Canva's service is not intended for children under 13 in most countries, and Canva states it does not knowingly collect data from this age group; if such data is collected accidentally, Canva says it will delete it.
This analysis describes what Canva's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision operationalizes Canva's compliance framework with children's privacy regulations, including the Children's Online Privacy Protection Act (COPPA) in the U.S. and equivalent statutory regimes in other jurisdictions. It establishes the company's data handling obligations when it discovers non-compliant collection of minors' information.
The updated privacy policy no longer explicitly discloses that Canva uses cookies to personalize ads, analyze website performance, or tailor content on partner sites. Previously, the policy stated these purposes and directed users to the cookie policy for more information and choice. The revised policy now mentions only that essential cookies are used to make Canva work. This change removes transparency about non-essential cookie uses and eliminates the cookie consent interface (Accept all cookies / Manage cookies buttons) that was previously presented in the privacy policy document itself.
View change record →The updated privacy policy no longer includes explicit language describing Canva's use of non-essential cookies for personalization, advertising tailoring, and website analytics. Previously, the policy stated that Canva would use these cookies only if users accepted. The removal of this disclosure means the policy no longer clearly explains these cookie categories or presents a consent interaction for non-essential cookies at the point where this information was previously disclosed. Depending on applicable cookie law and Canva's implementation, users may need to consult additional documentation such as a separate cookie policy to understand how non-essential cookies are managed.
View change record →The updated privacy policy no longer explicitly discloses optional cookie uses or provides cookie preference controls on the privacy policy page itself. Previously, Canva stated it would use non-essential cookies for personalization, ad targeting, and analytics only if users accepted, and offered 'Accept all cookies' and 'Manage cookies' options. The removal of this disclosure and consent mechanism may affect how users understand cookie practices and when consent is obtained. Users who previously accessed cookie preferences through the privacy policy will need to locate these controls elsewhere on the Canva platform if they remain available.
View change record →While Canva states it does not knowingly collect data from children under 13, the policy does not describe a technical age verification mechanism, meaning the protection depends partly on accurate age representation by users at registration. Parents who discover a child has created a Canva account can request deletion of that account's data by contacting privacy@canva.com.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
Monitoring
Canva has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Our Service is not directed to children under the age of 13 (or a higher minimum age in certain countries), and we do not knowingly collect personal information from children under that age. If we learn that we have collected personal information of a child under the relevant age without parental consent where required, we will take steps to delete that information.— Excerpt from Canva's Canva Privacy Policy
REGULATORY LANDSCAPE: This provision engages COPPA (Children's Online Privacy Protection Act) in the United States, which applies to operators of websites or online services directed to children under 13 or that have actual knowledge they are collecting personal information from children under 13. It also engages GDPR Article 8 (which sets minimum ages for consent to information society services at 13-16 depending on EU member state) and equivalent provisions in UK GDPR. The FTC is the primary US enforcement authority for COPPA. The UK ICO has issued specific guidance under its Children's Code (Age Appropriate Design Code). GOVERNANCE EXPOSURE: Medium. The standard 'not knowingly' language is the conventional COPPA compliance posture but has been subject to FTC scrutiny where platforms lack reasonable age assurance mechanisms. Canva's education product, which serves schools and may involve users under 13, creates a distinct compliance pathway that may be addressed separately in Canva's education-specific terms. JURISDICTION FLAGS: EU member states have varying minimum ages for consent under GDPR Article 8 (ranging from 13 to 16 years), creating a compliance patchwork for Canva's European user base. The UK Children's Code imposes additional design and data minimization requirements for services likely to be accessed by children. US states including California have enacted the Age-Appropriate Design Code Act, which may impose additional obligations. CONTRACT AND VENDOR IMPLICATIONS: School and educational institution customers using Canva for Education should confirm that Canva's FERPA and COPPA compliance representations are documented in their contractual agreements, and that Canva's role as a school official or operator under COPPA's school consent exception is clearly established. COMPLIANCE CONSIDERATIONS: Compliance teams at organizations offering Canva access to employees or customers in contexts where minors may interact with the service should assess whether Canva's age restriction mechanisms are adequate for their use case. Educational institutions should review Canva's student data privacy commitments in its education-specific agreements.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision operationalizes Canva's compliance framework with children's privacy regulations, including the Children's Online Privacy Protection Act (COPPA) in the U.S. and equivalent statutory regimes in other jurisdictions. It establishes the company's data handling obligations when it discovers non-compliant collection of minors' information.
While Canva states it does not knowingly collect data from children under 13, the policy does not describe a technical age verification mechanism, meaning the protection depends partly on accurate age representation by users at registration. Parents who discover a child has created a Canva account can request deletion of that account's data by contacting privacy@canva.com.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Canva.