Every day, thousands of people design, prototype and share projects made in Framer. Your work is valuable, and we strive to ensure that your privacy and data are never compromised. Here are some of the measures we have in place.
Data privacy and management
Complete control over who can access your projects
We manage project storage and sharing via Framer Cloud. To share a link to your project, you must first upload it to your personal Cloud dashboard. By default, anyone you share that link with will have access to your project. You can change these settings to dial down on security levels, including limiting access to just your team or by sending personal invitations. You can also manage the project description for your prototype and restrict or allow downloads of your Framer project file.
Direct file access is protected by the following measures:
Framer Cloud is hosted and managed within Amazon Web Services (AWS) secure data centers. These data centers have been accredited under:
- All files are available through a temporary URL (with the option to offer your the project as a downloadable Framer file).
- We use signed URLs, which expire automatically. After a signed URL has expired a new URL will be generated for each file, which will become the only valid URL.
- The URL can not be guessed and all filenames are obfuscated.
Data storage and servers
Framer services and data are hosted in Amazon Web Services (AWS) facilities. All of our servers live within our own virtual private clouds (VPCs) with rules that prevent unauthorized requests from entering our network. Only a handful of people can access the data and they only do so in order to improve the services we provide. We monitor and audit our usage logs.
Acknowledgements of Third Party services
We use third parties to store user data in order to provide/improve our services:
- We send bi-monthly newsletters, product and the occasional promotional email using MailChimp. These emails are only sent to customers who signed up specifically to receive these emails.
- We use Google Analytics to track page views which helps us improve the usability of our marketing website and framer.cloud.
- We use Sentry to track errors that occur within Framer Cloud and Framer. This also includes certain data that correlates with the error, but does not include sensitive customer information (passwords, tokens etc).
- Our Customer Support team uses Intercom to provide email and in-app support to users.
We use a combination of AWS services such as autoscaling, AWS CloudFront, AWS Shield and Amazon Route53 to implement a proactive and in-depth defense strategy to thwart DDoS attacks.
Payment / Credit Cards
Framer does not store any of your credit card information on our servers. All payment processing is handled by Paddle.
Replication and Disaster Recovery
Framer is fully equipped with real-time replication and automated failover. Services are distributed across servers in multiple AWS availability zones. These zones are hosted in physically separate data centers, protecting services against single data center failures. All non-transient data is backed up on AWS S3 (which has multiple levels of redundancy). In the event of an application-wide disaster, Framer can recover data from these backups.
We use HTTPS for all resources, including all requests via our public website, application and emails.
We use SSL (TLS) for data transmissions, ensuring data privacy and integrity. Our endpoints support TLS 1.2 or higher, protecting against unauthorized disclosure, modification, and replay attacks. Our API and application endpoints are TLS/SSL-only and score an “A” rating on Qualys SSL Labs‘ tests.
Single Sign-On (SSO)
Our Framer Enterprise feature offers single sign-on compatibility, which allows teams to have seamless access to Framer Cloud while still enforcing company security requirements through authentication rules. We also offer an additional security admin setting to limit the sharing of prototypes within an SSO organization. SSO is supported over any provider that supports SAML 2.0. Please contact our sales team for more information.
The environment that hosts the Framer services maintains multiple certifications for its data centers, including ISO 27001 compliance, PCI Certification, and SOC reports. For more information about their certification and compliance, please visit the AWS security website and the AWS compliance website.
General Data Protection Regulation (GDPR)
As a company, Framer has always had solid security and privacy practices in place, allowing us to meet the high standard of the new European data protection law known as GDPR. That having been said, we are constantly working to ensure that we give all you more control over your own personal data.
Reporting Security Problems to Framer
We review all security reports within one business day. If you run into a security issue or vulnerability, please contact us immediately.
Team Stores are fully fledged versions of the Framer Store where you can upload packages with components, assets or whole design systems that are only accessible to authenticated users in your organization or team.