Legal

Privacy Policy

Last updated: May 7, 2026

This Privacy Policy describes how Pilot Solutions e.U. i.G. ("we," "us," or "our") accesses, collects, stores, uses, and shares your personal information when you use our services, including when you visit our website at figaviyo.com or use the Figaviyo Figma plugin.

Questions or concerns? If you have any questions about this Privacy Policy or our practices, please contact us at [email protected].

What information we collect
How we use your information
Legal bases for processing (EU/UK)
When and with whom we share information
Cookies and tracking
AI-based features
How long we keep your information
How we keep your information safe
Information from minors
Your privacy rights
Your Klaviyo API key — local-only
Updates to this notice
How to contact us

1. What information we collect

In short: We collect personal information that you provide to us directly, plus some information automatically when you use the Service.

Information you provide

When you register for an account, contact us, or interact with the Service, we may collect:

Names
Email addresses
Passwords (encrypted; we never see your plaintext password)
Contact and authentication data
Billing addresses
Subscription and payment information (handled by Stripe — see below)
Email design files you choose to push to Klaviyo through the plugin
Usage data and analytics

Payment data

If you subscribe to a paid plan, payment data (card numbers, security codes) is collected and handled exclusively by Stripe. We never store full card details on our servers.

Information collected automatically

When you visit our website or use the plugin, we automatically collect log and usage data, device information, and IP addresses. This is used to keep the Service running, prevent abuse, and improve performance.

2. How we use your information

In short: We process your information to provide and improve the Service, communicate with you, and comply with applicable law.

We process your personal information for the following purposes:

To create and manage your account and authenticate you
To deliver the Service (push email designs to your Klaviyo account)
To process payments and send subscription receipts
To provide customer support and respond to your inquiries
To detect and prevent fraud, abuse, or security incidents
To comply with legal obligations
For analytics, to understand how the Service is used and improve it

3. Legal bases for processing (EU/UK)

If you are in the European Economic Area (EEA) or United Kingdom (UK), the General Data Protection Regulation (GDPR) and UK GDPR require us to explain the legal bases we rely on. We process your information based on:

Consent — you have given us permission for a specific purpose, which you can withdraw at any time
Performance of a contract — when processing is necessary to provide the Service you've subscribed to
Legal obligations — when we need to comply with applicable laws
Legitimate interests — for fraud prevention, service improvement, and security

In short: We share information with the small number of service providers necessary to operate the Service, never with advertisers.

We may share your information in the following situations:

With Stripe, our payment processor, to handle subscriptions
With Klaviyo, when you push designs through the plugin (this is the action you initiate)
With analytics providers like Google Analytics, in anonymized form
For business transfers, in the event of a merger, acquisition, or sale of assets
To comply with law, when required by court order or governmental request

We do not sell your personal information. We do not share it with advertisers for targeted advertising.

5. Cookies and tracking

We use cookies and similar tracking technologies (like web beacons and pixels) to keep the website running, save your preferences, and analyze usage. Most browsers accept cookies by default. You can configure your browser to refuse cookies — though this may limit some functionality.

Google Analytics

We use Google Analytics to track and analyze use of the Service. To opt out across all websites, visit Google's opt-out page.

6. AI-based features

In short: Figaviyo uses AI for section detection and alt-text generation. Your designs are processed but not used to train AI models.

The Figaviyo plugin uses AI services (currently Anthropic) to detect email sections automatically and generate alt-text for images. When you trigger these features, the design content is sent to the AI provider for processing under data-processing agreements that prohibit using your content for model training.

7. How long we keep your information

We keep your personal information only as long as necessary to provide the Service or comply with legal obligations. Generally, this is the period during which you have an active account, plus a short retention window for backup, fraud prevention, and tax records (typically 7 years for accounting records under Austrian law).

When we no longer need your information, we delete or anonymize it.

8. How we keep your information safe

We use organizational and technical security measures to protect your personal information, including encryption in transit (HTTPS), encrypted storage, and access controls. However, no electronic transmission is 100% secure. Use the Service at your own risk and use a strong, unique password.

9. Information from minors

The Service is not directed at children under 18, and we do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us at [email protected] and we will promptly delete it.

10. Your privacy rights

In short: Depending on where you live, you have the right to access, correct, delete, or export your personal data.

If you are in the EEA, UK, Switzerland, or Canada, you have the right to:

Request access to and obtain a copy of your personal information
Request correction or deletion
Restrict or object to processing
Data portability
Not be subject to automated decision-making
Withdraw your consent at any time

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

If you are in the EEA or UK and believe we are processing your information unlawfully, you have the right to lodge a complaint with your Member State data protection authority.

11. Your Klaviyo API key — local-only

This matters: Your Klaviyo API key is stored exclusively on your local device, never on our servers.

When you connect Figaviyo to your Klaviyo account, the API key you provide is stored in Figma's local plugin storage on your machine — it never leaves your device, and it is never uploaded to our servers or backups. This means:

If our infrastructure is ever compromised, your Klaviyo account is not at risk via Figaviyo
If you switch devices, you'll need to re-enter your Klaviyo API key once on the new device
You can revoke the key at any time from your Klaviyo dashboard, with no involvement from us required

12. Updates to this notice

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Updates will be reflected by the "Last updated" date at the top. For material changes, we will notify you in advance — via email or a prominent notice on the website.

13. How to contact us

If you have questions or concerns about this Privacy Policy, contact us by email at [email protected], or by post:

Pilot Solutions e.U. i.G.
Birkengasse 20
3034 Maria Anzbach
Lower Austria, Austria

For general (non-privacy) questions, you can also reach us at [email protected].

This Privacy Policy was generated using Termly as a starting point and customized for Figaviyo.