Skip to main content

Figma Security and Compliance

Figma empowers teams to build better products, with enterprise-grade security every step of the way. Our dedicated Security team makes sure your data is protected and your security and compliance obligations are met through continuous audits, privacy safeguards, and a robust security infrastructure.

Trusted by teams at

  • atlassian logo
  • braintree logo
  • dribbble logo
  • github logo
  • microsoft logo
  • one medical logo
  • slack logo
  • the new york times logo
  • zoom logo
  • walgreens logo
  • airbnb logo
  • asana logo
  • basic logo
  • coinbase logo
  • dropbox logo
  • herman miller logo
  • rakuten logo
  • vodafone logo
ImageImage

Find what you need in the Figma Trust Center

Figma maintains a Trust Center where you can find answers to frequently asked questions, explore our extensive security practices, and access and download our compliance documentation—like an SOC 2 Type II report or an ISO 27001 Certificate.

Visit Figma's Trust Center

Certifications and Attestations

Learn more about Figma’s certifications, frameworks, and compliance programs—all meticulously designed to safeguard our customers’ data and privacy.

1 of 6

ImageImage

SOC 2 Type 2 / SOC 3

SOC 2 Type 2 / SOC 3

Figma has an SOC 2 Type 2 report that shows our commitment to protecting customer data through robust security, availability, and confidentiality controls that align with the AICPA Trust Services Criteria.

Visit Figma's Trust Center
ImageImage

SOC 2 Type 2 / SOC 3

Figma has an SOC 2 Type 2 report that shows our commitment to protecting customer data through robust security, availability, and confidentiality controls that align with the AICPA Trust Services Criteria.

Visit Figma's Trust Center
ImageImage

ISO27001/ISO27701/ISO27017/ISO27018

The International Organization for Standardization (ISO) has crafted a series of standards for information and societal security, designed to assist organizations in creating dependable and trustworthy products and services. Figma has certified its product and services against ISO/IEC 27001:2022 and ISO/IEC 27018:2019.

Visit Figma's Trust Center
ImageImage

EU Cloud Code of Conduct: Level 2

The EU Cloud Code of Conduct translates GDPR requirements into practical guidelines for Cloud Service Providers, offering cloud-specific approaches, recommendations, and a roadmap that aligns with GDPR and international standards like ISO 27001 and ISO 27018.

Visit Figma's Trust Center
ImageImage

Trusted Information Security Assessment Exchange (TISAX)

Trusted Information Security Assessment Exchange (TISAX) is a European automotive industry-standard information security assessment (ISA) catalog based on key aspects of information security and requirements from the international standard ISO 27001.

Visit Figma's Trust Center
ImageImage

PCI-DSS (Merchant)

The Payment Card Industry Data Security Standard (PCI-DSS) is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. PCI-DSS applies to both merchants and service providers that store, process, or transmit cardholder data (via one of the five card issuers above). As a Merchant, Figma is PCI-DSS compliant and completes an annual PCI Self-Assessment Questionnaire (SAQ) A.

Visit Figma's Trust Center
ImageImage

Cloud Security Alliance (CSA) STAR: Level 1

The Cloud Security Alliance (CSA) is a not-for-profit organization that promotes best practices for security assurance within cloud computing, and offers a Security, Trust, and Assurance Registry (STAR) program designed for cloud providers to document their security controls. At least annually, Figma completes the Consensus Assessments Initiative Questionnaire (CAIQ) based on the Cloud Controls Matrix (CCM) in order to provide customers with assurance over our security and compliance posture, including the regulations, standards, and frameworks they adhere to. We highly encourage customers and prospects to download and review our CAIQ prior to requesting us to fill out a custom security questionnaire.

Visit Figma's Trust Center

Add extra control with Governance+

For even more protection, the Governance+ add-on for Figma Enterprise gives you centralized controls like IP allowlisting, network restrictions, enforced 2FA, and extended idle session timeouts.

Learn more about Governance+
ImageImage

Your privacy rights are important to us

Figma ensures all personal data complies with the EU’s GDPR and the California Consumer Privacy Act (CCPA). Please visit Figma’s Privacy & Trust Center to learn more.

Read about Figma Security

ImageImage

Enforcing device trust on code changes

Here's how the Figma security engineering team leveraged commit signatures and Okta Device Trust certificates to protect GitHub release branches.

Explore how

ImageImage

Figma participates in TISAX assessment for the European automotive industry

At Figma, we love helping our customers build standout products—no matter their industry. TISAX gives product designers peace of mind, knowing their design work is securely managed and strictly compliant.

Read more

ImageImage

Server-side sandboxing: Containers and seccomp

Containers and secure computing mode (seccomp) are sandboxing primitives that offer a lighter weight alternative to virtual machines (VMs). Here we cover the differences between them, and how we use both at Figma to achieve security isolation.

Read more

Explore Figma for your organization

Contact Sales