SGSaaSGuard
SGSaaSGuard

This is a print-friendly report. Click Print and choose “Save as PDF” in the destination dropdown to download.

SaaSGuard Risk Report

Figma

figma.com

Generated May 21, 2026

Grade

Score: / 100

Executive summary

We analyzed Figma’s Terms of Service across 8 risk dimensions and found 3 flagged clauses across 3 categories. 1 material change detected in the recent crawl history.

Recent material changes

  • 6/18/2024 · severity 4

    Figma removed its explicit no-AI-training pledge and added a clause allowing design files, prototypes, and comments to be used for AI model training. The opt-out is only available to Enterprise tier customers, not Pro or Org plans.

    Professional designers and studios on Pro/Org plans storing unreleased product designs, client branding, and UI systems — only Enterprise customers get an opt-out, and only by contacting a human.

Flagged clauses by category

AI training on your data (1)

  • Severity 4 · material

    By using our Services, you grant us a worldwide, non-exclusive, royalty-free license to use your content to improve our products, including for the training of machine learning models.

    Figma can use anything you put in their product to train their AI models, with no end date and no payment to you.

    If you handle confidential customer data, this clause exposes that data to model training pipelines you do not control.

Auto-renewal traps (1)

  • Severity 3 · notable

    Subscriptions automatically renew at the end of each billing period at the then-current rate unless cancelled.

    Figma renews you at whatever the price is at the time, with no requirement to warn you about increases.

    You can be locked into significantly higher pricing at renewal without explicit consent.

    Matches FTC v. Vonage — settled for $100M (2022)

Right to silently change terms (1)

  • Severity 4 · material

    We reserve the right to modify these Terms at any time. Continued use of the Services constitutes acceptance.

    Figma can change the rules whenever they want, and just continuing to use the product is treated as agreement.

    You have no real veto over future changes. Any clause they add later applies to you retroactively.

Methodology

SaaSGuard uses an automated pipeline: a daily Playwright crawler captures each vendor’s public Terms of Service, Privacy Policy, and DPA. Google’s Gemini 2.5 Flash classifies each clause into one of 8 risk categories with a severity score (1–5). Clauses are cross-referenced against a curated database of real lawsuits and FTC actions via embedding-based similarity matching. Grades are computed from per-category max severity; full source code is available on request.

Built for educational and informational purposes. Not legal advice. Always have your own counsel review SaaS contracts before signing.

View live page →