Privacy Policy

Last updated: December 20, 2025

GitFig ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our Figma plugin and related services.

1. Information We Collect

Account Information

When you authenticate with GitHub through our plugin, we collect:

• Your GitHub username and user ID
• Your GitHub email address (as provided by GitHub)
• OAuth access tokens to interact with GitHub on your behalf

Usage Information

We collect information about how you use GitFig:

• Figma file IDs that you connect to repositories
• Repository names and branches you sync with
• Sync history (timestamps, success/failure status)
• File mapping configurations

Waitlist Information

If you join our waitlist, we collect:

• Your email address
• The source of your signup (e.g., landing page)

2. How We Use Your Information

We use the information we collect to:

• Provide and maintain the GitFig service
• Authenticate you with GitHub and perform sync operations
• Store your repository connections and sync preferences
• Send you updates about GitFig (if you joined the waitlist)
• Improve our service and fix bugs
• Respond to your support requests

3. Data Storage and Security

Where We Store Data

• Figma Plugin Storage: Your GitHub OAuth token is stored in Figma's encrypted clientStorage, accessible only to you.
• Our Database: Account information, repository links, and sync history are stored in Supabase (PostgreSQL) with encryption at rest.
• OAuth Server: Hosted on Vercel with HTTPS encryption.

Security Measures

We implement industry-standard security measures including:

• HTTPS encryption for all data in transit
• Encrypted storage for sensitive data at rest
• GitHub webhook signature verification
• OAuth 2.0 Device Flow for secure authentication

4. Third-Party Services

GitFig integrates with the following third-party services:

• GitHub: For repository access and OAuth authentication. See GitHub's Privacy Statement.
• Figma: The plugin runs within Figma's environment. See Figma's Privacy Policy.
• Supabase: For database hosting. See Supabase's Privacy Policy.
• Vercel: For hosting and analytics. See Vercel's Privacy Policy.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide services. You can request deletion of your data at any time by contacting us.

• Account data: Retained until you request deletion
• Sync history: Retained for 90 days, then automatically purged
• Waitlist emails: Retained until you unsubscribe or request deletion

6. Your Rights

You have the right to:

• Access: Request a copy of the data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data
• Revoke Access: Revoke GitFig's access to your GitHub account at any time through GitHub's settings

To exercise these rights, contact us at privacy@gitfig.com.

7. Children's Privacy

GitFig is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

9. Contact Us

If you have any questions about this Privacy Policy, please contact us:

• Email: privacy@gitfig.com