8 Total
2 High severity
5 Medium severity
1 Low severity
Summary

Canva's privacy policy establishes the categories of personal data collected during service use, including account information, payment details, uploaded content, usage metrics, and device identifiers. The policy authorizes Canva to share collected data with advertising, analytics, and integration partners, and permits use of user-generated content and uploaded materials to improve platform services and train machine learning features. Users may submit requests to access, delete, or restrict processing of personal data through canva.com/privacy.

Technical / Legal Breakdown

This document is Canva's global Privacy Policy governing the collection, use, storage, and disclosure of personal information across Canva's design platform and related services, with legal bases including consent, legitimate interests, and contractual necessity depending on jurisdiction. The policy states that Canva collects name, email address, payment information, usage data, device identifiers, log data, location-related data, and content created or uploaded by users, and the terms authorize sharing this information with service providers, advertising partners, analytics providers, integration partners, and in the context of business transfers. The policy asserts broad authority to use user-generated content and uploaded materials to improve Canva's services and AI features, including training of machine learning models, subject to limitations described in separate AI-specific terms; the scope of consent obtained for AI training purposes may require evaluation under GDPR and applicable consumer protection frameworks depending on how opt-in or opt-out mechanisms are implemented in practice. The policy engages GDPR and UK GDPR for EU and UK users, CCPA and CPRA for California residents, and Australian Privacy Act obligations given Canva's Australian incorporation, and the document describes regional rights including access, correction, deletion, portability, and objection; COPPA implications arise for the education product given its use by minors, and the policy references a separate Children's Privacy Policy for those contexts. Material compliance considerations include cross-border data transfer mechanisms (Standard Contractual Clauses are referenced), data retention practices, the adequacy of consent mechanisms for behavioral advertising, and the sufficiency of disclosures regarding AI training data use.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

11 important changes detected

11 versions captured · Last updated: June 2026

June 12, 2026

unknown
What changed Canva updated their Canva Privacy Policy on June 12, 2026. Change detected: 3 sentence(s) added, 1 sentence(s) modified. Document contained 325 sentences after update.
View full change record →
What changed Canva added a reference to 'SMS Terms' in the footer section of their Privacy Policy on June 11, 2026. Previously, this policy document link did not appear in the footer's 'Other policies' section. The addition indicates that Canva now has a separate SMS Terms document governing SMS communications, which users can access through the footer navigation.
Why this matters Canva updated the footer of their Privacy Policy to include a link to 'SMS Terms', a separate policy document governing SMS communications. This change does not modify existing data handling practices but makes SMS-specific terms more discoverable in the footer navigation alongside other related policy documents. Users who communicate with Canva via SMS can now access dedicated SMS Terms through this link.
View full change record →

May 14, 2026 high

Canva removed three sentences from its privacy policy cookie notice on May 14, 2026. The removed language disclosed that Canva uses cookies for personalizing ads, analyzing website performance, and tailoring …

View change record →
May 11, 2026 low

Canva's privacy policy page now displays a cookie banner before the main policy content. The update adds three sentences about cookie usage, stating that Canva uses essential cookies to operate …

View change record →
May 11, 2026 low

Canva's privacy policy footer was updated on May 11, 2026 to remove references to 'Magic Studio' and 'Windows Mac' from the product navigation section, and replaced them with 'Canva AI' …

View change record →
May 5, 2026 medium

Canva removed three sentences from its privacy policy that described cookie usage and consent options. The removed language previously explained that Canva uses non-essential cookies for personalization, advertising, and analytics, …

View change record →
May 5, 2026 low

Canva added a cookie consent notice to the top of its Privacy Policy on May 5, 2026. The new language discloses that Canva uses essential cookies to operate the service, …

View change record →
May 1, 2026 high

Canva removed three sentences from its privacy policy that described optional cookie uses and prompted users to accept or manage cookie preferences. The removed text explained that Canva uses non-essential …

View change record →
April 21, 2026 low

Canva's Privacy Policy was updated on April 21, 2026, with a single sentence modification in the policy header. The previous version dated the policy as last updated April 15, 2026; …

View change record →
April 20, 2026 low

Canva's Privacy Policy was updated on April 20, 2026. The only detected change in the document is the addition of 'Template library' to the product navigation menu within the policy …

View change record →
April 19, 2026 low

Canva's Privacy Policy was updated on April 19, 2026 to reflect changes in its product navigation and feature naming. The primary modification appears to be in the site navigation and …

View change record →

Recent Provision Changes Jun 12, 2026

8 provisions unchanged.

View full change record →
High — 2 provisions
Medium — 5 provisions
Low — 1 provision

Monitoring

Canva has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle AI/ML Training on User Content and similar clauses.

Compare across platforms →
Archival ProvenanceSource & Archival Record
Last Captured June 12, 2026 00:27 UTC
Capture Method Automated scheduled archival capture
Document ID CA-D-000204
Version ID CA-V-003713
SHA-256 c13ebb470edef57f7b63503f28d4e21ea1ddf75ba27d994f0413af2d0ecb2e4c
✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Governance Monitoring

Monitor governance changes across the platforms you rely on.

Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.

Create free account Compare plans