What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: The policy engages GDPR and UK GDPR (applicable to EU and UK users), the Australian Privacy Act 1988 (given Canva's incorporation in Australia), CCPA and CPRA (for California residents), and COPPA and related state student privacy laws (for the education product serving minors). The FTC Act is implicated for US users with respect to unfair or deceptive data practices. Canva references Standard Contractual Clauses as a cross-border transfer mechanism for data leaving the EE…

How does Canva's Canva Privacy Policy affect users?

The policy establishes that Canva collects comprehensive personal data encompassing uploaded designs, documents, images, usage patterns, and device information. The terms authorize data sharing with third-party advertising, analytics, and service integration partners, and permit incorporation of user content into service improvement and AI model development. Users retain the ability to exercise data subject rights including access requests, deletion requests, and opt-out selections for certain …

How often is Canva's Canva Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Canva updates this document?

Yes. Watcher subscribers ($9.99/month) can add Canva to their watchlist and receive same-day email alerts whenever this document or any other Canva document changes.

CA-D-000204

Canva Privacy Policy

Canva

Last change detected May 14, 2026 Privacy policy

SHA-256: 84580c4f089cbc2cf26… 9 versions captured 9 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Canva ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

2 High severity

5 Medium severity

1 Low severity

Summary

Canva's privacy policy establishes the categories of personal data collected during service use, including account information, payment details, uploaded content, usage metrics, and device identifiers. The policy authorizes Canva to share collected data with advertising, analytics, and integration partners, and permits use of user-generated content and uploaded materials to improve platform services and train machine learning features. Users may submit requests to access, delete, or restrict processing of personal data through canva.com/privacy.

Technical / Legal Breakdown

This document is Canva's global Privacy Policy governing the collection, use, storage, and disclosure of personal information across Canva's design platform and related services, with legal bases including consent, legitimate interests, and contractual necessity depending on jurisdiction. The policy states that Canva collects name, email address, payment information, usage data, device identifiers, log data, location-related data, and content created or uploaded by users, and the terms authorize sharing this information with service providers, advertising partners, analytics providers, integration partners, and in the context of business transfers. The policy asserts broad authority to use user-generated content and uploaded materials to improve Canva's services and AI features, including training of machine learning models, subject to limitations described in separate AI-specific terms; the scope of consent obtained for AI training purposes may require evaluation under GDPR and applicable consumer protection frameworks depending on how opt-in or opt-out mechanisms are implemented in practice. The policy engages GDPR and UK GDPR for EU and UK users, CCPA and CPRA for California residents, and Australian Privacy Act obligations given Canva's Australian incorporation, and the document describes regional rights including access, correction, deletion, portability, and objection; COPPA implications arise for the education product given its use by minors, and the policy references a separate Children's Privacy Policy for those contexts. Material compliance considerations include cross-border data transfer mechanisms (Standard Contractual Clauses are referenced), data retention practices, the adequacy of consent mechanisms for behavioral advertising, and the sufficiency of disclosures regarding AI training data use.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

9 important changes detected

9 versions captured · Last updated: May 2026

May 14, 2026

high

What changed Canva removed three sentences from its privacy policy cookie notice on May 14, 2026. The removed language disclosed that Canva uses cookies for personalizing ads, analyzing website performance, and tailoring content on partner sites, and directed users to learn more in the cookie policy. The policy also removed 'Accept all cookies' and 'Manage cookies' button options. The updated policy now states only that Canva uses essential cookies to make the service work, without disclosing non-essential cookie purposes or providing explicit cookie choice mechanisms in the privacy policy document itself.

Why this matters The updated privacy policy no longer explicitly discloses that Canva uses cookies to personalize ads, analyze website performance, or tailor content on partner sites. Previously, the policy stated these purposes and directed users to the cookie policy for more information and choice. The revised policy now mentions only that essential cookies are used to make Canva work. This change removes transparency about non-essential cookie uses and eliminates the cookie consent interface (Accept all cookies / Manage cookies buttons) that was previously presented in the privacy policy document itself.

View full change record →

May 11, 2026

low

What changed Canva's privacy policy page now displays a cookie banner before the main policy content. The update adds three sentences about cookie usage, stating that Canva uses essential cookies to operate the service and requests consent for additional cookies used for personalization, advertising, and analytics. Users can now accept all cookies or access detailed cookie preferences through a linked cookie policy.

Why this matters The updated privacy policy page now includes a prominent cookie disclosure banner before the main policy text. The banner states that Canva uses essential cookies required for service operation and requests consent to use additional cookies for personalization, advertising, and site analytics. You can either accept all cookies or access the cookie policy to manage individual preferences.

View full change record →

May 11, 2026 low

Canva's privacy policy footer was updated on May 11, 2026 to remove references to 'Magic Studio' and 'Windows Mac' from the product navigation section, and replaced them with 'Canva AI' …

View change record →

May 5, 2026 medium

Canva removed three sentences from its privacy policy that described cookie usage and consent options. The removed language previously explained that Canva uses non-essential cookies for personalization, advertising, and analytics, …

View change record →

May 5, 2026 low

Canva added a cookie consent notice to the top of its Privacy Policy on May 5, 2026. The new language discloses that Canva uses essential cookies to operate the service, …

View change record →

May 1, 2026 high

Canva removed three sentences from its privacy policy that described optional cookie uses and prompted users to accept or manage cookie preferences. The removed text explained that Canva uses non-essential …

View change record →

April 21, 2026 low

Canva's Privacy Policy was updated on April 21, 2026, with a single sentence modification in the policy header. The previous version dated the policy as last updated April 15, 2026; …

View change record →

April 20, 2026 low

Canva's Privacy Policy was updated on April 20, 2026. The only detected change in the document is the addition of 'Template library' to the product navigation menu within the policy …

View change record →

April 19, 2026 low

Canva's Privacy Policy was updated on April 19, 2026 to reflect changes in its product navigation and feature naming. The primary modification appears to be in the site navigation and …

View change record →

High — 2 provisions

User Content Used for AI and Service Improvement Compare →

Canva states it may use designs, images, text, and other content you create or upload on its platform to train and improve its AI tools and general product features.

Added May 11, 2026 Common Seen across 104 platforms
Children and Education Product Privacy Compare →

Canva's general policy does not apply to children under 13 using its education product; a separate Children's Privacy Policy governs that context, and schools are described as the intermediary responsible for obtaining appropriate consent.

Added May 11, 2026 Standard Seen across 262 platforms

Medium — 5 provisions

Data Sharing with Advertising and Analytics Partners Compare →

Canva states it shares device identifiers, usage data, and inferred interest information with advertising and analytics companies to serve targeted ads and measure platform performance.

Added May 11, 2026 Standard Seen across 246 platforms
Cross-Border Data Transfers and Standard Contractual Clauses Compare →

Because Canva operates globally, your personal data may be transferred to and processed in countries outside your home country, with Canva using Standard Contractual Clauses as the primary legal mechanism for EU data transfers.

Added May 11, 2026 Standard Seen across 246 platforms
User Data Rights Including Access, Correction, and Deletion Compare →

Canva states that depending on your jurisdiction, you may have rights to access, correct, delete, or export your personal data, and to object to certain uses, with requests submitted through Canva's privacy settings or request form.

Added May 11, 2026 Standard Seen across 223 platforms
Cookies and Tracking Technologies Compare →

Canva uses cookies for both essential platform functions and optional purposes including advertising targeting and analytics. Non-essential cookies can be managed through a cookie settings tool.

Added May 11, 2026 Standard Seen across 251 platforms
Business Transfer and Acquisition Compare →

If Canva is sold or merges with another company, your personal data may be transferred to the new owner, with notification provided by email or site notice before any change in privacy policy applies.

Added May 11, 2026 Standard Seen across 246 platforms

Low — 1 provision

Data Retention Compare →

Canva states it keeps your personal data for as long as needed to operate its service, meet legal obligations, resolve disputes, and enforce its agreements, after which it will delete or anonymize the data.

Added May 10, 2026 Standard Seen across 223 platforms

Monitoring

Canva has updated this document before.

Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

Professional Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Professional free trial

Cross-platform context

See how other platforms handle AI/ML Training on User Content and similar clauses.

Compare across platforms →

Archival ProvenanceSource & Archival Record

Last Captured May 14, 2026 04:38 UTC

Capture Method Automated scheduled archival capture

Document ID CA-D-000204

Version ID CA-V-002608

Source URL https://www.canva.com/policies/privacy-policy/

Wayback Machine View external archival references →

SHA-256 84580c4f089cbc2cf2661d09ee53ec149c335dba6407cb49b90bfbfa1586a979

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Canva Privacy Policy

May 14, 2026

May 11, 2026

Monitor governance changes across the platforms you rely on.