Figma is committed to providing users with control over their own data, to securing customer data against unauthorized access, and to protecting users’ privacy. In accordance with this commitment Figma complies with the following principles in responding to third party requests, including requests by governmental entities, for Customer Personal Data:

1. Figma will retain and, as appropriate, consult with expert legal counsel regarding all third-party requests for customer data.

2. Figma seeks to refer each government request promptly to the relevant customer or user so that the customer or user can respond directly.

3. If the government declines to redirect its request to the relevant customer, Figma will provide the customer with prompt notice of the request unless it is legally prohibited from doing so.

4. If Figma is prohibited from providing prompt notice of a request to a customer, Figma provides such notice as soon as the prohibition expires or is no longer in effect.

5. Figma publishes and annually updates a Transparency Report that provides customers with information regarding the number and types of government requests for customer data it receives and how it responds to them.

6. Figma assesses the legality of all such requests and complies with requests only if and to the extent it assesses that they are valid, lawful and compulsory.

7. Figma will decline to comply with and undertake reasonable efforts to contest any request it determines is not absolutely required by applicable law, including any non-valid request under FISA 702 or U.S. Executive Order 12333.