The Figma plugin is run directly from Figma's own servers, and runs inside of a your Figma file, which means that it inherits all of the security and infrastructure of the Figma platform, which exceed industry standards for data protection and security:

  • SOC 2 Type 2
  • SOC 3
  • Cloud Security Alliance (CSA) STAR: Level 1
  • ISO/IEC 27001:2013
  • ISO/IEC 27018:2019
  • EU Cloud Code of Conduct (COC): Level 2

There's no additional software that needs to be installed to use the Figma plugin, as Figma plugins run as a built-in part of Figma's own native functionality, and all Figma plugins easily accessibile and can be instantly run from inside any Figma file, or via the official Figma Community ecosystem inside of the Figma app.

If your organization is already approved to use Figma, then you already have access to Figma plugins.

How Convertify works

The Convertify Figma plugin helps users easily convert Figma files into other design formats (eg .sketch or .xd files), and can also import other formats into Figma (eg. .xd or .pdf files).

Convertify is designed to be privacy and security focused, so nothing ever leaves your Figma file.

All functionality and file imports/exports are handled client-side directly in the Figma plugin using the Figma Plugins API, and are never uploaded, processed or stored anywhere in the cloud or outside of Figma.

What Convertify does and doesn’t do

Convertify uses the Figma Plugins API to convert designs directly inside of your Figma file, and doesn’t rely on any external servers, which means that nothing in your Figma file ever leaves the Figma plugin or Figma itself; any files that are imported/exported via the plugin are done so entirely locally to/from the user’s own computer.

Convertify does

  • Allow users to export their Figma designs to other design file formats from Figma.
  • Allow users to drag/drop other design format files from the user’s computer to be imported to Figma.
  • Download any converted files directly to the user’s computer.

Convertify does not

  • Upload any data from your Figma file design or any imported designs.
  • Store any data from your Figma file design or any imported designs.
  • Use any servers or cloud storage to process or store your Figma files or imported designs.
  • Collect or store any personal information (Figma plugins cannot access any private information about Figma projects, Figma teams or Figma users).

How Figma plugins work

Figma plugins are written in HTML/CSS/Javascript, and are run in a tightly controlled sandbox environment inside of the main Figma application.

Figma plugins can only do whatever Figma allows them to do inside the permissions of the Figma Plugins API, and importantly, plugins don't have any access to personal information about the Figma user running the plugin.

What Figma plugins can and can't do

As per the article on Figma plugin security, there are a limited number of things that Figma plugins can do, and many more things that they can't do:

Figma plugins can

  • Only be run by an explicit user action
  • Show UI in a single plugin-specific dialog
  • Read any data in your Figma document (e.g. a “find layer by name” plugin)
  • Modify any data in your Figma document (e.g. a “rename selected layers” plugin)
  • Communicate with any server over the internet (e.g. an “import from service X” plugin)

Figma plugins cannot

  • Run by themselves
  • Get information about the project or team that owns the file
  • Access anything when they aren’t running
  • Access data from any files other than the file they were run in
  • Change Figma’s UI outside of the plugin UI dialog

Figma account administrators at your company can configure an allowlist of plugins that are allowed inside the organization. This can be used to prevent untrusted Figma plugins from being run in any file in that organization.