Privacy Policy

Last updated: June 2026

This Privacy Policy explains how your personal information is processed and what rights you have when you use Drawflare - Web to Design.

01 Scope and definitions

1.1 Scope of this Policy

This Privacy Policy ("this Policy") applies to personal information processing by Sichuan Miaosuan Technology Co., Ltd. (Drawflare - Web to Design, "we") when we provide capabilities and support relating to this product to you through this website, product descriptions, and plug-in download and installation instructions. This product includes the Drawflare - Web to Design browser extension (Chrome extension), Figma plug-in, and related services.
The Chrome extension runs locally on your device to process webpage content and generate export files; such webpage content is processed locally only, and we do not upload, transmit or store it on Drawflare servers.
If you use a website account, membership or subscription, or networked features in the Figma plug-in, we may process limited account information, subscription status, order information, usage quotas and customer-support-related information solely to provide the services, verify membership entitlements, fulfil orders and provide technical support. Specific categories and purposes are described in the sections below.
If a feature release provides a separate privacy notice or supplementary terms that conflict with this Policy, the provisions specifically agreed for that release prevail; anything not addressed there continues to be governed by this Policy.
This Policy does not apply to independently operated third-party products and environments — for example the Figma platform itself, browsers or operating systems, or other extensions and local tools you install yourself; your conduct in those environments is governed by their respective privacy policies and user terms. We only process information within the scope described in this Policy as reasonably necessary to provide this product.

1.2 Who this Policy applies to

"You" means any natural person who visits this website, installs or uses our plug-ins, registers an account or contacts us, or — where you use the services on behalf of an organisation with authorisation — that organisation and its authorised users.
If you are a minor, please read this Policy and use the services with your guardian's consent and guidance; guardians may contact us to exercise rights relating to minors (see "Children's privacy" below).

1.3 Key terminology (for ease of reading throughout; specific legal meanings follow applicable law)

Personal information: various kinds of information relating to identified or identifiable natural persons, recorded electronically or otherwise, excluding information after anonymisation.
Sensitive personal information: personal information that, once leaked or misused, is likely to harm natural persons' dignity or endanger personal or property safety (we will explain separately when collecting and obtain necessary consent unless otherwise required by law).
Processing: includes collection, storage, use, processing, transmission, provision, public disclosure, deletion and related activities regarding personal information.
Personal information processor / controller: the entity that determines the purposes and means of processing in the relevant processing activities; for the services described in this Policy, that is Sichuan Miaosuan Technology Co., Ltd. (Drawflare - Web to Design, also referred to as "we").
Entrusted processor / processor: a third party that processes personal information on our behalf and according to our instructions (such as cloud infrastructure, email and ticketing vendors), bound by contract and applicable law.
Account: credentials registered with us for identification and sign-in, and associated profile information.
Packaged file / User content: intermediate files you generate when using the Chrome extension for import into the Figma plug-in, including page structure, styling and resource data; the specific contents depend on the pages and scope you choose to package.

1.4 Contacting us

Personal information controller: Sichuan Miaosuan Technology Co., Ltd. (Drawflare - Web to Design).
Customer service and privacy: team@drawflare.com. We generally respond to general enquiries within three business days; for requests to exercise personal information rights, we will handle them within the time limits required by applicable law (for example, for users in mainland China we aim to reply within fifteen working days unless the law provides otherwise).

1.5 Relationship to other documents

This Policy together with the Terms of Service, Refund and Unsubscribe Policy, and other documents constitute important undertakings when you use the services; where provisions conflict, matters relating to personal information processing are governed by this Policy unless mandatory law provides otherwise.

02 Information we collect

2.1 Overview

We collect personal information only to the extent necessary to provide, maintain, improve and securely operate this product and to comply with legal obligations; specific categories vary depending on the features you use, your device, browser, and whether you are signed in.
Some information is provided by you voluntarily; some is generated or logged automatically when you use this website, the Figma plug-in or purchase membership or subscription services.
If you refuse to provide categories necessary for specific functions (such as account sign-in, invoicing or billing), those functions may be unavailable or limited.

2.2 Account and identity-related information

Registration and sign-in: email address, third-party sign-in identifiers, unique account identifiers, etc.
Billing and subscriptions: subscription tier, order number, transaction status, invoice header / tax identification (if you provide), billing address or tax identifiers (if you provide), payment method type and masked last-four digits, etc.
Paid checkout: when you purchase through the third-party checkout services we integrate, sensitive payment details such as full card numbers and complete billing addresses are usually collected directly by that third party (including a possible Merchant of Record and its payment partners); we receive limited information such as transaction identifiers, subscription status, and what is needed for fulfilment and reconciliation.

2.3 Membership and subscription-related data

Membership status: if you purchase membership or a subscription, we may process — where online validation is required — information related to whether your account, membership, or subscription is valid (for example tier, validity period, session identifiers, or transaction-linked identifiers) to activate and maintain the benefits you purchased. This processing is not intended to collect the business substance of your packaged page files.

2.4 Usage, logs and operations data

Service usage records: feature clicks, configuration choices, error messages and outcome summaries on this website and in the Figma plug-in, used for troubleshooting, improving experience and product planning.
Technical and security logs: when you access this website or use networked features of the Figma plug-in, we may log IP address (or anonymised/truncated forms), User-Agent, browser or Figma environment information (to the extent available), application or plug-in version, session identifiers, access times and request paths, etc.

2.5 Device and diagnostic information

Environment and compatibility: when you use this website or the Figma plug-in, we may process operating system and version, browser type and version, language and regional settings, etc.
Crashes and performance: if we enable diagnostic or performance analytics features in future, we will explain this in the product and obtain necessary consent where required by law; our ordinary product architecture does not assume continuously uploading complete diagnostic data to servers.

2.6 Data related to your web content

When you export/package with the Chrome extension, page structure, styling and resources are processed on your device locally; we do not upload, transmit or store them on Drawflare servers.
When you import with the Figma plug-in, related content is processed in the Figma environment; apart from limited networked communications you are informed of and that product materials describe — such as member sign-in and identity checks on this website or in the Figma plug-in — we do not treat routinely processing full webpage data on our servers as the ordinary product architecture. If we later add features that necessarily transmit or process content through our servers, we will explain prominently before launch or within the feature and obtain necessary consent.
Pages you package may include third-party copyrighted works, personal information or trade secrets; you cannot rely on this Policy to make us controllers of such data on your behalf or shift compliance obligations to us; you undertake to use this feature only within the scope of authority you lawfully hold.

2.7 Your interactions with Figma

Files, teams and permissions in Figma are managed by Figma. Technical information we receive from the Figma API or the plug-in host environment is used solely to complete imports and diagnose errors and does not constitute additional commercial use of your Figma account information by us.

2.8 Customer support, communications and surveys

Issue descriptions, screenshots or attachments you submit via tickets, email or forms (which may include contact information).

2.9 Aggregated and anonymised data

We may aggregate, statistically analyse or anonymise collected information; such derivative data may be used within what the law permits for analysis and product improvement and is not subject to the same rules as identifiable personal information under this Policy (still subject to applicable law).

03 How we use information

3.1 Overview

We use personal information only to the extent necessary for the purposes below and on lawful bases required by applicable law; unless otherwise provided by law or with your separate consent, we do not use it for purposes inconsistent with this Policy.
Where entrusted vendors process data, we restrict scope and security obligations through contracts and similar means.

3.2 Providing, maintaining and delivering services

Where membership or paid plans apply: maintain accounts, sign-in and subscription status, and display entitlements consistent with your plan.
When you use this website or the Figma plug-in, we may process technical metadata related to verifying membership, updates and troubleshooting so you can use purchased capabilities.
Operate the website, installation instructions, update notices and customer support.

3.3 Improving the product and experience

Analyse feature usage trends, error rates and performance bottlenecks to fix defects, optimise flows and plan new features (preferring aggregated or anonymised data where feasible).

3.4 Security, risk control and anti-abuse

Guard against fraud, credential stuffing, unauthorised access, bulk automated abuse of the service, account takeover or other conduct that may harm you, us or other users.
Access controls, log auditing and anomaly alerts.

3.5 Operational communications

Send important notices regarding security, feature changes, billing and subscriptions.

3.6 Billing and plan fulfilment

Maintain subscription and order status and reconcile with payment and Merchant-of-Record checkout providers. Payment confirmation, receipts and reconciliation information are as shown by the checkout provider or in-product. We may also use your contact details or in-product notices, where necessary, to send you important notices about your account, orders, or material changes to this Policy or the Terms.

3.7 Compliance and responding to rights requests

Cooperate with competent authorities as required by law and fulfil retention and disclosure obligations within statutory limits; respond to your lawful requests for access, rectification, erasure and similar rights.

3.8 Corporate transactions

In mergers, demergers, acquisitions or similar events, personal information may transfer as a business asset; we require successors to remain bound by this Policy or to obtain consent again as required by law, and we will disclose as appropriate.

3.9 Automated decision-making

If we adopt automated decisions that materially affect individuals' rights, we will provide explanations and remedies as required by law; until then, refer to in-product descriptions.

04 Legal bases (summary)

4.1 Overview

Within what applicable law permits, we process personal information on one or more of the following bases: necessary to conclude or perform a contract with you; your consent; obligations imposed by laws and regulations; or, where consistent with law, necessary to protect legitimate rights and interests, among others. Exercise of your rights and available remedies are governed by applicable law.

05 Sharing and disclosure

5.1 Overview

We do not sell your personal information ("sell" as defined under applicable local law). We share personal information only to achieve the purposes of this Policy, with your consent, or where permitted or required by law.

5.2 Service providers and entrusted processors

When operating the official website, accounts and membership subscriptions, collections, and customer support over the network, we may engage vendors such as cloud hosting, storage, CDN, email, ticketing, monitoring, security, payment and Merchant-of-Record checkout and tax services to process data under contracts and the principle of minimum necessity.

5.3 Paid checkout and payment services

When you purchase membership or a subscription, checkout, collection, invoicing for the transaction, and calculation and collection of applicable indirect taxes (such as VAT/GST/sales tax) may be completed by a third-party Merchant of Record we engage and its payment partners, acting as independent or joint controllers as described in their policies. Those parties process personal information relating to your transaction in accordance with their respective privacy policies. The specific providers for a given transaction are as shown on the checkout page and payment confirmation. We do not list here partners that may change; if you need to know who processed a particular transaction, contact team@drawflare.com.

5.4 Third parties at your direction

If you use Figma or third-party storage to share packaged results, information flows are governed by your actions and those platforms' rules.

5.5 Laws, regulations and regulatory or judicial processes

Disclose to regulators, judicial bodies or law enforcement as required by law; where the law allows, we may notify you in advance.

5.6 Protecting rights, safety and integrity

Within reasonably necessary limits, disclose to advisers or auditors to assert rights, address fraud or respond to security incidents.

5.7 Corporate restructuring

Transfer as permitted by law and provide notice in mergers or acquisitions.

5.8 Public disclosure

Except where required by law or with your consent, we do not publicly disclose information that identifies you.

5.9 Aggregated and de-identified information

Statistical information may be provided externally where consistent with applicable law.

06 Cross-border transfer

6.1 When transfers may occur and safeguards

If you choose to register, sign in or purchase membership/subscription from us, servers storing account, subscription and order data, as well as paid checkout, Merchant of Record, payment institutions, or mail/customer-support partners may be located outside your country (for example in the EU/EEA or elsewhere); personal information related to accounts, transactions and fulfilment may therefore cross borders. If you use the Chrome extension locally only without registering with us or providing identity information, cross-border transfer of webpage content you process with the Chrome extension to us as recipient usually does not occur. Where cross-border provision of personal information occurs, within what applicable law requires we use standard contracts, personal information protection impact assessments or other lawful measures, and agree security obligations with partners.

6.2 Enquiries

If you wish to understand cross-border arrangements relevant to your situation at a high level, contact us as described under "Contacting us"; we will respond within what we can provide.

07 Data retention

7.1 Overview

We retain data only for as long as necessary for the purposes described; after that period we delete or anonymise.

7.2 Accounts and profiles

While an account exists we retain necessary registration and sign-in information; after cancellation we delete or anonymise within 30 days in principle unless law requires retention.

7.3 Usage, logs and support records

Technical logs related to accounts and membership: typically retained for the subscription term and for up to 24 months after termination, for dispute handling and security audit.
Customer support and ticket records: typically retained for up to three years from case closure, for quality review and dispute follow-up.

7.4 Server-side and reserved notice

By default we do not store your complete packaged files merely because of the ordinary Chrome extension and Figma plug-in use flow. If we later offer features that briefly transit through our servers or validate files, retention and security measures will serve that single function only and will be described in the product or console. Processing remains primarily local today.

7.5 Billing and finance

Orders, reconciliation and tax-related records: typically retained for seven years from transaction completion, or until statutory minimum retention expires, whichever is longer.

7.6 Security and legal proceedings

Data related to investigations, litigation or regulatory matters may be retained beyond ordinary periods.

7.7 Your deletion requests

We carry out deletion or anonymisation where no statutory exception applies.

08 Security

8.1 Overview

We implement organisational, administrative and technical measures proportionate to risk. No system is absolutely secure; this section is an overview and does not constitute a guarantee.

8.2 Organisational and administrative measures

Tiered access permissions, vendor data-processing agreements and security training (within resource constraints).

8.3 Technical measures

Encryption in transit (such as TLS); encryption or hashing for sensitive fields where appropriate; environment isolation; authentication, session timeouts and key management.

8.4 Product and scenario notes

Transfer of files between the Chrome extension and Figma plug-in usually occurs on your device or removable storage paths; security depends largely on your environment and habits. Membership-related network traffic uses encrypted transport (for example HTTPS).
Store and rotate browser and Figma credentials following each platform's best practices.

8.5 Security incidents and notification

When a personal information security incident occurs, we assess impact as required by law, take remedial measures within applicable time limits (for example, where EU data subjects may be affected, notification to supervisory authorities within 72 hours of becoming aware where required), and notify you via announcements, email or in-app messages when needed.

8.6 Your cooperation

Keep account credentials and API keys secure; reset promptly and notify us if you detect unauthorised use.

09 Your rights

9.1 Overview

Depending on applicable law you may have rights such as access, rectification, erasure, restriction of processing, data portability and objection. Send requests to team@drawflare.com; we may verify identity to prevent impersonation.
We aim to respond within 30 days of receiving a complete request (if shorter periods apply in mainland China, we follow those rules); complex cases may be extended as permitted by law with an explanation. We may charge a reasonable fee for repetitive or abusive requests where permitted by law.
If you believe our processing infringes your rights, you may lodge a complaint with a competent supervisory authority; users in China may also contact relevant departments such as the cyberspace administration.

9.2 Right of access and copies

You may learn whether we process personal information and which categories we process, and obtain copies within technical feasibility and without harming others' rights.

9.3 Right of rectification

If information is inaccurate or incomplete, you may request correction.

9.4 Right of erasure ("right to be forgotten")

Where statutory conditions are met you may request deletion; where legal retention duties or legitimate grounds oppose erasure, we will explain and, where possible, anonymise or isolate data.

9.5 Right to restrict processing

Where applicable law allows (for example while accuracy is disputed and verified), you may request storage only without further processing for other purposes.

9.6 Right to data portability

Where technically feasible and conditions are met, we may provide certain personal information you supplied in a structured, commonly used format, or transfer it to another controller at your request.

9.7 Right to object (including to marketing)

You may object to certain processing based on legitimate interests (assessed under law); you may object to direct marketing at any time and we will stop using relevant information for that purpose.

9.8 Withdrawal of consent

Where processing is consent-based you may withdraw consent at any time; this does not affect lawfulness before withdrawal but may disable some features.

9.9 Users in mainland China (if applicable)

Subject to the Personal Information Protection Law and related rules, you have rights including to know, decide, access and copy, correct or supplement, delete and obtain explanations; if we refuse a request we will state reasons.

10 Children's privacy

10.1 Positioning

The product and website are aimed primarily at professionals and adult users.

10.2 Age and guardian consent

We handle minors' information according to local law; guardians may contact us.

10.3 Mistaken collection

If we learn information was collected by mistake, we will delete it as required by law and improve processes.

11 Cookies and tracking

11.1 Our approach

On this website and in our Chrome extension and Figma plug-in, we do not use cookies for cross-site tracking or advertising purposes; we may use necessary local storage or similar technologies to maintain sign-in state, security and basic functionality.

11.2 Third-party services

If you are redirected to third-party checkout, sign-in or OAuth pages (such as payment or Figma authorisation), those third parties may set cookies or use similar technologies on their domains, governed by their respective privacy policies.

12 Policy updates

12.1 Right to revise

We may revise this Policy from time to time and update the "Last updated" date.

12.2 Material changes

We will provide prominent notice as required by law and obtain consent again where necessary.

12.3 Continued use

Unless law provides otherwise, continued use after changes take effect signifies acknowledgement; if you disagree, stop using the services and apply for account deletion.

12.4 Historical versions

Where resources allow, we archive historical versions.