Security & Privacy
We understand that connecting web apps to your local development environment is powerful and therefore a potential concern. Here are the steps Fig takes to ensure your and your company's data is secure:
All Fig Apps:
- are open source
- are hosted by Fig on Fig's server
- are vetted by Fig before being updated and/or added to the Fig App Store
Before being listed on the Fig App Store, apps undergo a security check by Fig. An app is usually approved provided it accurately requests the right permissions.
An app is rejected if:
- It does not request all necessary permissions for Fig APIs and other actions like HTTP requests which are listed in the Fig App Store.
- It contains any known malware or spam
- It has the potential to send any sensitive data to the cloud without a proper login process or a more explicit user opt-in that is more than what is listed on the App Store
- It is not open source or willing for Fig to open source its code while it is listed on the App Store
- it has no documentation
There are two exceptions where
fig webis given access to the fig runtime:
http://localhostis allowed access for local testing purposes
Fig does not send sensitive data to the cloud. Your and your companies data is processed locally your device.
Fig apps are developed by Fig and other 3rd party developers. All Fig apps undergo a security review before being added and updated. Fig apps are hosted on fig's servers
Each Fig App has its own set of permissions surrounding its use. which you choose to opt into before downloading.
Fig anonymously tracks the usage of its cli by sending a ping to withfig.com. This helps our product and customer teams. The ping includes:
- an anonymous user ID defined on installation
- current Fig version
- a redacted version of your cli request after the main command (e.g. `fig run xxxx.xxxx` for `fig run index.html`)
This ping is NOT tied to your email address or any other personally identifiable information. This cannot be disabled.
Fig also tracks usage statistics such as page views, sidebar interactions. These are sent to withfig.com. This information is linked to your email address. You can disable it entirely at any time.