Privacy Notice

Last Updated: November 7, 2025

What Data We Collect

Our Figma plugin collects minimal data necessary for its functionality:

  • Design Data: CSS variables, component information, text elements, and node properties from your Figma designs - all processed locally within your browser
  • GitLab Integration Settings: Project ID, repository URL, file paths, and branch names you provide
  • Authentication Token: Your GitLab personal access token (encrypted before storage)
  • Settings Preferences: Your configuration choices for the plugin

We do NOT collect: Personal information, email addresses, usage analytics, tracking data, or any telemetry information.

How Figma Plugin Data is Handled

  • All design data extraction and processing happens locally in your browser
  • No design data is transmitted to external servers
  • Settings can be stored in two ways:
    • Personal Storage: Private to you, not shared with team members
    • Document Storage: Can be shared with team members (you choose)
  • All caches are temporary and cleared automatically after 5-10 minutes

GitLab Integration Permissions

When you connect to GitLab, the plugin requires:

  • API Access: Using your personal access token
  • Repository Write Access: To create commits, branches, and merge requests
  • Repository Read Access: To verify project information and file paths

The plugin ONLY communicates with GitLab when you explicitly initiate an action (e.g., creating a merge request).

Data Retention Policies

  • Temporary Caches: Automatically cleared after 5-10 minutes
  • Stored Settings: Retained until you manually clear them
  • Error Logs: Kept in memory only (maximum 100 entries, not persisted)
  • No Long-term Storage: We don't maintain any databases or external storage

Your Rights

You have complete control over your data:

  • Access: View all stored settings directly in the plugin interface
  • Deletion: Clear all data instantly using the "Reset All Settings" option
  • Portability: Export your generated CSS/code at any time
  • Control: Choose whether to save tokens and share settings with your team

Security Measures

  • GitLab tokens are encrypted using Web Crypto API before storage
  • Input validation prevents injection attacks
  • Sensitive information is removed from error messages
  • All operations have timeout protection

Contact Information

For privacy-related questions or concerns:

Changes to This Policy

We will notify users of any material changes to this privacy notice through the plugin interface or our website.

Summary

This privacy notice reflects that your plugin:

  • Operates with minimal data collection
  • Processes everything locally
  • Only communicates with GitLab (when user-initiated)
  • Provides full user control over data
  • Implements security best practices
  • Contains no tracking or analytics