mcp.to.design is now free.No account needed.Install now →

PRIVACY POLICY

Last updated: April 19, 2026

This Privacy Notice describes how we handle information when you use our services ("Services"), which comprise:

  • The website at https://ai-to-design.com
  • The mcp.to.design Figma plugin (the "Plugin")
  • The local MCP connector, published as @ai.to.design/figma-connector on npm (the "Connector"), which runs on your own machine via npx

Questions or concerns? Please contact us at support@ai-to-design.com.

SUMMARY OF KEY POINTS

  • The Services do not collect user data. The Plugin runs inside Figma and the Connector runs on your own computer. They communicate locally. Your HTML/CSS design content, prompts, screenshots, design data, telemetry, and any identifier about you never reach our servers.
  • No accounts. No logins. No payments. The Services are free and require no registration. We do not hold names, passwords, payment details, API keys, or user profiles.
  • Only two limited exceptions exist: (1) if you email us, we receive your email address and your message in order to reply; (2) if you explicitly consent via the cookie banner on our website, Google Analytics 4 collects anonymous, aggregate usage of the website.
  • No sensitive information is processed.
  • No information is obtained from third parties.
  • Your rights. Depending on where you are located, applicable privacy law may give you rights over any personal information we process. To exercise them, contact us at support@ai-to-design.com.

1. WHAT INFORMATION DO WE RECEIVE?

From the Plugin and the Connector: nothing

In Short: The Plugin and the Connector do not send us any data.

The Plugin runs inside Figma. The Connector runs on your own computer. They communicate with each other locally. Neither transmits your HTML/CSS, prompts, screenshots, design data, file paths, telemetry, usage statistics, error reports, or any identifier about you to our infrastructure. There is no user account, no login, no API key, no subscription, and no payment associated with using the Services.

From the website: aggregate analytics, only with your consent

In Short: Only if you explicitly consent via the cookie banner does our website send any data to Google Analytics 4.

Until you click "Accept" on the cookie banner, the GA4 script is absent from the page and no analytics data is collected. When you consent, GA4 sets a pseudonymous client identifier (_ga) and collects page views, referrer, device and browser category, and approximate geographic location derived from your IP address (anonymised — your full IP is not stored). GA4 does not receive any name, email address, or other identifier you may have provided to us. See Section 5 for details and how to withdraw consent.

From emails you send us

If you choose to email us at support@ai-to-design.com, we receive your email address and the content of your message. We use this only to reply to you and to comply with any legal record-keeping obligations.

Sensitive information. We do not process sensitive information.

2. HOW DO WE PROCESS INFORMATION?

In Short: For two purposes only — replying to emails you send us, and (with your consent) aggregate website analytics.

  • To respond to your inquiries. We read and reply to email messages you send us.
  • To understand aggregate website usage. With your explicit consent, we use Google Analytics 4 to see aggregate, anonymous visit statistics.
  • To comply with legal obligations. Where required by law we may process information to comply with applicable legal requirements (for example retaining email correspondence).

We do not process any data from the Plugin or the Connector because we do not receive any.

3. WHAT LEGAL BASES DO WE RELY ON?

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the legal bases we rely on. For the limited processing described above:

  • Consent (Art. 6(1)(a) GDPR) for analytics cookies via Google Analytics 4. You can withdraw your consent at any time.
  • Legitimate Interests (Art. 6(1)(f) GDPR) for receiving and replying to your emails.
  • Legal Obligations (Art. 6(1)(c) GDPR) where a law requires us to process information, for example retaining records of correspondence.

4. WHEN AND WITH WHOM DO WE SHARE INFORMATION?

In Short: Only with the limited service providers needed to operate the website.

  • Cloudflare, Inc. — hosting and content delivery for the website.
  • Google LLC — Google Analytics 4, only when you have explicitly consented to analytics cookies.

Business transfers. We may share or transfer information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: Only with your explicit consent do we set analytics cookies via Google Analytics 4. No cookies are required for the website to function.

Analytics cookies (Google Analytics 4)

The GA4 script is entirely absent from the page until you actively accept analytics cookies via the cookie banner. We do not use consent-mode defaults or cookieless pings.

The following cookies are set by Google Analytics when you consent:

  • _ga — Expires after 2 years. Distinguishes unique visitors by assigning a randomly generated number as a client identifier.
  • _ga_<container-id> — Expires after 2 years. Stores and updates a unique value for each page visit to maintain session state.

GA4 collects: page URLs and navigation paths, referrer, device type, browser, operating system, and approximate geographic location derived from your IP address (anonymised — your full IP is not stored). No personally identifiable information (name, email, user ID) is sent to Google Analytics.

Data processor: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google is certified under the EU–US Data Privacy Framework. For more information, see Google's Privacy Policy.

You can withdraw your analytics consent at any time by clicking "Cookie Settings" in the footer of any page and toggling analytics off. When you revoke consent, GA4 cookies are cleared immediately and the analytics script is removed from the page.

6. HOW DO WE HANDLE YOUR DESIGN CONTENT?

In Short: Your design content never leaves your machine.

The Plugin runs inside Figma. The Connector runs locally on your own computer. They communicate only over your local machine. HTML/CSS content, prompts, screenshots, and design data you work with are never sent to our servers, never stored by us, and never used for any purpose by us — including, but not limited to, analytics, training AI models, or service quality reviews.

7. HOW LONG DO WE KEEP INFORMATION?

Email correspondence is retained for as long as necessary to respond and to comply with legal record-keeping obligations. Analytics data in GA4 is retained under Google's default retention period, subject to your consent.

8. HOW DO WE KEEP INFORMATION SAFE?

Because the Plugin and the Connector run locally, there is no server-side transit of your design content at all. For website traffic, we rely on standard transport encryption:

  • All website traffic is delivered over HTTPS.
  • The website is hosted on Cloudflare's secure global network.

Despite these safeguards, no electronic transmission over the Internet can be guaranteed to be 100% secure.

9. DO WE COLLECT INFORMATION FROM MINORS?

We do not knowingly collect data from or market to children under 18 years of age. If you become aware of any data we may have received from children under 18, please contact us at support@ai-to-design.com.

10. WHAT ARE YOUR PRIVACY RIGHTS?

In some regions (like the EEA, UK, and Switzerland), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of any personal information we hold about you; (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; (iv) if applicable, to data portability; and (v) not to be subject to automated decision-making. You can make such a request by contacting us at support@ai-to-design.com.

If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority.

If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.

Withdrawing your consent

You can withdraw analytics consent at any time via "Cookie Settings" in the footer, or by contacting us using the details below.

11. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers include a Do-Not-Track ("DNT") feature. At this stage, no uniform standard for recognizing and implementing DNT signals has been finalised, so we do not currently respond to DNT browser signals. Our cookie banner gives you explicit control over analytics regardless of DNT.

12. DO WE MAKE UPDATES TO THIS NOTICE?

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Last updated" date at the top.

13. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may email us at support@ai-to-design.com.