🔙 BACK

Secure software, by design

Every line of code in data.to.design has been written with your security in mind. We use the very latest framework releases, reuse tried and tested modules, and apply fundamental security considerations to every aspect of software design and development. We also frequently review and test our software to keep it ahead of emerging threats.

We’re continuously improving our internal processes and security measures to ensure complete platform assurance, and we actively pursue certification to national and global best practice security standards.

Furthermore, for everyone who works at data.to.design, we ensure there are several layers of controls that individuals must go through to access customer data.

Figma plugins background

Before discussing our secure methods of storing data for data.to.design, it’s useful to have a background on the security principles of Figma plugins.

Figma seeks to ensure that plugins can:

• Only be run by an explicit user action
• Show UI in a single plugin-specific dialog
• Read any data in your Figma document (e.g. a “find layer by name” plugin)
• Modify any data in your Figma document (e.g. a “rename selected layers” plugin)
• Communicate with any server over the internet (e.g. an “import from service X” plugin)

Figma seeks to ensure that plugins can’t:

• Run by themselves
• Get information about the project or team that owns the file
• Access anything when they aren’t running
• Access data from any files other than the file they were run in
• Change Figma’s UI outside of the plugin UI dialog