🔐 Data security info request

Companies working with highly sensitive information require a data security screening processed before plugins like Tokens Studio can be approved for use. Our community members would like to see our data security information:

• easily accessible from within the plugin

  • hyperlink to policies and documentation would suffice

• sync provider information easily accessible from the plugin documentation for sync providers

• customization of the plugin settings at an admin of an enterprise level to limit which sync options are available

  • Ex: a community member in banking did not have the plugin approved for use because the possibility of having personal access tokens stolen was ranked as too high of potential risk.

  • If they could configure to only show the "URL" sync option, it would have been a viable tool as the risk is much lower.
    

😬 The reality

Today, our community members have to ask us for this information via Slack and pass it along to their team, which isn't a formal enough process for companies working in highly regulated industries.

The current sync features aren't secure enough for some industries to approve use of the plugin.

🤓 Sync information to add to documentation

Where is sync or external storage provider information stored?

• Provider information is stored client-side within Figma.

  • Repository name and file name are stored on the Figma document.

  • Personal access token is stored in the Figma users' client storage.

💬 Feedback that is valuable

• Is there other security-specific information you are looking for?

• How does this issue impact your day-to-day workflow?

• What workarounds do you have?

↔ Related topics

• TBD → Jump to post