Overview
Checklist Design ("we," "us," or "our") operates the Checklist Design Figma plugin and associated web services at checklist.design. This Privacy Policy explains how we collect, use, store, and protect your information when you use our plugin and services.
We are committed to protecting your privacy and complying with applicable privacy laws, including the Australian Privacy Principles (APP), the European General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).
By using our plugin or services, you agree to the collection and use of information in accordance with this policy.
Who we are
Checklist Design is operated by Checklist Design Pty Ltd, registered in Australia.
Contact: hello@checklist.design
What data we collect
Account data
When you create an account to use Checklist Design, we collect your email address (used to send a magic link for authentication).
We do not collect passwords. Authentication is handled via one-time magic links sent to your email.
Plugin usage data
The plugin tracks free-tier usage of the AI quality checker on a per-user basis. Specifically:
A hashed identifier derived from your Figma user ID (not your actual Figma ID)
A count of how many free AI quality checks you have used in the current month
A monthly reset timestamp
This data is stored server-side in our database (Supabase) to ensure accurate usage tracking across devices and installations. It resets automatically at the start of each calendar month.
AI quality checker — frame data
When you use the AI quality checker, a screenshot/image of your selected Figma frame is temporarily transmitted to our servers for analysis.
The frame image is sent to Anthropic's Claude API for processing
The analysis result is returned to you in the plugin
Neither the frame image nor the analysis result is stored on our servers after the request is complete
Frame images and results are not retained, logged, or used for any purpose beyond producing your requested analysis
Purchase data
Purchases of AI credit packs are processed by Polar (our payment provider). When a purchase is completed:
Polar handles all payment processing and billing
We receive a confirmation event from Polar that triggers credit allocation to your account
We store the resulting credit balance associated with your account in our database
We do not store credit card numbers or full billing details. Polar's own privacy policy governs data collected during checkout.
Email subscriptions
If you subscribe to receive release updates or other communications from Checklist Design, we collect:
Your email address
Subscription timestamp
Email preferences and subscription status
You may unsubscribe at any time using the unsubscribe link in any email or by contacting us at hello@checklist.design.
Checklist content delivery
We maintain a database of checklist content that is synced to the plugin to keep it up to date. No personal information is associated with or collected during this content delivery.
Support and feedback
If you submit a support query or feedback through the plugin or website, we collect:
The content of your message
Your email address if you choose to provide it
Plugin analytics
The plugin collects anonymous usage events to help us understand how features are used and improve the product. These events include actions such as saving a checklist, checking off checklist items, and other in-plugin interactions.
Events are associated with an anonymous, randomly generated ID that is not linked to your account, email address, or Figma identity
This data cannot be used to identify you personally
It is stored on our servers (Supabase) and used solely for product analytics
Data we do not collect
The following data is never sent to our servers:
The content of your Figma files, designs, or layers
Any Figma file content other than the frame image you explicitly submit for AI analysis
How we use your information
Email address: to send your authentication magic link and essential account notifications
Figma user hash + usage count: to enforce the free-tier monthly limit and paid credit balance
Frame image: solely to generate your requested AI quality analysis (not retained)
Purchase confirmation: to allocate purchased credits to your account
Support/feedback: to respond to your enquiry and improve our services
We do not sell your data. We do not use your data for advertising.
Third-party services
We rely on the following sub-processors and third-party services:
Supabase — database hosting and backend infrastructure (account data, usage counts, credit balances)
Anthropic (Claude API) — AI analysis of frame images submitted for quality checking. Anthropic does not use data submitted via its commercial API to train its models by default. Frame data is processed in accordance with Anthropic's API Terms of Service and Privacy Policy. API logs are retained by Anthropic for up to 7 days before deletion.
Polar — payment processing for credit pack purchases
Resend — transactional email delivery (magic links and account notifications)
Each of these services operates under its own privacy policy. We ensure they are used only for the purposes described above.
Data retention
Email subscriptions: retained until you unsubscribe or request deletion
Account data (email): retained for as long as your account is active, or until you request deletion
Usage tracking (Figma user hash + counts): retained on a rolling basis; monthly counts reset automatically. Historical records retained for up to 12 months
Purchase/credit records: retained for 7 years for accounting and fraud-prevention purposes
Support and feedback submissions: retained for 3 years from the date of submission
Frame images: not retained — discarded immediately after analysis
AI analysis results: not retained — returned to the user only
Website analytics: as per Google Analytics data retention settings (26 months by default)
International data transfers
Checklist Design is based in Australia. By using our services, your data may be transferred to and processed in countries outside your own, including the United States (where some of our sub-processors operate). We ensure appropriate safeguards are in place for any such transfers, consistent with applicable law including the Australian Privacy Act 1988, GDPR, and CCPA where applicable.
Your rights
Depending on your location, you may have the right to:
Access — request a copy of the personal information we hold about you
Correction — request that inaccurate information be corrected
Deletion — request that your personal data be deleted
Portability — request that your data be provided in a portable format
Objection — object to certain types of processing
To exercise any of these rights, contact us at hello@checklist.design. We will respond within 30 days.
Data security
We take reasonable technical and organisational measures to protect your data, including encrypted data transmission (HTTPS), access controls on our database, and use of reputable infrastructure providers. Our servers are located in East US (Ohio).
In the event of a security incident affecting your personal data, we will notify affected users and relevant authorities as required by applicable law, and notify Figma within 24 hours as required under Figma's developer terms.
Cookies and tracking technologies
Our website at checklist.design uses cookies and similar tracking technologies. Cookies are small text files stored in your browser.
We use the following types of cookies:
Essential cookies: required for the site to function, including authentication session management
Analytics cookies: we use Google Analytics to understand how visitors interact with the site (pages visited, traffic sources, time on site). This data is aggregated. Google Analytics uses first-party cookies to collect this information. Google Analytics retains this data for 26 months by default.
Australian law requires us to disclose our use of cookies in this Privacy Policy but does not require a consent banner for Australian users. If you are located in the European Economic Area, UK, or Switzerland, we will seek your consent before setting non-essential analytics cookies, consistent with GDPR requirements.
You can disable or delete cookies through your browser settings at any time. You can also opt out of Google Analytics tracking across websites by installing the Google Analytics Opt-out Browser Add-on (tools.google.com/dlpage/gaoptout).
The Figma plugin itself does not use browser cookies. Usage tracking in the plugin is handled server-side as described in Section 2.2.
Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our website and updating the "Last Updated" date.
Contact us
If you have questions about this Privacy Policy, please contact us at hello@checklist.design.