At Spek, we prioritize the security of your design data and the efficiency of your development workflow. This policy explains how we handle data within the Spek Figma Plugin.
Last updated: March 3, 2026
01
Data Collection and Usage
How does Spek handle your design data?
Spek follows a strict privacy-first approach. We do not engage in background data collection.
Local Compression
Design specifications are compressed locally within the Figma plugin using our proprietary algorithm. No external AI processing is used for this stage.
Purpose of Upload
Compressed specifications are uploaded to your designated backend solely for user convenience. This enables a seamless developer experience, allowing the Spek CLI tool to download specifications directly into your local source code directory, eliminating the need for manual browser downloads and manual extraction.
Manual Trigger
Data transmission only occurs when the user explicitly clicks the "Export" or "Upload" button.
02
Authentication and API Key Management
How does Spek ensure secure access?
To ensure secure access and data integrity, Spek utilizes a token-based authentication system.
Directus Integration
API keys are generated via the Directus backend based on the specific user account provided to the user.
Functional Usage
These keys are used exclusively to authenticate file uploads, downloads, and the synchronization of the ComponentHub.
Security Standards
All data sent to the backend is protected and encrypted according to Directus CMS security standards.
03
User Control and Data Ownership
Who controls your design data?
User-Driven Workflow
Spek acts as a bridge between your design and your code. No design data leaves the Figma environment without your direct command.
No Data Mining
We do not use your design data to train models or for any purpose other than providing the specification delivery service.
04
Third-Party Services
What external services does Spek integrate with?
Figma API
To extract design properties and styles from your active file.
Directus CMS
Used as the backend vault for secure specification storage and team synchronization.
05
Security
How is your data protected in transit and at rest?
Encryption
All communications between the Spek Plugin, the CLI tool, and the Directus backend are encrypted via HTTPS/TLS.
Data Integrity
Your specifications are stored in a secure environment protected by modern database security protocols.
Contact & Support
If you have questions regarding our privacy practices or security measures, please reach out:
