Skip to content
Your browser is out-of-date.
To get the best experience using our site, you’ll need to update to a newer browser.


This Privacy Policy describes how FIGS, Inc. (“FIGS”, “we,” “our,” “us”) collects, uses, and shares information of its employees, job applicants, contractors, officers, directors or owners who are California residents (“you” or “your”) and are subject to the California Consumer Privacy Act of 2018 (“CCPA”). If you have questions about our Privacy Policy or wish to exercise your rights and choices, please contact us as set forth in the section entitled “Contact Us” below.


The information we collect about you is primarily information you provide when you initially apply for a position with FIGS, supplemented by information generated in the course of your employment. We collect and in the past 12 months have collected the following categories of personal information enumerated in the CCPA:

  • Identifiers, including name, postal address, email address, social security number, government issued identification (such as driver`s license number or passport number), telephone number, emergency contact information, device identifier and unique personal identifier.
  • Financial Information, including bank account number and 401(k) details (for payroll and 401(k) contributions), salary, payroll, equity and other compensation information, tax information, expenses, and business credit card information and usage.
  • Health Information, health, vision, and dental insurance policy number and information such as details about spouses and dependents, absences from work, disability information, allergies and intolerances, medical and ongoing health conditions. We also receive aggregate information regarding access to well-being apps made available to employees, but not individual usage information (which is collected and controller by such apps).
  • Protected Classes, including race, age, gender, sex, citizenship status (evidence of the right to work), nationality, medical conditions and disabilities (physical or mental to provide assistance), marital status and veteran status.
  • Internet, electronic network, and device activity and device information and related identifiers such as use of the FIGS network, information, and communication systems, including user IDs, passwords, IP addresses, device IDs, web logs, and audit trails of system access and copies of documents sent from FIGS networks and FIGS issued devices, browsing and search history on our computer or mobile devices, and interactions with our websites or mobile applications.
  • Geolocation data, including location enabled services such as WiFi and GPS.
  • Professional and Education History, including CV or resume, qualifications, work experience, compensation history where permissible under applicable law, language abilities, areas of expertise, education and training history, professional membership, awards and prizes, references, criminal record and background checks information.
  • Employment Information, including job title, date of commencement of employment, working hours, electronic corporate device tag or registration numbers, employee number, photograph, performance reviews, records of roles performed and applied for, appraisal and evaluation records, disciplinary and accident information, absence and leave records, compensation, incentive details, union membership, professional memberships, special work environment requests, government forms and records in relation to employment and related taxes and job profile, and termination information.
  • Background Checks and Screening Information, such as, in compliance with legal obligations, education verification, criminal records and driver`s license checks.
  • Audio or visual information, such as CCTV footage, and other information relating to the security of our premises; recorded presentations in which you participate; and photographs.

Certain types of data above may be considered sensitive under relevant applicable law, such as social security number, certain demographic information such as race and ethnic origin. As described below and in compliance with law, we only use such data as necessary for our business purposes and for our legal obligations.


We use your personal information for internal lawful manners compatible with the context you provided the information. The following are business purposes for which FIGS uses your information:

  • For operational purposes related to your recruitment and employment. For example, we process your information for Human Resources and records management and related administration as well as to:
    • evaluate your qualifications for employment,
    • provide you access to our network, applications and other services,
    • pay you, administer salaries, and provide other employment benefits including those set out in our handbooks or policies,
    • assist with budgeting,
    • develop business contact directories,
    • assess and monitor your compliance with FIGS policies and procedures,
    • conduct performance evaluation and appraisals,
    • notify you about changes to your employment; and
    • implement measures to protect our systems and networks and prevent unauthorized access.
  • Performance of business operations. For example, we use personal information to provide and monitor IT systems for any lawful purpose; maintain accounts and internal directories, crisis management, protect occupational health and safety; participate in due diligence activities related to the business; business succession planning and conduct internal analyses and audits., and for equity grant purposes.
  • Security operations. For example, we use personal information to detect security incidents, debugging and repairing errors, and prevent unauthorized access to our computer and electronic communications systems and prevent malicious software distribution; and monitor and control access to our premises (including through use of CCTV).
  • To comply with legal obligations. For example, we use your personal information to calculate taxes and pay wages, provide employment benefits, assist with immigration services, comply with legal requests such as subpoenas or court orders, or prosecute or defend a lawsuit, arbitration, or similar proceeding.
  • To improve our operations. For example, we analyze trends and usage such as such as the efficiency of deliveries and store operations.
  • Fulfilling requests by you or with your consent. For example, if you request that we disclose your information with other parties we may do so to fulfill your request.
  • Exercising our legal rights. For example, we may use information in connection with litigation

Certain information we collect may be “sensitive personal information“ under California law. We use such information as necessary to conduct our relationship with you. For example:

  • Social Security number or passport information for legal compliance, payroll, benefits, tax, and immigration purposes;
  • Union membership information for legal compliance and compliance with collective bargaining agreements or to exercise rights thereunder;
  • Health information, which may include disability status, to provide reasonable workplace accommodations and manage absences, for workplace health and safety purposes, and for compliance with applicable law and contracts or to exercise rights thereunder; and
  • Racial/ethnic origin, sexual orientation, and/or disability status for equal opportunity and diversity and inclusion purposes and compliance with applicable law or to exercise rights thereunder.

California law places certain obligations on businesses that “sell“ personal information to third parties or “share“ personal information with third parties for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act (“CCPA“). We do not “sell“ or “share“ the personal information covered by this Policy and have not done so in the twelve months prior to the effective date of this Policy.


Personal information may be disclosed:

  • as part of normal business operations to service providers or vendors in connection with HR and compensation and payroll-related tasks (e.g., banks (which are located in the United States), insurance companies and other employee benefit providers (such as health providers), travel management providers, travel providers, expense reporting, human resources suppliers, background check companies, and employment businesses (in relation to contractors or agency workers), as well as in connection with governance, risk, and compliance and security management;
  • to service providers in connection with information technology support (e.g., software maintenance and data hosting, remote management of IT infrastructure and applications, development and maintenance of applications and global service desk operations) and in connection with accounting and financial reporting.
  • in the event that we are sold or integrated with another business, to our advisers and any prospective purchaser and their advisers;
  • for business operations to provide another entity (such as a potential or existing business counterparty or customer) with a means of contacting you in the normal course of business, for example, by providing your contact details, such as your phone number and email address;
  • to seek legal advice from our external lawyers or in connection with litigation;
  • to government authorities and/or regulatory or law enforcement officials if required for the purposes above, if mandated by law or if (in our reasonable belief) necessary to protect the rights or security of you, FIGS, or others, in compliance with applicable laws; and
  • internally with a limited number of individuals within FIGS when necessary to perform their job responsibilities.


The personal information we collect is retained for as long as necessary to satisfy the purposes for which it was collected and our legal obligations. As described above, these purposes include our business operations and complying with reporting, legal and accounting obligations. In determining how long to retain information, we consider the nature and sensitivity of the information, the purposes for which we process it, and our legal obligations.


In some instances, applicable law (such as California) may permit you to request additional details about your personal information, access to such information, the opportunity to correct any inaccuracies in it, and to delete such information. Please note that in certain circumstances prescribed by applicable law, we may deny your request, including but not limited to when we need to preserve data for legal purposes. We may ask for certain information to verify your identity before we process such requests. You may contact us as described in the Contact Information section below to submit any of these requests.


We implement and maintain reasonable administrative, physical, and technical security safeguards to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of information about you.


FIGS reserves the right to modify or supplement this policy at any time. If a material change to the terms of this policy is made, FIGS will provide notice of the changes.


If you have questions or comments about this Privacy Policy or our information practices, please contact us:

By email:

By mail:
FIGS, Inc.
Attn: Human Resources
2834 Colorado Ave, Suite 100
Santa Monica, CA 90404