Figma Security

We would like to start off by saying we respect your privacy and take significant efforts to protect all your data and we would never do anything with your data that we wouldn’t be proud to tell the world about. We are honored that you trust us for your work, and take the responsibility to serve you seriously.

Here’s an overview of some of our security practices. As you continue to learn more about Figma we recommend you also review our Terms of Service and Privacy Policy.

Data Storage

Figma’s services are all hosted in Amazon Web Services facilities in the USA. All of our servers live within our own virtual private clouds (VPCs) with rules that prevent unauthorized requests from entering our network. Figma services have been built with disaster recovery in mind. All of our infrastructure is spread across 3 AWS data centers (availability zones) and will continue to work should any one of those data centers fail unexpectedly.

Figma saves a history of previous versions of files, and allows you to restore them for up to 30 days. Extended version history is available with a Professional Team or Enterprise plan; you can learn more here.

2FA

Figma offers users the ability to enable two-factor authentication for their Figma accounts.

Data Transfer

All data exchanged with Figma is always transmitted over TLS.

Encryption

All customer data is encrypted at rest using AES-256 encryption.

Monitoring

We employ a team of 24/7/365 server specialists at Figma who keep an eye on our service. All actions taken on production consoles are logged.

Operational Security

Figma enables permission levels to be set for any employees with access to Figma. No Figma employees ever access a customer's files unless required to for support reasons, with permission from the customer. Figma works with an industry security team to keep our users and their work safe.

Payment / Credit Cards

Figma does not store any of your credit card information on our servers. All payment processing is handled by Stripe.

Vulnerabilities

We deeply appreciate any effort to disclose vulnerabilities responsibly. If you would like to report a vulnerability, or have any security concerns, please e-mail security@figma.com.