How does Figma approach GDPR?

The General Data Protection Regulation (GDPR), is a European privacy law approved by the European Commission in 2016 that went into effect May 25th 2018. Figma complies with GDPR, and we have compiled a list of resources that may be helpful to you here:

At Figma, we strongly believe that the security of your data is important. Learn more about security practices at Figma →

Figma offers a Data Protection Addendum, which any customer can execute by signing and sending to privacy@figma.com. The DPA reflects GDPR mandated requirements for the Figma - Customer relationship. Lean more about Figma’s DPA here →

Figma participates in the EU-U.S. Data Privacy Framework, Swiss-U.S. Data Privacy Framework, and the UK Extension to the EU-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union and Switzerland to the United States. 

Review Figma’s Data Privacy Framework certification → 

Learn more in Figma's Privacy Policy →

For transfers of EU personal data to other third party countries Figma relies on the EC’s Standard Contractual Clauses (SCCs), which are incorporated into our DPA document. 

To support delivery of our Services, Figma, Inc. may engage and use data processors with access to certain Customer Data (each, a "Sub-processor").  You can read about each of our Sub-processors and sign up for email notifications about new Sub-processors on our Sub-processors page. Learn more about our Sub-processors →

If you have any questions or concerns regarding how we protect their personal data, please don’t hesitate to submit a request through our contact form.

Want to delete your Figma account? Check out our Delete your Figma account article for more information and step-by-step instructions.