# Emailify Security
The Emailify Figma plugin (opens new window) runs as an official plugin inside of Figma's own app, which are reviewed and approved by the Figma team.
The Figma pluin is run directly from Figma's own servers, and runs inside of a your Figma file, which means that it inherits all of the security (opens new window) and infrastructure of the Figma platform, which exceed industry standards for data protection and security:
- SOC 2 Type 2
- SOC 3
- Cloud Security Alliance (CSA) STAR: Level 1
- ISO/IEC 27001:2013
- ISO/IEC 27018:2019
- EU Cloud Code of Conduct (COC): Level 2
There's no additional software that needs to be installed to use the Figma plugin, as Figma plugins run as a built-in part of Figma's own native functionality, and all Figma plugins easily accessibile and can be instantly run from inside any Figma file, or via the official Figma Community (opens new window) ecosystem inside of the Figma app.
If your organization is already approved to use Figma, then you already have access to Figma plugins.
# How Emailify works
Emailify helps users design and export production ready HTML from Figma.
Emailify is designed to be privacy and security focused, so nothing ever leaves your Figma file; unless you optionally decide to use a built-in integration that uses your own email marketing platform's official API (eg. MailChimp, Salesforce, Klaviyo, etc) to automatically upload your email template, or optionally upload your images to be hosted automatically.
If you decide to optionally use any of the built-in platform integrations (opens new window) in Emailify, or the feature to upload and host your exported images automatically, the images URLs contained in the email's HTML will be stored and linked as images via the Backblaze B2 (opens new window) storage CDN service.
All functionality and code generation are handled client-side directly in the Figma plugin using the Figma Plugins API (opens new window), and are never processed in the cloud or outside of Figma.
# What Emailify does and doesn't do
Emailify uses the Figma Plugins API (opens new window) to help users compress their images, and download them directly to their computer.
Emailify doesn't rely on any external servers to handle compressing image data, which means that nothing in your Figma file ever leaves the Figma plugin or Figma itself.
Any files that are exported via the plugin are done so entirely locally to the user's own computer.
# Emailify does
- Allow users to design emails in Figma via tools in the plugin.
- Allow users to export their Figma designs to HTML, and download them directly to your computer.
- Allow users to optionally upload their exported HTML emails to their own email marketing platform account (eg. MailChimp, Klaviyo, Salesforce, etc) directly via their official APIs.
- Allow users to optionally automatically host the images in their emails.
- Allow users to generate PDF previews from their email designs.
- Download any exported files directly to the user's computer.
# Emailify does not
- Upload any data, HTML or images or data from your Figma file (unless you optionally decide to use the built-in email marketing platform integrations or image upload features).
- Store any data, HTML or images from your Figma file (unless you optionally decide to use the built-in email marketing platform integrations or image upload features).
- Use any cloud storage to store your Figma images (unless you optionally decide to use the built-in email marketing platform integrations or image upload features).
- Collect or store any personal information (Figma plugins cannot access any private information about Figma projects, Figma teams or Figma users).
# How Figma plugins work
Figma plugins can only do whatever Figma allows them to do inside the permissions of the Figma Plugins API (opens new window), and importantly, plugins don't have any access to personal information about the Figma user running the plugin.
# What Figma plugins can and can't do
As per the article on Figma plugin security (opens new window), there are a limited number of things that Figma plugins can do, and many more things that they can't do:
# Figma plugins can
- Only be run by an explicit user action
- Show UI in a single plugin-specific dialog
- Read any data in your Figma document (e.g. a “find layer by name” plugin)
- Modify any data in your Figma document (e.g. a “rename selected layers” plugin)
- Communicate with any server over the internet (e.g. an “import from service X” plugin)
# Figma plugins cannot
- Run by themselves
- Get information about the project or team that owns the file
- Access anything when they aren’t running
- Access data from any files other than the file they were run in
- Change Figma’s UI outside of the plugin UI dialog
Whitelisting Figma plugins
Administrators can configure a whitelist of plugins that are allowed inside the organization. This can be used to prevent untrusted plugins from being run in any file in that organization.