Figma Support Forum

GDPR and European clients

Figma is based in the US and they are legally basing the transfer of personal information from the EU to the US on the now defunct “Privacy Shield”.

Neither their Terms of Service nor their privacy policy refer to the still “valid” Standard Contractual Clauses – which are used by the likes of HubSpot, Google etc., but which are by 100% legal definition are also considered to be invalidated by the EU court privacy shield as we as a company would need to check and ensure that equally appropriate protection of the data is possible in the US. This is not possible based on PATRIOT and CLOUD acts.

Can anyone from Europe state how you are dealing with this matter? Closing your eyes and hoping employees won’t sue you (which really is VERY unlikely) or do you have legal departments accepting these terms and conditions?

I am in the situation where I am not allowed to start using Figma - as the terms and conditions doesn’t make us able to for GDPR and legal reasons. So is a bunch of our sister companies.


We are having the same issues and are planning to openly communicate with our clients. We are also thinking of writing up a document that clients have to sign so we are not liable anymore. But we are still researching. I wonder if Figma is planning to create and use European servers. That would make it a lot easier regarding compliance.