Skip to main content

Figma Legal

The information provided here is for Figma customers and users who have questions about our terms, policies, intellectual property, and compliance.

Candidate Privacy Notice

Issued: March 25, 2025

1. Introduction

We respect the privacy rights of individuals and are committed to handling personal information responsibly and in accordance with applicable law. It is important that you read all of this Notice carefully as it sets out how Figma group companies ("Figma", "our", "we" or "us") handles your personal information when you apply for a job or other role with us and the rights you have in connection with that information. The term "applicants" is used in this Notice to refer to anyone who applies for a job role, or who otherwise seeks to carry out work with or for us (whether on a permanent or non-permanent basis). The term “personal information” is used in this Notice to refer to information that identifies or could reasonably identify you, subject to definitions in applicable data protection laws.

If you are in any doubt, or have any comments or questions about this Notice, please contact us using the contact details set out at Section 8 below.

This Notice does not form part of any employment contract or contract to provide services. This Notice does not apply to our handling of information gathered about you in your role as a user of our services. If you interact with us in that role, the privacy policy associated with the relevant service applies.

2. Types of personal information we collect when you apply

Information that we collect automatically

When you visit the Careers section of our website ("Website") and search for jobs or otherwise use our Website, we collect certain information automatically from your device. How we collect, use, and disclose this information is covered in Figma’s Privacy Policy, which applies to the use of our Website. This Notice does not apply to the use of our Website.

Personal Information collected from you

The types of personal information we collect and process when you apply for a role with Figma may include (but is not limited to) the below:

  • Identification data and contact details – including your name, address, email address, phone number, pronouns, and other contact information, gender, date of birth, nationality/ies, national identifiers (such as national ID/passport, social security number(s)).
  • Employment history – such as previous employers and job titles/positions.
  • Professional and education information – such as academic/professional qualifications, job qualifications, education, details included in your CV/résumé (which might include details of any memberships or interests constituting sensitive personal information), skills, achievements, organizations in which you are/were involved, transcripts, and employment references.
  • Details of your immigration/visa status and work authorization.
  • Previous applications/roles (information relating to previous applications you have made to the Figma Group and/or any previous employment history with the Figma Group).
  • Audio-visual information such as video captured by CCTV devices if you come to Figma’s offices for an interview, or recordings or transcripts of virtual interviews.
  • Other information you voluntarily provide throughout the process, including through assessment exercises and interviews.

As a general rule, during the recruiting process, we try not to collect or process any of the following: information that reveals your racial or ethnic origin, religious, political or philosophical beliefs or trade union membership; genetic data; biometric data for the purposes of unique identification; information concerning your health/sex life; or government identification information, such as social security number, government ID, or passport ("Sensitive Personal Information"), unless authorized by law or where necessary to comply with applicable laws.

However, in some circumstances, we may need to collect, or request on a voluntary disclosure basis, some Sensitive Personal Information for legitimate recruiting-related purposes: for example, information about your racial/ethnic origin, gender and disabilities for the purposes of equal opportunities monitoring, to comply with anti-discrimination laws and for government reporting obligations; information about your physical or mental condition to consider accommodations for the recruiting process and/or subsequent job role; information about your government identification for legal compliance, payroll, benefits, tax, and immigration purposes; or information about your pronouns, so we can refer to you in the way you prefer. You may provide, on a voluntary basis, other Sensitive Personal Information during the recruitment process. We collect and process such information only for our legitimate business purposes and do not process such information for purposes for which the “right to limit” applies under the California Consumer Privacy Act (“CCPA”).

Personal information collected from other sources

We may also collect personal information from other sources in connection with recruiting (in accordance with applicable law), including:

  • Information provided by referees.
  • Other background information provided or confirmed by academic institutions and training or certification providers.
  • Criminal records data obtained through criminal records checks.
  • Information provided by background checking agencies and other external database holders (for example, professional / other sanctions registries).
  • Information provided by recruiting or executive search agencies.
  • Information collected from publicly available sources, such as LinkedIn or other information available online.

3. Purposes for processing personal information

We collect and use this personal information primarily for recruiting purposes – in particular, to determine your qualifications for employment and to reach a hiring decision. This includes assessing your skills, qualifications and background for a particular role, verifying your information, carrying out reference checks or background checks (where applicable) and to generally manage the hiring process and communicate with you about it.

If you are accepted for a role at Figma, the information collected during the recruiting process will form part of your ongoing staff member record and will be processed in accordance with Figma’s People Privacy Notice.

If you are not accepted for a role at Figma, we may still keep your application to allow us to consider you for other suitable openings within Figma in the future unless you request that we delete your application.

We may also process your personal information for the following purposes, as applicable:

  • Safeguarding Figma and the services, including the protection of Figma, our workforce, users, partners, and others.
  • Legal compliance and assistance, such as complying with anti-bribery, tax, social security and immigration obligations, and responding to and cooperating with legal or regulatory requests and investigations; and seeking legal advice and representation.
  • Exercising our legal rights, including seeking legal advice from our external lawyers or in connection with litigation with a third party.
  • At your request, in order to fulfill your instructions.
  • For any other legally permitted purpose, subject to your consent, where legally required.

4. How we disclose and transfer your personal information

We may disclose your personal information to the following types of entities and in the following circumstances, where applicable:

  • We will disclose your personal information to other members of Figma's Group around the world, including in order to administer our recruitment processes and store data.
  • We may disclose certain personal information to third parties who provide services relating to the recruitment process to us (including providers of virtual interview transcription and recording services).
  • Recruiters, to the extent you are working with a recruiter in connection with your application and your recruiter is authorized by you to receive information about you and the application process.
  • Where you have provided your consent.
  • To comply with our legal obligations, including where necessary to abide by law, regulation or contract, or to respond to a court order, administrative or judicial process, including, but not limited to, a subpoena, government audit or search warrant.
  • In response to lawful requests by public authorities (including for tax, immigration, health and safety, national security or law enforcement purposes).
  • As necessary to establish, exercise or defend against potential, threatened or actual legal claims.
  • Where necessary to protect your vital interests or those of another person.
  • In connection with the sale, assignment or other transfer of all or part of our business.

In some cases, the disclosures described above may result in your personal information being transferred internationally, including from the European Economic Area or Canada to other countries. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).

Specifically, our group companies, affiliated companies and vendors operate around the world. This means that when we collect your personal information we may process it in any of these countries.

However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Notice. These include:

  • implementing the European Commission’s Standard Contractual Clauses (under Article 46.2 of the General Data Protection Regulation).
  • complying with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. See below section for further information.
  • performing appropriate diligence to determine that the recipient entity will process your personal information at the same level of protection as that afforded to you under the laws in your country.

Data Privacy Framework Statement

Figma has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Figma has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. The FTC has jurisdiction over Figma’s compliance with EU-U.S. DPF, and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

In the context of an onward transfer Figma has responsibility for the Processing of Personal Information it receives under the DPF Principles and subsequently transfers to a third party acting as an agent on its behalf. Figma shall remain liable under the DPF Principles if its agent Processes such Personal Information in a manner inconsistent with the DPF Principles, unless Figma proves that it is not responsible for the event giving rise to the damage.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Figma commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.

If your complaint cannot be resolved through the above channels, there may be a possibility, under certain conditions, for you to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms, see Annex I for additional information: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

5. Legal basis for processing personal information

Under applicable data protection law, our legal basis for processing your personal information as part of the recruitment process is:

  • our legitimate interests (as summarised above in Section 3) (which are not overridden by your data protection interests or fundamental rights and freedoms, particularly taking into consideration the safeguards that we put in place, for example, those outlined in Section 4 above);
  • to comply with applicable immigration and/or employment laws and regulations;
  • to take steps prior to entering an employment contract with you, where you are considered for employment;
  • in circumstances where you have made the data public;
  • where we have your consent to do so. Where we have requested your consent to process your personal data, you have the right to withdraw your consent at any time;
  • to protect the rights and interests of Figma's Group, our employees, applicants and others, as required and permitted by applicable law.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided in Section 8 below.

6. Data retention periods

Personal information will be stored in accordance with applicable laws and kept as long as needed to carry out the purposes described in this Notice or as otherwise required by applicable law. Generally this means your personal information will be retained:

  • in accordance with the retention periods set out in Figma's People Privacy Notice (if you are ultimately employed or engaged by Figma); or
  • for a set period after confirmation that your application was unsuccessful, unless you request that we delete your application.

7. Your information rights

Depending on the jurisdiction where you live, you may have certain rights regarding your personal information, which may include the right to request that we:

  • Provide you with access to or a copy of certain personal information we hold about you;
  • Correct or update personal information we hold about you;
  • Delete certain personal information we hold about you;
  • Inform you about the categories of personal information we collect or disclose about you; the categories of sources of such personal information; the business or commercial purpose for collecting such personal information; and the categories of third parties to which we disclose such personal information; or
  • Opt you out of the processing of your personal information for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects (note that we do not engage in such processing with respect to applicant information).

Also depending on your jurisdiction of residence, you may have the right to:

  • Object to certain processing of your personal information, ask us to restrict certain processing of your personal information or request portability of your personal information, and/or
  • Withdraw your consent at any time to our processing of personal information that is based on your consent. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Please note that certain information may be exempt from such requests under applicable law. For example, we may retain your personal information if it is reasonably necessary for us or our service providers to provide a service that you have requested, comply with law, detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for that activity. If you ask us to delete such information, we may deny your request. We may take reasonable steps to verify your identity before responding to a request, which may include, depending on the sensitivity of the information you are requesting and the type of request you are making, verifying your name and email address (at a minimum). If we cannot verify your identity, we may be unable to respond to your requests. As provided in applicable law, you have the right to not be discriminated against for exercising your rights regarding your personal information.

California law places certain obligations on businesses that “sell” personal information to third parties or “share” personal information with third parties for “cross-context behavioral advertising” as those terms are defined under the CCPA. We do not “sell” or “share” the personal information covered by this Notice and have not done so in the twelve months prior to the effective date of this Notice.

If you have concerns about our processing of your personal information, we encourage you to reach out to us first. However, you also have the right to complain to the data protection authority for your jurisdiction about our handling of your personal information. For more information, please contact your local data protection authority. (Contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries are available here.)

To exercise one of the rights above, you or your authorized agent may contact us using the contact details set forth below. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. We reserve the right not to respond to any request to which we are not legally required to respond.

8. Contact details

If you have any questions, complaints or requests relating to this Candidate Privacy Notice or Figma’s information handling practices, you may email us at privacy@figma.com or contact us in writing at:

Figma, Inc. Legal Department

760 Market Street, Floor 10 San Francisco, CA 94102

Figma uses Privacy Crowd Limited as its designated Data Protection Officer. To contact our DPO please email privacy@figma.com.