Skip to main content

Your data belongs to you

Simple as that. Everything you create in Figr—your designs, product context, user flows—it’s all yours. We don’t sell it. We don’t train our AI models on your proprietary designs to make someone else’s experience better. Your competitive edge stays yours.
Security first: Every aspect of Figr is designed with data protection in mind, from our infrastructure architecture to our development practices and employee training.

What we don’t do with your data

Your proprietary designs never become training data for models serving other customers. Model isolation is strict. What you build in Figr stays in your account.
Never have. Never will. Your customer information, analytics, design systems—none of it gets sold to third parties.
Generated designs remain private to your workspace. Other Figr users can’t see what you’re building. AI interactions are logged only for your audit trail.

How we protect your data

Encryption everywhere

All your data is encrypted both in transit and at rest. We use AES-256 encryption for storage and TLS/HSTS for everything moving between you and our servers. No exceptions.

Access controls that actually work

Only team members who absolutely need access get it. And even then:
  • Multi-factor authentication (MFA) required
  • Every access is logged and monitored
  • Least privilege principle enforced
  • Automated revocation when someone leaves

You control everything

You decide who sees what. You can:
  • Set granular permissions across your org
  • Export your data anytime
  • Delete it whenever you want
  • Track every change through audit logs

Security infrastructure

Where we host

U.S.-based AWS facilities with 24/7 physical security and access monitoring.

Compliance

SOC 2 Type II certified. Annual audits plus quarterly internal assessments and penetration testing.

Development security

Every code change is peer-reviewed, tracked in GitHub, and passes security review before production.

Incident response

Documented procedures with defined SLAs. You’re notified within 72 hours of any confirmed incident.

For enterprise teams

Need more control? We’ve got you covered.
  • Identity management
  • Audit trails
  • Custom security
  • Private deployment
SAML 2.0 integration with Okta, Azure AD, and Google Workspace.Single sign-on means your team uses the same credentials they already know.

Want the full security picture?

Security overview

Complete details on our infrastructure, compliance, and security practices.

Privacy policy

How we handle your data, your rights, and our commitments.
Enterprise customers: Request our security package including SOC 2 report, security questionnaire responses, and technical architecture overview.

Questions?

If you need specific security documentation or have compliance questions, reach out to our security team at hi@figr.design.