🔐 Data security info request

Companies working with highly sensitive information require a data security screening processed before plugins like Tokens Studio can be approved for use. Our community members would like to see our data security information:

  • easily accessible from within the plugin

    • hyperlink to policies and documentation would suffice

  • sync provider information easily accessible from the plugin documentation for sync providers

  • customization of the plugin settings at an admin of an enterprise level to limit which sync options are available

    • Ex: a community member in banking did not have the plugin approved for use because the possibility of having personal access tokens stolen was ranked as too high of potential risk.

    • If they could configure to only show the "URL" sync option, it would have been a viable tool as the risk is much lower.

đŸ˜Ŧ The reality

Today, our community members have to ask us for this information via Slack and pass it along to their team, which isn't a formal enough process for companies working in highly regulated industries.

The current sync features aren't secure enough for some industries to approve use of the plugin.

🤓 Sync information to add to documentation

Where is sync or external storage provider information stored?

  • Provider information is stored client-side within Figma.

    • Repository name and file name are stored on the Figma document.

    • Personal access token is stored in the Figma users' client storage.

đŸ’Ŧ Feedback that is valuable

  • Is there other security-specific information you are looking for?

  • How does this issue impact your day-to-day workflow?

  • What workarounds do you have?

↔ Related topics

  • TBD → Jump to post

Please authenticate to join the conversation.

Upvoters
Status

💡 Requests

Board

💡 Plugin Feedback

Tags

🔀 Sync and token storage

Date

8 months ago

Author

Sam - Tokens Studio

Subscribe to post

Get notified by email when there are changes.