We would like to start off by saying we respect your privacy and take significant efforts to protect all your data and we would never do anything with your data that we wouldn’t be proud to tell the world about. We are honored that you trust us for your work, and take the responsibility to serve you seriously.
Figma’s services are all hosted in Amazon Web Services facilities in the USA. All of our servers live within our own virtual private clouds (VPCs) with rules that prevent unauthorized requests from entering our network. Figma services have been built with disaster recovery in mind. All of our infrastructure is spread across 3 AWS data centers (availability zones) and will continue to work should any one of those data centers fail unexpectedly.
Figma saves a history of previous versions of files, and allows you to restore them for up to 30 days. Extended version history is available with a Professional Team or Enterprise plan; you can learn more here.
Figma offers users the ability to enable two-factor authentication for their Figma accounts.
All data exchanged with Figma is always transmitted over TLS.
All customer data is encrypted at rest using AES-256 encryption.
We employ a team of 24/7/365 server specialists at Figma who keep an eye on our service. All actions taken on production consoles are logged.
Figma enables permission levels to be set for any employees with access to Figma. No Figma employees ever access a customer's files unless required to for support reasons, with permission from the customer. Figma works with an industry security team to keep our users and their work safe.
Figma does not store any of your credit card information on our servers. All payment processing is handled by Stripe.
We deeply appreciate any effort to disclose vulnerabilities responsibly. If you would like to report a vulnerability, or have any security concerns, please e-mail firstname.lastname@example.org.