process or to respond to lawful requests, including subpoenas, warrants or court orders; (ii) to protect our property, rights and safety and the rights, property and safety of third parties or the public in general; and (iii) to prevent or stop activity we consider to be illegal or unethical.

In addition, from time to time, server logs may be reviewed for security purposes – e.g., to detect unauthorized activity on the Services. In such cases, server log data containing IP addresses may be shared with law enforcement bodies or Third Party service providers in order that they may identify users in connection with their investigation of the unauthorized activities or otherwise assist us with security related activities.

Information We Disclose With Your Consent or at Your Request. We will share your Personal Information with third-party sites or platforms if you have expressly consented or requested that we do so.

Information Displayed to Others Upon Posting of User Content. In connection with your Posting of User Content, we will share your picture, full legal name, user handle, and Twitter (or other social networking site) handle (to the extent you have provided us with this information). We are not responsible for privacy practices of the other users who may view and use the posted information.

The Security of Your Information

We take steps to ensure that your information is treated securely and in accordance with this Privacy Policy. Unfortunately, the Internet cannot be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information you provide to us. We do not accept liability for unintentional disclosure.

By using the Site or providing Personal Information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Site. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Site or sending an e-mail to you. You may have a legal right to receive this notice in writing.

Links to Other Sites

Our Services may contain links to other websites and services, e.g. to Google’s services. Any information that you provide on or to a third- party website or service is provided directly to the owner of the website or service and is subject to that party’s privacy policy. Our Privacy Policy does not apply to such websites or services and we’re not responsible for the content, privacy or security practices and policies of those websites or services. To protect your information we recommend that you carefully review the privacy policies of other websites and services that you access.

Modifying Your Information – rights of access, rectification, erasure, and restriction.

You may inquire as to whether we are Processing Personal Information about you, request access to Personal Information, and ask that we correct, amend or delete your Personal Information where it is inaccurate. Where otherwise permitted by applicable law, you may send an e-mail to support@figma.com or use any of the methods set out in this Privacy Policy to request access to, receive (port), seek rectification, or request erasure of Personal Information held about you by Figma. Please include your full name, email address associated with your Account, and a detailed description of your data request. Such requests will be processed in line with local laws

Although we make good faith efforts to provide Individuals with access to their Personal Information, there may be circumstances in which we are unable to provide access, including but not limited to: where the information contains legal privilege, would compromise others’ privacy or other legitimate rights, where the burden or expense of providing access would be disproportionate to the risks to the Individual’s privacy in the case in question or where it is commercially proprietary Personal Information. If we determine that access should be restricted in a particular instance, we will provide you with an explanation of why that determination has been made and a contact point for any further inquiries. To protect your privacy, we will take commercially reasonable steps to verify your identity before granting access to or making any changes to your Personal Information.

Opt-out (Right to Object to Processing)

You have the right to object to and opt out of certain uses and disclosures of your Personal Information. Where you have consented to Figma’s Processing of your Personal Information or Sensitive Personal Information, you may withdraw that consent at any time and opt out of further Processing by contacting support@figma.com. Even if you opt out, we may still collect and use non-Personal Information regarding your activities on our Sites and/or information from the advertisements on Third-Party websites for non-interest based advertising purposes, such as to determine the effectiveness of the advertisements.

  • Email and telephone communications. If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. We will process your request within a reasonable time after receipt. Note that you will continue to receive transaction-related emails regarding products or services you have requested. We may also send you certain non-promotional communications regarding Figma and our Services and you will not be able to opt out of those communications (e.g., communications regarding updates to our Terms or this Privacy Policy). We maintain telephone “do-not-call” and “do-not-mail” lists as mandated by law. We process requests to be placed on do-not-mail, do-not-phone and do-not-contact lists within 60 days after receipt, or such shorter time as may be required by law
  • Mobile devices. We may occasionally send you push notifications through our mobile applications with notices that may be of interest to you. You may at any time opt out from receiving these types of communications by changing the settings on your mobile device. We may also collect location-based information if you use our mobile applications. You may opt out of this collection by changing the settings on your mobile device.
  • Human resources data. With regard to Personal Information that Figma receives in connection with the employment relationship, Figma will use such Personal Information only for employment-related purposes as more fully described above. If Figma intends to use this Personal Information for any other purpose, Figma will notify the Individual and provide an opportunity to opt out of such uses
  • “DO NOT TRACK”. Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
  • Cookies and interest-based advertising. As noted above, you may stop or restrict the placement of cookies on your computer or remove them from your browser by adjusting your web browser preferences. Please note that cookie-based opt-outs are not effective on mobile applications. However, on many mobile devices, application users may opt out of certain mobile ads via their device settings. The online advertising industry also provides websites from which you may opt out of receiving targeted ads from our data partners and our other advertising partners that participate in self-regulatory programs. You can access these, and also learn more about targeted advertising and consumer choice and privacy, at www.networkadvertising.org/managing/opt_out.asp, or http://www.youronlinechoices.eu/ and www.aboutads.info/choices/. You can also choose not to be included in Google Analytics here. To be clear, whether you are using our opt-out or an online industry opt-out, these cookie-based opt-outs must be performed on each device and browser that you wish to have opted-out. For example, if you have opted-out on your computer browser, that opt-out will not be effective on your mobile device. You must separately opt out on each device. Advertisements on Third-Party websites that contain the AdChoices link and that link to this Privacy Policy may have been directed to you based on anonymous, non-Personal Information collected by advertising partners over time and across websites. These advertisements provide a mechanism to opt out of the advertising partners’ use of this information for interest-based advertising purposes

International Data Transfers

You agree that all Personal Information collected via or by Figma may be Personal Information transferred to, Processed, and stored anywhere in the world, including but not limited to, United States, the European Union, in the cloud, on our servers, on the servers of our affiliates or the servers of our service providers. Your Personal Information may be accessible to law enforcement or other authorities pursuant to a lawful request. By providing information to Figma, you explicitly consent to the storage of your Personal Information in these locations.

International Users

By using the Services, Figma may transfer data to jurisdictions outside of the United States. By choosing to visit the Site, utilize the Services or otherwise provide information to us, you agree that any dispute over privacy or the terms contained in this Privacy Policy will be governed by the laws of California and the adjudication of any disputes arising in connection with Figma or the Site will be in accordance with the Terms.

If you are visiting from the European Union or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your information to the United States and to Processing of your data globally. By providing your Personal Information, you consent to any transfer and Processing in accordance with this Policy.

Data Retention

We retain the Personal Information we receive as described in this Privacy Policy for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.

How Long We Keep Information

How long we keep information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.

  • Account information: We retain your account information until you delete your account. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations and to continue to develop and improve our Services. Where we retain information for Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyze personal characteristics about you.
  • Information you share on the Services: If your account is deactivated or disabled, some of your information and the content you have provided will remain in order to allow your team members or other users to make full use of the Services. For example, we continue to display comments and other content you provided.
  • Managed accounts: If the Services are made available to you through an organization (e.g., your employer), we retain your information as long as required by the administrator of your account. For more information, see "Managed accounts and administrators" above.
  • Marketing information: If you have elected to receive marketing emails from us, we retain information about your marketing preferences unless you specifically ask us to delete such information. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.

Our Policy Toward Children

Our Services are not directed to children under 13, or other age as required by local law. We do not knowingly collect Personal Information from children under 13, or other age as required by local law. If you learn that your child has provided us with Personal Information without your consent, you may alert us at support@figma.com. If we learn that we have collected any Personal Information from children under 13 (or other age as required by local law), we will promptly take steps to delete such information and terminate the child’s account.

Changes to Privacy Policy

Any information that we collect is subject to the privacy policy in effect at the time such information is collected. We may, however, modify and revise this Privacy Policy from time to time. You understand and agree that you will be deemed to have accepted the updated Privacy Policy if you use the Services after the updated Privacy Policy is posted on the Services. If at any point you do not agree to any portion of the Privacy Policy then in effect, you must immediately stop using the Services.

  • Revision to the Privacy Policy. We may revise this Privacy Policy in our sole discretion, so review it periodically. If you continue to visit this Site and use the services made available to you after such changes have been made, you hereby provide your consent to the changes.
  • Posting of Revised Privacy Policy. If there are any material changes to this Privacy Policy, Figma will notify you by email or as otherwise required by applicable law. We will post any adjustments to the Privacy Policy on this web page, and the revised version will be effective immediately when it is posted (or upon notice as applicable). If you are concerned about how your information is used, bookmark this page and read this Privacy Policy periodically.
  • New Uses of Personal Information. Additionally, before we use Personal Information for any new purpose not originally authorized by you, we will endeavor to provide information regarding the new purpose and give you the opportunity to opt out. Where consent of the Individual for the Processing of Personal Information is otherwise required by law or contract, Figma will endeavor to comply with the law or contract.

California Privacy Rights

California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the Third Parties to whom we have disclosed their Personal Information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of Personal Information disclosed to those parties. Except as otherwise provided in this Privacy Policy, Figma does not share Personal Information with Third Parties for their own marketing purposes.

Definitions

The following capitalized terms shall have the meanings herein as set forth below.

  • “Employee” refers to any current, temporary, permanent, prospective or former employee, director, contractor, worker, or retiree of Figma or its subsidiaries worldwide.
  • “Personal Information” is any information relating to an identified or identifiable natural person (“Individual”).
  • “Process” or “Processing” means any operation which is performed upon Personal Information, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
  • “Sensitive Data” or “Sensitive Personal Information” is a subset of Personal Information which, due to its nature, has been classified by law or by policy as deserving additional privacy and security protections. Sensitive Personal Information includes Personal Information regarding EU residents that is classified as a “Special Category of Personal Data” under EU law, which consists of the following data elements: (1) race or ethnic origin; (2) political opinions; (3) religious or philosophical beliefs; (4) trade union membership; (5) genetic data; (6) biometric data where Processed to uniquely identify a person; (6) health information; (7) sexual orientation or information about the Individual’s sex life; or (8) information relating to the commission of a criminal offense.
  • “Third Party” is any company, natural or legal person, public authority, agency, or body other than the Individual or Figma.

Questions?

Please contact us at support@figma.com if you have any questions about our Privacy Policy.