Anima’s privacy policy covers Anima’s websites and services, including Anima’s Figma plugin and the VSCode extension. Information is this article explains the privacy around code and generative AI LLM models, and measures taken to protect user data.
Privacy policy and Terms of Service - By authenticating the services, you agree to Anima’s Terms of Service. Plugin, website or Extension authentication grants you access to Anima’s features and functionality.
Figma File Key Transmission When the plugin is opened within Figma, Anima will receive the file key for the current Figma file. Anima will receive and securely store the file key associated with the respective Figma file. This storage of file keys allows Anima to establish the necessary connection and enable bi-directional linking between Figma and Anima.
Git access and authentication data are maintained only if given access and for the duration of the session only.
Upon deletion of project, team or user, Anima shall remove the relevant project/team and/or user data stored, including any Figma links, metadata and model files. Remaining data shall be logs interactions with Anima, this data is retained for quality control and validation purposes.
Data Processing All data, including Figma file keys, model files and metadata, is processed by Anima in accordance with Anima’s Data Processing Agreement (DPA) and Anima’s privacy policy. The DPA outlines the measures taken by Anima to ensure the privacy and security of customer data. For more details on our data processing practices, please refer to our DPA.
Generative AI & LLM privacy
Anima currently utilizes a mix of homespun LLM models, open source and SaaS based models from various providers.
We at Anima commit to the following:
We will not train or fine tune our models using customer code without explicit permission from the code owner. This applies to code provided by the users to Anima through:
Personalization features
Code snippet/samples
Git and Github integrations
User prompts and instructions
Anima commits to:
Anonymize user specific data for the AI model
We do not pass original designs or user images to the AI models
VSCode Extension privacy & Security concerns
The VSCode Extension was developed from the ground up, with Enterprise privacy and security concerns in mind.
We realize that developers, particularly in enterprise environments, are particularly concerned with:
Making sure that the code base does not leak into the LLM in any way, so that the code remains contained and cannot appear in other companies' codebase.
Ensuring that code from other companies cannot leak into the company codebase, leading to potential copyright and security concerns.
As a result, Anima designed the VSCode Extension to contain most of the information and logic locally. Code indexing and matching is all done locally, and data is stored on the user's machine within the project's workspace - which allows users to share data and settings through the file system and git, and without exposing the data to the cloud. Search, indexing and matching components is performed using local models and heuristics and not within the cloud.
Data uploaded to the cloud is opt-in only, and includes specs of the components (their interface), with optional usage examples (opt-in). This means the internal workings of the components is never exposed to the LLM. Anima also has guard rails in place that ensure that only validated code will return back to the snippet area. The developer can choose snippets of codes from the results, knowing full well that both the designs and code base are free from any security or privacy concerns.
What the process looks like
While we do retain certain data from your interactions with Anima, this data is retained for quality control, validation purposes, and statistical data to improve the general experience. The data assists us to better understand user needs and requirements.