Figma’s Security Standards
- Certifications: SOC 2 Type 2, SOC 3, CSA STAR Level 1, ISO/IEC 27001:2013, ISO/IEC 27018:2019, EU Cloud COC Level 2.
- Encryption: Data is encrypted both in transit and at rest.
- Access Control: Robust access control mechanisms ensure that only authorized users can access your projects and data.
Local Processing
- In-App Operations: All content creation and editing actions are processed locally within Figma, leveraging Figma’s security measures.
- No External Processing: Ensures no data leaves the Figma environment during these operations.
AWS S3 Storage
- Email templates, including predesigned templates, components, and custom templates, are securely stored on AWS S3 servers.
- Encryption: All object uploads to S3 buckets are encrypted.
- Access Management: S3 Block Public Access prevents unauthorized access.
- Compliance: AWS S3 complies with PCI-DSS, HIPAA/HITECH, FedRAMP, EU Data Protection Directive, and FISMA.
- Auditing: AWS supports numerous auditing capabilities to monitor access requests.
- Design Storage: Designs created in Figma and not saved as custom templates are not uploaded to S3.
- Data Backup: Regular backups ensure data integrity and availability.
Third-Party Integrations
- Secure API Connections: Secure transmission of templates to supported Email Service Providers (ESPs) using official APIs.
- Optional Uploads: Users can choose to upload their templates to ESPs or host images using secure services.
User Privacy and Data Handling
- Minimal Data Collection: Only essential user data is collected, with transparency about how it is used.
- User Control: Users maintain full control over their data within Figma.
Plugin Functionality
- Design and Export: Allows users to design emails in Figma and export them to HTML.
- Optional Features: Provides options to upload templates to ESPs and host images securely.
- Local Downloads: Exported files are downloaded directly to the user’s computer.
Figma Plugin Security
- Sandbox Environment: Plugins run in a controlled sandbox environment within Figma, adhering to strict security protocols.
- Limited Access: Plugins can only access data within the file they are running in and cannot access personal information or other files.
What Email Love Does
- Design Tools: Users can design emails using tools in the plugin.
- Export Options: Export designs to HTML and download them.
- Integration Options: Optionally upload HTML emails to ESP accounts and host images.
- Local Processing: All functionality and code generation occur client-side within the Figma plugin.
What Email Love Doesn’t Do
- No Unauthorized Uploads: Does not upload any data, HTML, or images unless using optional integrations.
- No Unapproved Data Storage: Does not store any data, HTML, or images outside the user’s control unless specified.
- Limited Cloud Processing: All local design and processing occur within Figma, with cloud storage used only for predesigned and custom templates when explicitly saved.

