figma guide

Designing privacy settings and data management UI in Figma: download data, delete account, and consent

Design privacy settings UI in Figma with data download, account deletion, cookie preferences, consent toggles, and Dev Mode specs for GDPR and account compliance flows.

Published
Updated
Jul 05, 2026
Read time
7 min
Level
Beginner

Quick answer

Privacy settings let users see what data you store, export a copy, control optional sharing, and request account deletion—usually under Account → Privacy or Security & privacy. Design three core flows: Download my data (request → email link → file ready), Delete account (warning → re-auth → confirmation → grace period), and Privacy toggles (analytics, personalization, third-party sharing) with plain-language descriptions. Required legal copy belongs in the UI, not only in Terms. Start from the Figma guides hub and pair with the account dashboard, notification preferences, and login guides.


Who this is for

  • Product designers building account privacy pages for ecommerce, SaaS, and marketplaces.
  • Legal and compliance teams aligning UI with GDPR, CCPA/CPRA, and PIPEDA requirements.
  • Engineers implementing export jobs, deletion queues, consent APIs, and audit logs.

Privacy surface comparison

SurfaceWhen to useTrade-off
Account privacy pageLogged-in data rightsCanonical for export and delete
Cookie / consent bannerFirst visit, pre-loginMust sync with account toggles where overlap exists
Registration consentInitial legal acceptanceLink to privacy policy version
Checkout guest noticeOrder data processingDoes not replace full privacy settings
Email data-request linkSupport-initiated exportSame flow as in-account request

Verdict: use one PrivacySettingsPanel component on the account route and a separate CookieConsentBanner for pre-auth visitors—sync overlapping flags (e.g. analytics) through one backend consent record.


PrivacySettingsPanel anatomy

PartSpecNotes
Page title”Privacy & data” or “Your data”Under account nav
Data summaryShort list: orders, addresses, payment tokensNo raw card numbers
Download sectionCTA + status”Request a copy of your data”
Sharing togglesOptional personalization, analyticsPlain-language labels
Policy linksPrivacy Policy, Cookie PolicyOpen in new tab
Delete accountDestructive section at bottomSeparated visually
Last updatedPolicy version dateWhen consent version changes
PrivacySettingsPanel
├── Variant: context=accountSettings
├── Variant: state=default | exportPending | exportReady | deleteFlow
└── Layers:
    ├── PageHeader
    ├── DataSummaryCard
    ├── DownloadDataSection
    │   ├── RequestButton
    │   ├── ExportStatusBanner
    │   └── DownloadLink (when ready)
    ├── ConsentToggleGroup
    │   └── ConsentRow (repeat)
    ├── PolicyLinks
    └── DeleteAccountSection
        ├── WarningCopy
        └── DeleteAccountButton

Use toggle switches for optional consent—not pre-checked dark patterns.


Download my data flow

StepUICopy notes
1. RequestPrimary button on privacy page”We’ll email you when your file is ready”
2. Confirm identityRe-enter password or OTPRequired for high-risk export
3. PendingStatus banner + disabled button”Request submitted — usually within 48 hours”
4. ReadyEmail + in-app banner with download linkLink expires in 7 days
5. DownloadZIP or JSON; file size noteList included categories
6. Rate limitError if requested too soon”You can request again in 30 days”
DataExportFlow
├── Variant: step=request | verify | pending | ready | expired
└── Layers:
    ├── IdentityVerifyModal
    ├── ExportPendingBanner
    ├── ExportReadyBanner
    └── DownloadButton

Verdict: show what is included (orders, profile, addresses, wishlist) before the user confirms—reduces support tickets about “missing” payment data (tokens are not exportable).


Delete account flow

Account deletion is irreversible for users—design a multi-step flow with clear consequences.

StepUIRequired copy
1. Entry”Delete account” text button or secondary destructiveLink from privacy page only—not dashboard hero
2. ConsequencesBullet listActive orders, subscriptions, store credit, login loss
3. Re-authPassword or OTPSame as export verify
4. ConfirmType DELETE or email confirmPrevents mis-taps
5. Grace periodOptional 14–30 day undoBanner: “Account scheduled for deletion”
6. CompleteSign-out + confirmation emailNo silent deletion
DeleteAccountFlow
├── Variant: step=warning | reauth | confirm | scheduled | complete
└── Layers:
    ├── ConsequenceList
    ├── ActiveOrderBlocker (if open orders)
    ├── ReauthForm
    ├── ConfirmInput (type DELETE)
    ├── ScheduleDeletionBanner
    └── CancelDeletionLink

Block deletion when open orders, pending returns, or active subscriptions exist—show inline alert with link to resolve first.


Toggle typePrivacy pageNotification page
Analytics / cookies
Personalization / recommendationsOverlaps with recommendation emails
Third-party ads
Marketing emailNotification preferences
SMS marketingNotification preferences

When personalization off affects product recommendations UI, document the UX fallback (generic bestsellers)—note in Dev Mode.


ElementSpec
PositionBottom bar or corner modal
ActionsAccept all, Reject non-essential, Customize
Customize drawerCategory toggles: Essential (locked), Analytics, Marketing
PersistlocalStorage + sync on login
Re-openFooter “Cookie settings” link
CookieConsentBanner
├── Variant: state=hidden | visible | customizeOpen
└── Layers:
    ├── BannerBar
    ├── AcceptAllButton
    ├── RejectNonEssentialButton
    ├── CustomizeButton
    └── CookieCustomizeDrawer
        └── CategoryToggle (repeat)

Do not use Accept only without reject—regulators and trust audits flag it.


Mobile layout

PatternSpec
Stacked sectionsDownload, toggles, delete—full width cards
Delete at bottomExtra padding; no sticky overlap with save bars
Long policy linksWrap; min 44px tap height
Export statusFull-width banner above fold on return visit
Account navCollapse to sidebar drawer

At 375px, put destructive delete button below consequence copy—not beside it.


Handoff checklist

ItemDev Mode annotation
Export APIPOST /privacy/export → job ID → email webhook
Export TTLDownload link expiry (e.g. 7 days)
Delete APIPOST /privacy/delete → grace period cron
Consent flagsMap to analytics SDK and ad pixels
Policy versionconsentVersion on accept; re-prompt on change
BlockersOpen order/subscription checks server-side
Audit logTimestamp + IP for export/delete requests
a11yDestructive actions use aria-describedby for warnings

Document data categories in export ZIP readme—engineering often forgets the user-facing manifest.


Common mistakes

MistakeWhy it hurtsFix
Delete in one clickAccidental loss + support loadMulti-step + re-auth
Export with no status UIUsers request repeatedlyPending + ready banners
Privacy toggles ≠ cookie bannerInconsistent consentSingle consent backend
Hiding reject on cookiesCompliance riskReject non-essential button
Marketing off in wrong placeUsers can’t find email opt-outLink to notification preferences
No open-order blockerFulfillment failuresBlock delete with clear CTA
Legal jargon onlyUsers don’t understandPlain-language row descriptions
No grace period undoRegret + angry tickets14-day cancel deletion link

  1. Map data categories with legal—orders, profile, addresses, wishlist, consent history.
  2. Build PrivacySettingsPanel with download and delete sections.
  3. Design export verify + status states (pending, ready, expired).
  4. Design delete flow with blockers for active orders and subscriptions.
  5. Add consent toggles synced with cookie banner categories.
  6. Build CookieConsentBanner for pre-login visitors.
  7. Cross-link account dashboard nav and notification preferences.
  8. Prototype delete confirmation on mobile—mis-taps are common.

FAQ

Separate Privacy page or under Profile?

Use a dedicated Privacy & data page when you offer export and delete—Profile stays for name and password; privacy rights deserve their own IA slot.

Include payment card data in export?

Show last four digits and brand only—never full PAN. State that in the data summary before export.

Show until choice saved; do not re-show on every session unless policy version changes.

Add a Do Not Sell or Share My Personal Information row in consent toggles for California users—or link to a dedicated disclosure page.


Next steps

Share on X

§ Keep reading

Related guides.