Figma shared responsibility security model

Figma responsibilities

Figma is responsible for the security and availability of the underlying service. Specifically, this includes, but is not limited to, security patching, customer data encryption, security event logging and monitoring, incident management and service uptime monitoring.

Customer responsibilities

The Customer is responsible for using and calibrating the Figma service, including its security features, appropriately.

Example of things that the Customer is responsible for include,

  • providing complete and accurate information to Figma,
  • ensuring the security of devices used to access the service,
  • setting up user authentication appropriately,
  • managing which users have access to the service and design files,
  • reporting security issues and
  • managing security of any other applications or integrations used in customer environment including third party apps and plugins installed in their organization that use Figma official APIs.