Stripe

• Services: Payment processing & billing

• Data Elements: Payment IDs, billing details

• Legal basis for processing: Art. 6(1)(b) contract

• Processing Location: EU & US (EU as primary)

• Read more in Stripe’s Privacy Policy: https://stripe.com/en-es/privacy

• View the DPA which we have signed with Stripe: https://stripe.com/in/legal/dpa

Keygen (for Tokens Studio for Figma Plus users only):

• Services: Licence key management

• Data elements: Figma User ID, Email address used for subscription via Stripe

• Legal basis for processing: Art. 6(1)(b) contract

• Primary processing location: USA

• Read more in Keygen’s Privacy Policy: https://keygen.sh/privacy/

• View the DPA that we have signed with Keygen: https://keygen.sh/terms/ (Section 12.1)

Mixpanel

• Services: Product analytics

• Data Elements: Event metadata, IP address

• Legal basis for processing: Art. 6(1)(f) legitimate interest

• Processing Location: EU

• Read more in Mixpanel’s Privacy Policy: https://mixpanel.com/legal/privacy-policy/

• View the DPA which we have signed with Mixpanel: https://mixpanel.com/legal/dpa/

Sentry

• Services: Error tracking, debugging

• Data Elements: Usage logs, customer data, subscription data, IP address, event metadata

• Legal basis for processing: Art. 6(1)(f) legitimate interest

• Primary Processing Location: EU

• Read more in Sentry’s Privacy Policy: https://sentry.io/privacy/

• View the DPA which we have signed with Sentry: https://sentry.io/legal/dpa/

Google Workspace

• Services: Document editing

• Data Elements: customer email contacts

• Legal basis for processing: Art. 6(1)(b) contract

• Primary Processing Location: EU

• Read more in Google Workspace’s Privacy Policy: https://policies.google.com/privacy?hl=en-US

• View the DPA which we have signed with Google Workspace: https://cloud.google.com/terms/data-processing-addendum

HubSpot

• Services: CRM, marketing automation

• Data Elements: Contact info, support history

• Legal basis for processing: Art. 6(1)(b) contract for support

• Primary Processing Location: EU

• Read more in HubSpot’s Privacy Policy: https://legal.hubspot.com/privacy-policy

• View the DPA which we have signed with HubSpot: https://legal.hubspot.com/dpa

Slack

• Services: Customer Support

• Data Elements: Contact info, support history

• Legal basis for processing: Art. 6(1)(b) contract for support

• Primary Processing Location: USA

• Read more in Slack’s Privacy Policy: https://slack.com/intl/en-in/trust/privacy/privacy-policy

• View the DPA which we have signed with Slack: https://www.salesforce.com/en-us/wp-content/uploads/sites/4/documents/legal/Agreements/data-processing-addendum.pdf

Notion

• Services: Document editing, Analytics, User/product research research

• Data Elements: customer data

• Legal basis for processing: Art. 6(1)(f) legitimate interest

• Primary Processing Location: USA

• Read more in Notion’s Privacy Policy: https://privacycenter.notion.so/policies

• View the DPA which we have signed with Notion: https://notion.notion.site/Data-Processing-Addendum-361b540101274b1fa7e16b90402b0d99?pvs=74

Firebase:

• Services: Email-based authenticaton

• Data Elements: Email address

• Legal basis for processing: Art. 6(1)(b) contract

• Primary Processing Location: Global

• Read more in Firebase’s Privacy Policy: https://firebase.google.com/support/privacy

• View the DPA which we have signed with Firebase: https://firebase.google.com/terms/data-processing-terms

Heroku (Tokens Studio for Figma Plus Only)

• Services: Licence Key authentication

• Data Elements: Licence Key, figma ID, and subscription status

• Legal basis for processing: Art. 6(1)(b) contract

• Primary Processing Location: USA

• Read more in Heroku’s Privacy Documentation: https://www.salesforce.com/en-us/wp-content/uploads/sites/4/documents/legal/misc/heroku-security-privacy-and-architecture.pdf

• View the DPA which we have signed with Heroku: https://www.salesforce.com/en-us/wp-content/uploads/sites/4/documents/legal/Agreements/data-processing-addendum.pdf

Postmark:

• Services: Subscription Confirmation communications

• Data Elements: Email addresses, licence keys, email events, email metadata

• Legal basis for processing: Art. 6(1)(b) contract

• Processing Location: Deft (USA), AWS (Global)

• Read more in Postmark’s Privacy Policy: https://www.activecampaign.com/legal/privacy-policy

• View the DPA which we have signed with Postmark: https://postmarkapp.com/dpa#data-processing-addendum-existing-customers

Supabase

• Services: Infrastructure

• Data Elements: email addresses, Design data, Figma ID

• Legal basis for processing: Art. 6(1)(b) contract

• Primary Processing Location: USA

• Read more in Supabase’s Privacy Policy: https://supabase.com/privacy

• View the DPA which we have signed with Supabase: https://supabase.com/downloads/docs/Supabase+DPA+250314.pdf

Vercel

• Services: Infrastructure

• Data Elements: email addresses, Figma ID, subscription status

• Legal basis for processing: Art. 6(1)(b) contract

• Primary Processing Location: USA

• Read more in Vercel’s Privacy Policy: https://vercel.com/legal/privacy-policy

• View the DPA which we have signed with Vercel: https://vercel.com/legal/dpa

Docusign

• Services: contract management

• Data Elements: email addresses, corporate information

• Legal basis for processing: Art. 6(1)(b) contract

• Primary Processing Location: USA

• Read more in Docusign’s Privacy Policy: https://www.docusign.com/privacy

• View the DPA which we have signed with Docusign: https://www.docusign.com/legal/terms-and-conditions/data-protection-attachment

WEA Midden-Holland Accountants & Adviseurs B.V.

• Services: Accounting & finance

• Data Elements: transaction details

• Legal basis for processing: Art. 6(1)(b) contract

• Primary Processing Location: EU