Security
Your design system is yours.
We take care of the infrastructure so you can focus on your design system. Here is what we do to keep your data safe.
Data in transit
All communication between your browser, the Studio app, and our servers uses TLS. Data is never sent over unencrypted connections.
Data at rest
Your design tokens, component definitions, and workspace data are stored encrypted at rest. Backups are also encrypted.
Authentication
Studio uses secure session-based authentication. We support organization-level access controls so you can manage who can edit, who can view, and who has no access.
Team access controls
Editor seats and consumer seats have distinct permission levels. Editors can publish and manage the design system. Consumer seats have read-only access to the Figma plugin and published packages.
Design system isolation
Each design system workspace is fully isolated. Tokens, components, and published packages from one design system are never accessible from another.
Published packages
When you publish your design system, it becomes a versioned package. Consumer apps pull it on their own schedule. No live endpoint means no single point of failure that could push breaking changes automatically.
Dependency security
We monitor our dependencies for known vulnerabilities and apply security patches as part of our regular release cycle.
Responsible disclosure
If you find a security issue, please report it to security@reframeui.app. We will respond within 48 hours and work with you to resolve it before public disclosure.
Found something?
If you find a vulnerability or have a security question, reach out to security@reframeui.app. We respond within 48 hours.