code.to.design - Privacy Policy

Last Updated: December 9th, 2025

1. Introduction

Welcome to code.to.design (“we,” “us,” or “our”). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, API, Figma plugin, and related services (the “Service”).

2. Information We Collect

2.1 Account

When you register for an account, we collect:

Identity Data: Email address.

2.2 Billing Information

When you purchase code.to.design credits, our payment processor collects your payment details (e.g., credit card information). We do not store your payment information directly.

2.3 Usage and Technical Data

We automatically collect certain technical data when you use the Service, including:

Log Data: IP address, browser type, operating system & access times.
Analytics Data: Anonymous usage statistics to help us improve the Service.

2.4 Input Data (The Code You Send for Processing)

In the course of using the Service, you send us HTML, CSS, and associated assets (“Input Data”) to be converted into Figma data.

Processing: We process this Input Data solely for the purpose of generating the requested design output.
Storage: We practice data minimization. Input Data is processed in memory or ephemeral storage and is deleted shortly after the conversion is complete or after a short window for debugging purposes. We do not use your Input Data to train public AI models.

3. How We Use Your Information

We use the collected information for the following purposes:

Service Delivery: To authenticate your API key and perform the HTML-to-Figma conversions.
Support: To respond to your inquiries and troubleshoot API errors.
Improvement: To analyze usage trends and improve the accuracy of our conversion engine.

We do not sell your personal data or the Input Data you provide.

We share information only in the following situations:

Service Providers (Sub-processors): cloud servers, payment processing and authentication.
Legal Obligations: If required to do so by law or in response to valid requests by public authorities.

5. Data Retention

Account Data: Retained as long as your account is active or as needed to provide you services.
Input Data: HTML/CSS payloads sent to the API are not retained permanently. They are purged from our systems after the conversion process.

6. Security

We implement appropriate technical and organizational security measures designed to protect the security of any personal information we process. This includes encryption of data in transit (HTTPS) and secure management of API keys.

7. Your Data Protection Rights (GDPR/CCPA)

Depending on your location, you may have the following rights:

Access: The right to request copies of your personal data.
Rectification: The right to request that we correct any information you believe is inaccurate.
Erasure: The right to request that we erase your personal data (“Right to be Forgotten”).
Portability: The right to request that we transfer your data to another organization.

To exercise these rights, please contact us at [email protected].

8. International Transfers

Our processing servers are located in United States. If you are accessing our Service from outside, please be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your personal information.

9. Data Processing Agreement (DPA)

If you are a business customer and your use of the Service requires a Data Processing Agreement (DPA) to comply with the GDPR or CCPA, you can review our standard DPA here.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated “Revised” date and will be effective as soon as it is accessible.

11. Contact Us

If you have questions or comments about this policy, you may contact us at:

Email: [email protected]
Address: DIV-RIOTS, 32 rue de Paris, 92100 Boulogne-Billancourt, France