Canva removed three sentences from its Terms of Use that previously offered users a choice about non-essential cookies. The removed language stated that Canva would like to use additional cookies for personalization, ad targeting, and analytics 'but only if you accept', and directed users to the cookie policy for more information. The updated Terms no longer include this explicit cookie consent offer or the 'Accept all cookies' and 'Manage cookies' buttons that appeared in the previous version. The practical effect is that the cookie choice disclosure previously presented at the top of the Terms is now absent from this document section.
The updated Terms of Use no longer display the explicit cookie choice language that previously appeared at the top of the document. This language offered users a choice to accept or manage non-essential cookies for personalization, ad targeting, and analytics purposes. The removal of this disclosure from the Terms document does not appear to change Canva's cookie practices themselves; the Cookies Policy remains linked in the document footer and continues to govern cookie management. Users retain the same ability to manage cookies through that policy, but the direct offer and explanation that previously appeared in the Terms is now absent from this section.
The updated Terms remove the explicit cookie consent offer that users previously encountered at the document's opening. While cookie management mechanisms remain available through the linked Cookies Policy, users no longer see the upfront disclosure that Canva uses cookies for personalization, ad targeting, and analytics. This represents a shift from inline consent disclosure to reliance on a separate policy document.
Cookie choice language and consent buttons removed from main Terms; Cookies Policy remains linked in footer.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
Canva removed three sentences offering cookie consent from the top of its Terms of Use, specifically the language presenting a choice to 'accept all cookies' or 'manage cookies'. This is a formatting and disclosure reorganization rather than a substantive policy change; the Cookies Policy remains in effect and referenced in the footer. From a regulatory perspective, this removal does not eliminate cookie disclosures or consent mechanisms, which continue to exist in the separate Cookies Policy. However, organizations reviewing Canva's Terms should note that consent language is no longer presented inline with the main Terms; instead, it is accessed through the linked Cookies Policy. This change does not appear to create new compliance obligations for organizations using Canva, though any vendor governance review should confirm that cookie consent mechanisms remain accessible and functional through the policy pathway.
GDPR (cookie consent and legitimate interest disclosure); CCPA (cookie management and opt-out disclosure); ePrivacy Directive (cookie consent mechanism)
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Monitor: regulatory citations + obligations. Compliance: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-002857.
Establishes Canva's ownership of all Service IP and prohibits unauthorized use of trademarks without explicit prior written consent.
Replaces previous liability cap with broader categorical exclusion of consequential and indirect damages rather than a monetary limit.
Establishes explicit restrictions on scraping, automated access, and reverse-engineering of the Service to prevent unauthorized data extraction.
Requires users to bear legal costs and liability for claims arising from their use, breaches, or User Content, shifting substantial risk to users.
Removal of specific monetary liability cap (AUD $100 or prior payments) eliminates user's ability to quantify maximum damages exposure and may increase potential liability for Canva.
Removal of specific AI-related disclaimers and responsibility allocation may reduce transparency regarding AI limitations and accuracy concerns.
Removal of explicit language permitting unrestricted use of aggregated/de-identified data may reflect updated privacy practices or implicit handling under other policies.
Severity downgraded from high to medium; scope narrowed from Canva's broader business purposes to specific Service-related purposes; added explicit 'translate' and 'modify' rights while removing reference to successors and affiliates.
Expanded from passive class action waiver to explicit mandatory binding arbitration requirement with ALL CAPS formatting; added carve-outs for small claims court and injunctive relief.
Broadened to include discontinuing the entire Service or any part; added explicit no-liability clause for suspensions/terminations; removed requirement that suspension be based on reasonable belief of Terms violation.
Added explicit statement about not knowingly collecting personal information from under-13s; changed requirement from 'consent and supervision' to 'approval only'; replaced attestation clause with parent/guardian notification mechanism.
Transformed from single jurisdiction (New South Wales) to regional framework with three different governing laws and contracting entities based on user residency.
Cross-platform context
See how other platforms handle similar provisions across the ConductAtlas archive.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — MonitorCanva added a reference to 'SMS Terms' in the footer section of their Privacy Policy on June 11, 2026. Previously, …
Canva removed three sentences from its privacy policy cookie notice on May 14, 2026. The removed language disclosed that Canva …
Canva's privacy policy page now displays a cookie banner before the main policy content. The update adds three sentences about …
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them t…
ConductAtlas tracked the restructuring, new disclosures, and entity changes that followed the largest privacy fine in EU history.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do…
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.