Last Updated: June 20, 2023
This Privacy Notice is designed to help you understand how Diagram (“we,” “us,” or “our”) collects, uses, and shares your personal information, and to help you understand and exercise your privacy rights.
This Privacy Notice applies to personal information processed by us, including on our websites and other online or offline offerings. To make this Privacy Notice easier to read, our websites and other offerings are collectively called the “Services.”
We may update this Privacy Notice from time to time in our sole discretion. If we do, we’ll let you know by posting the updated Privacy Notice on the Services and/or may also send other communications.
The categories of personal information we collect depend on how you interact with us, our Services, and the requirements of applicable law. We collect information that you provide to us, information we obtain automatically when you use our Services, and information from other sources such as third-party services and organizations, as described below.
We may collect personal information that you provide to us.
Account Information. We may collect personal information in connection with the creation or administration of your account, such as your name, email address, phone number, and any other information that you provide to us or that we otherwise collect.
Submissions. We may collect personal information in connection with any submissions or queries you make to Diagram. We may also collect personal information that is returned in response to your submissions or queries.
Purchases. We may collect personal information and details associated with your purchases, including payment information. Any payments made via our Services are processed by third-party payment processors. We do not directly collect or store any payment card information entered through our Services, but we may receive information associated with your payment card information (e.g., your billing details).
Your Communications with Us. We may collect personal information, such as your name, email address, or phone number when you contact us.
Surveys. We may contact you to participate in surveys. If you decide to participate, we may collect personal information from you in connection with the survey.
Interactive Features. We and others who use our Services may collect personal information that you submit or make available through our interactive features (e.g., collaboration features, messaging or chat features, commenting functionalities, forums, blogs, and social media pages). Any information you provide using the public sharing features of the Services will be considered public. Please exercise care when deciding what to share.
Conferences, Trade Shows, and Other Events. We may collect personal information from individuals when we attend or host conferences, trade shows, and other events.
Business Development and Strategic Partnerships. We may collect personal information from individuals and third parties to assess and pursue potential business opportunities.
Job Applications. We may post job openings and opportunities on our Services. If you respond to one of these postings, we may collect your personal information, such as your application, CV, cover letter, and/or any other information you provide to us.
We may collect personal information automatically when you use our Services.
Automatic Collection of Personal Information. We may collect certain information automatically when you use our Services, such as your Internet protocol (IP) address, user settings, MAC address, cookie identifiers, mobile carrier, mobile advertising and other unique identifiers, browser or device information, location information (including approximate location derived from IP address), and Internet service provider. We may also automatically collect information regarding your use of our Services, such as pages that you visit before, during and after using our Services, items that you search for via the Services, information about the links you click, the types of content you interact with, the frequency and duration of your activities, and other information about how you use our Services.
Cookie Policy (and Other Technologies). We, as well as third parties that provide content, advertising, or other functionality on our Services, may use cookies, pixel tags, and other technologies (“Technologies”) to automatically collect information through your use of our Services.
See “Your Privacy Choices and Rights” below to understand your choices regarding these Technologies.
Third Parties. We may collect personal information from third parties. For example, if you access our Services through a third-party application, we may collect personal information about you from that third-party application that you have made available via your privacy settings.
Referrals and Sharing Features. Our Services may offer various tools and functionalities that allow you to provide personal information about other individuals through a referral or sharing feature.
We use your personal information for a variety of business purposes, including to provide our Services, for administrative purposes, and to market our products and Services, as described below.
We use your personal information to fulfill our contract with you and provide you with our Services, such as:
We use your personal information for various administrative purposes, such as:
We may use personal information to tailor and provide you with marketing. We may provide you with these materials as permitted by applicable law.
If you have any questions about our marketing practices, you may contact us at any time as set forth in “Contact Us” below.
We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information or with your consent.
We also use your personal information for other purposes as requested by you or as permitted by applicable law.
We disclose your personal information to third parties for a variety of business purposes, including to provide our Services, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, as described below.
The categories of third parties with whom we may share your personal information are described below.
Publicly Accessible Information. Certain personal information you make available via the Services may be accessible by the general public. For example, your name may be shown if you post on a public forum or write a review.
Other Third Parties You Share or Interact With. The Services may allow you to share personal information or interact with other third parties. For example, you may choose to interact with other users of the Services.
Service Providers. We may share your personal information with our third-party service providers and vendors. This includes service providers and vendors that provide us with AI services, analytics, IT support, hosting, payment processing, customer service, marketing and related services.
Some of the service providers we may use include:
Third-Party Services You Share or Interact With. The Services may link to or allow you to interface, interact, share information with, direct us to share information with, access and/or use third-party websites, applications, services, products, and technology (each a “Third-Party Service”). If you do, the information you share will be subject to the Third-Party Service’s terms and privacy policy. We are not responsible for Third-Party Services.
Authorized Users of Diagram Customers. If you access our Services as an authorized user of a Diagram customer, that customer may access information associated with your use of the Services including personal information, usage data, the contents of communications, and files associated with your account. Your personal information may also be subject to the Diagram customer’s privacy policy. We are not responsible for Diagram customers.
Business Partners. We may share your personal information with business partners to provide you with a product or service you have requested. We may also share your personal information with business partners with whom we jointly offer products or services.
Affiliates. We may share your personal information with our corporate affiliates.
We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our, or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.
If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, purchase or sale of assets, transition of service to another provider, or other similar corporate transaction, your personal information may be disclosed, sold, or transferred as part of such a transaction.
Your Privacy Choices. The privacy choices you may have about your personal information are determined by applicable law and are described below.
Email Communications. If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or Services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding our Services or updates to this Privacy Notice).
Text Messages. If you receive an unwanted text message from us, you may opt out of receiving future text messages from us by following the instructions in the text message you have received from us or by otherwise contacting us as set forth in “Contact Us” below.
“Do Not Track.” Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
Technologies (Cookies). You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. You must separately opt out in each browser and on each device. However, if you adjust your preferences, our Services may not work properly. Please note that cookie-based opt-outs are not effective on mobile applications.
If you would like to exercise any of these rights, please contact us as set forth in “Contact Us” below. We will process such requests in accordance with applicable laws.
If your personal information is subject to the applicable data protection laws of the European Economic Area, Switzerland, or the United Kingdom, you have the right to lodge a complaint with the competent supervisory authority if you believe our processing of your personal information violates applicable law.
All personal information processed by us may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live.
If we transfer personal information which originates in the European Economic Area, Switzerland, and/or the United Kingdom to a country that has not been found to provide an adequate level of protection under applicable data protection laws, one of the safeguards we may use to support such transfer is the EU Standard Contractual Clauses.
For more information about the safeguards we use for international transfers of your personal information, please contact us as set forth below.
We store the personal information we collect as described in this Privacy Notice for as long as you use our Services, or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.
To determine the appropriate retention period for personal information, we may consider applicable legal requirements, the amount, nature, and sensitivity of the personal information, certain risk factors, the purposes for which we process your personal information, and whether we can achieve those purposes through other means.
This Supplemental Notice for EU/UK GDPR only applies to our processing of personal information that is subject to the EU or UK GDPR.
Diagram’s processing of your personal information may be supported by one or more of the following legal bases:
Performance of a Contract: Diagram may need to process your personal information to perform our contract with you.
For example, processing of your personal information pursuant to Section 3A (Provide the Services), Section 3B (Administrative Purposes), and Section 3E (Other Purposes) may be based on this legal basis.
Legitimate Interest: Diagram may process your personal information to further our legitimate interests, but only where our interests are not overridden by your interests or fundamental rights and freedoms.
For example, processing of your personal information pursuant to Section 3A (Provide the Services), Section 3B (Administrative Purposes), Section 3C (Marketing), and Section 3E (Other Purposes) may be based on this legal basis.
Consent: In some cases, Diagram may also rely on your consent to process your personal information.
For example, processing of your personal information pursuant to Section 3C (Marketing), Section 3D (With Your Consent), and Section 3E (Other Purposes) may be based on this legal basis.
Compliance with our Legal Obligations: Diagram may process your personal information to comply with our legal obligations.
For example, processing of your personal information pursuant to Section 3A (Provide the Services), Section 3B (Administrative Purposes), and Section 3E (Other Purposes) may be based on this legal basis.
We do not currently sell your personal information as sales are defined in Nevada Revised Statutes Chapter 603A. If you have any questions, please contact us as set forth in “Contact Us” below.
The Services are not directed to children under 13 (or other age as required by local law outside the United States), and we do not knowingly collect personal information from children.
If you are a parent or guardian and believe your child has uploaded personal information to our site without your consent, you may contact us as described in “Contact Us” below. If we become aware that a child has provided us with personal information in violation of applicable law, we will delete any personal information we have collected, unless we have a legal obligation to keep it, and terminate the child’s account, if applicable.
The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk.
Dandelion Merger Sub II, LLC (“Diagram”) is the controller of the personal information we process under this Privacy Notice.
If you have any questions about our privacy practices or this Privacy Notice, or to exercise your rights as detailed in this Privacy Notice, please contact us at: privacy@figma.com.
If your personal information is subject to the EU or UK GDPR, you can find the contact details of our local representatives below: