Security

Effective Date: January 1, 2026

Reporting Security Vulnerabilities

We take security seriously. If you discover a security vulnerability in Design Sage, please report it to us at [email protected]. We monitor for vulnerabilities and welcome responsible disclosures. We'll respond within 48 hours and work with you to address the issue.

What to Include

When reporting a vulnerability, please include:

• A description of the issue
• Steps to reproduce it
• Which part of Design Sage is affected (plugin, web app, or API)
• Your contact information

We won't take legal action against researchers who responsibly report vulnerabilities to us.

How We Protect Your Data

Your Designs Stay Private

• We analyze your Figma frames in real-time but never store them
• Design feedback is generated on-demand and not permanently saved
• Only you can see your analysis results

Secure Infrastructure

We use trusted, enterprise-grade providers (all SOC 2 Type II certified):

• Vercel for hosting
• Supabase for database
• Clerk for authentication
• Stripe for payments

Data Encryption

• Your connection to Design Sage is always encrypted (HTTPS/TLS)
• Our database providers use encryption at rest
• Payment information is handled securely by Stripe (we never see your card details)

What We Collect

• Account info (email, organization name)
• Usage analytics (what features you use, not your designs)
• AI-generated feedback (not the designs themselves)
• Billing information (via Stripe)

For full details, see our Privacy Policy

Security Practices

As a small team, we focus on the essentials:

• Code review for all changes
• Monitoring for security issues
• Automated backups
• GDPR and CCPA compliance

If Your Account is Compromised

If you think your account has been accessed without your permission:

• Check your recent activity in the dashboard
• Email us at [email protected]

Questions?

• Security issues: [email protected]
• General questions: [email protected]
• More info: Privacy Policy | Terms of Use

The Bottom Line

We take security seriously but keep it simple: your designs are never stored, your connections are encrypted, and we use trusted industry-standard services. If something seems off with your account, let us know immediately. We're a small team, but we're here to help keep your work safe.