← Back

Privacy Policy

Last updated: March 12, 2026

1. What R-Data Does

R-Data is a diagram migration platform consisting of a Chrome Extension, a web backend, and a FigJam plugin. R-Data extracts structured data from visual document platforms (Lucidchart, Miro, and FigJam) and migrates it between platforms — or exports it as a portable ZIP archive. The extraction happens in the user's own browser using their existing platform sessions.

Supported migration routes: Miro to FigJam, Lucidchart to FigJam, Lucidchart to Miro, FigJam to Miro, and ZIP export from any source.

2. Data We Access

R-Data accesses document data from source platforms via the user's own browser session or OAuth authorization. The Chrome Extension makes HTTP requests using cookies already present in the user's browser. We access:

  • Document titles, metadata, and folder structure
  • Document content: shapes, connectors, positions, colors, text, images, and container hierarchies
  • User account information (email, organization name) for session validation

For Lucidchart, data is accessed via the user's browser cookies on lucid.app domains.

For Figma/FigJam, data is accessed either via Figma OAuth 2.0 authorization or via the user's existing Figma browser session (cookie-based auto-detection).

For Miro, data is accessed via Miro OAuth 2.0 authorization.

3. Data We Do NOT Access

  • We do not access, store, or transmit your login credentials (username or password) for any platform.
  • We do not read or modify your account settings on any platform.
  • We do not access documents from other users or organizations.
  • We do not access your browsing history, bookmarks, or any data outside of the supported diagramming platforms.

4. Data Transmission and Storage

Extracted document data is transmitted from the Chrome Extension to R-Data servers over HTTPS for processing. This includes:

  • ZIP export: Data is packaged into a downloadable ZIP file and served back to the user. For ZIP exports, the extraction runs entirely client-side — data never leaves your machine until you download the archive.
  • Platform migration (FigJam or Miro): Data is held temporarily on our servers while shapes are created on the target platform via their respective APIs.

All extracted document data is stored with a 7-day TTL and is automatically deleted after that period. Job metadata (completion status, timestamps) is retained for 30 days.

Images extracted from source documents may be temporarily stored on Vercel Blob Storage for the duration of the migration, then deleted with the rest of the job data.

5. Miro Integration

If you choose to migrate documents to or from Miro, R-Data uses OAuth 2.0 to connect to your Miro account. Miro OAuth tokens are stored server-side, encrypted, and scoped to the minimum required permissions (board creation and reading). Tokens can be revoked at any time from your Miro account settings.

6. Figma/FigJam Integration

R-Data interacts with Figma/FigJam through two mechanisms:

  • Figma OAuth 2.0: Used for extracting FigJam file data. OAuth tokens are stored server-side, encrypted, and scoped to read-only file access. Tokens can be revoked at any time from your Figma account settings.
  • Cookie-based session detection: The Chrome Extension reads the __Host-figma.authn cookie to detect your existing Figma session. This is used to browse your FigJam files without requiring a separate login. No cookie data is transmitted to R-Data servers.
  • FigJam Plugin: The R-Data FigJam plugin runs inside the Figma plugin sandbox and creates shapes directly on your FigJam canvas. The plugin fetches extracted document data from R-Data servers and cloud icon SVGs from our CDN. No FigJam canvas data is sent back to our servers.

7. User Accounts

R-Data user accounts store your email address and a bcrypt-hashed password. We do not store passwords in plaintext. Session tokens are issued as httpOnly, secure cookies and as Bearer tokens for extension use.

8. Payment Processing

Payments are processed by Stripe. R-Data never sees, stores, or transmits your full credit card number. Stripe handles all payment data in compliance with PCI DSS standards.

9. Chrome Extension Permissions

The R-Data Chrome Extension requests the following permissions:

  • storage — Local preferences, session tokens, and connection state
  • alarms — Polling for migration status updates in the background
  • notifications — Desktop notification when a background migration completes
  • cookies — Detect existing Lucidchart and Figma browser sessions for automatic connection (no API keys or OAuth needed for session detection)
  • host_permissions — Access to documents.lucid.app and lucid.app (Lucidchart extraction), www.figma.com (Figma session detection and file browsing), and r-data.co (R-Data backend API)

The extension does not use content scripts, does not inject code into web pages, does not access your browsing history, and cannot read data from any website outside the platforms listed above.

10. FigJam Plugin Permissions

The R-Data FigJam plugin runs in Figma's plugin sandbox with network access limited to:

  • r-data.co — Fetching extracted document data and cloud icon SVGs
  • images.lucid.app — Fetching images from Lucidchart documents
  • *.public.blob.vercel-storage.com — Fetching images stored during Miro extraction

The plugin cannot access any other network resources, cannot read other FigJam files, and cannot modify files you have not explicitly opened with the plugin.

11. Data Deletion

You may request deletion of your account and all associated data at any time by contacting support@supe-us.com. Extracted document data is automatically purged after 7 days regardless. OAuth tokens for Miro and Figma can be revoked independently from those platforms' account settings.

12. Contact

For questions about this privacy policy, contact support@supe-us.com.