Hi Benjamin,

No system is 100% secure, but we practice stringent controls to mitigate risks as best we can. Some of our controls include:

• 100% of communication over the Internet is encrypted using HTTPS/TLS
• 100% of Figma application servers use encrypted hard drives
• 100% of user files stored in Amazon’s S3, redundantly with a 99.999999999% durability SLA
• CSRF counter-measures for all HTTP RPC methods
• Production application servers isolated within a private network, inaccessible by the Internet
• Production SSH keys limited only to trained operations personnel, and regularly rotated
• Passwords are never stored except if hashed using salted bcrypt
• Routinely revise, audit, and improve security practices

Thanks, Dylan