Skip to main content

Figma Security and Compliance

Figma empowers teams to build better products, with enterprise-grade security every step of the way. Our dedicated Security team makes sure your data is protected and your security and compliance obligations are met through continuous audits, privacy safeguards, and a robust security infrastructure.

Visit Figma's Trust CenterContact sales

Trusted by teams at

  • atlassian logo
  • braintree logo
  • dribbble logo
  • github logo
  • microsoft logo
  • one medical logo
  • slack logo
  • the new york times logo
  • zoom logo
  • walgreens logo
  • airbnb logo
  • asana logo
  • basic logo
  • coinbase logo
  • dropbox logo
  • herman miller logo
  • rakuten logo
  • vodafone logo

[@portabletext/react] Unknown block type "span", specify a component for it in the `components.types` prop

Figma maintains a Trust Center where you can find answers to frequently asked questions, explore our extensive security practices, and access and download our compliance documentation. Learn more about Figma’s certifications, frameworks, and compliance programs—all meticulously designed to safeguard our customers’ data and privacy.

  • SOC 2

    Figma has an SOC 2 Type 2 report that shows our commitment to protecting customer data through robust security, availability, and confidentiality controls that align with the AICPA Trust Services Criteria.

    Learn more

  • SOC 3

    Figma has an SOC 3 report that shows our commitment to protecting customer data through robust security, availability, and confidentiality controls that align with the AICPA Trust Services Criteria.

    Learn more

  • ISO 27001+

    • ISO 27017
    • ISO 27018
    • ISO 27701

    Figma has certified its product and services against ISO/IEC 27001:2022 and ISO/IEC 27018:2019.

    Learn more

  • EU Cloud Code of Conduct

    The EU Cloud Code of Conduct translates GDPR requirements into practical guidelines for Cloud Service Providers, offering cloud-specific approaches, recommendations, and a roadmap that aligns with GDPR and international standards like ISO 27001 and ISO 27018.

    Learn more

  • C5 Cloud Computing Compliance Criteria Catalogue

    The Cloud Computing Compliance Controls Catalogue (C5) certification exists to meet rigorous, German government–backed standards for security, transparency, and operational resilience, providing independent assurance for regulated and public-sector customers, especially in Germany and the EU.

    Learn more

  • TISAX

    Trusted Information Security Assessment Exchange (TISAX) is a European automotive industry-standard information security assessment (ISA) catalog based on key aspects of information security and requirements from the international standard ISO 27001.

    Learn more

  • Cloud Security Alliance (CSA)

    At least annually, Figma completes the Consensus Assessments Initiative Questionnaire (CAIQ) based on the Cloud Controls Matrix (CCM) in order to provide customers with assurance over our security and compliance posture, including the regulations, standards, and frameworks they adhere to.

    Learn more

  • FedRAMP Authorized

    FedRAMP (Federal Risk and Authorization Management Program) is a U.S. government program that standardizes security assessment, authorization, and continuous monitoring for cloud products and services, ensuring they meet federal cybersecurity requirements before agencies can use them.

    Learn more

Bug Bounty and Uptime

Learn more about Figma's Bug Bounty program and Uptime status

Bug BountyUptime

Add extra control with Governance+

For even more protection, the Governance+ add-on for Figma Enterprise gives you centralized controls like IP allowlisting, network restrictions, enforced 2FA, and extended idle session timeouts.

Learn more about Governance+