Canva states it may use designs, images, text, and other content you create or upload on its platform to train and improve its AI tools and general product features.
This analysis describes what Canva's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision is significant because it asserts that user-generated content, which may include proprietary business designs, personal photos, or confidential documents, can be used for AI model training purposes, subject to controls described elsewhere in the policy.
Interpretive note: The precise scope of opt-out controls and whether they satisfy GDPR consent standards cannot be determined from policy text alone; operational implementation of controls requires separate verification.
The updated privacy policy no longer includes explicit language describing Canva's use of non-essential cookies for personalization, advertising tailoring, and website analytics. Previously, the poli…
The updated privacy policy no longer explicitly discloses optional cookie uses or provides cookie preference controls on the privacy policy page itself. Previously, Canva stated it would use non-esse…
Users who upload sensitive, proprietary, or personal content to Canva should be aware that the policy states this content may be used for AI training and service improvement. The practical scope of this use depends on what opt-out controls are available and whether users have reviewed the separate AI feature terms.
How other platforms handle this
We may use the content you provide to us, including prompts and generated images, to train and improve our AI models and services.
After registration, you may create, upload or transmit files, documents, videos, images, data or information as part of your use of the Service (collectively, "User Content"). This includes any inputs you provide to our AI-powered support tools and outputs generated in response to your inputs. User ...
When you use AI features of the Services, you acknowledge that your inputs may be processed by third-party AI providers. ClickUp may use anonymized and aggregated data derived from your use of the Services to improve and train AI models and features.
Monitoring
Canva has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may use content you create, upload, or share on Canva to improve our products and services, including to train and improve our AI and machine learning models. This is subject to the settings and controls available to you and any additional terms that apply to specific AI features.— Excerpt from Canva's Canva Privacy Policy
REGULATORY LANDSCAPE: This provision implicates GDPR Articles 6 and 9 regarding lawful basis for processing, and Article 22 regarding automated decision-making. For EU users, AI training use of personal data requires a clear lawful basis, typically consent or legitimate interests with a balancing test. The EU AI Act may also apply depending on the classification of Canva's AI systems. The FTC Act is relevant for US users regarding transparency of AI data use practices. GOVERNANCE EXPOSURE: High. The use of user-generated content for AI training is a sensitive and actively scrutinized data practice. Enterprise and business customers who use Canva to create proprietary materials face potential exposure if content governance policies do not account for this provision. The adequacy of disclosed opt-out controls is a key question that compliance teams should verify operationally rather than relying solely on the policy text. JURISDICTION FLAGS: EU and UK users have heightened exposure given GDPR consent and transparency requirements. California users may have rights under CPRA regarding automated processing. Enterprise customers in regulated industries such as financial services, healthcare, and legal services face additional risk if confidential client materials are processed under this provision. CONTRACT AND VENDOR IMPLICATIONS: B2B and enterprise procurement teams should verify whether Canva's Data Processing Agreement explicitly addresses AI training use of customer content and whether opt-out controls are contractually guaranteed. Standard DPA language may not cover AI training use, and this should be a specific negotiation point for enterprise agreements. COMPLIANCE CONSIDERATIONS: Compliance teams should audit what content categories employees are uploading to Canva, verify what opt-out controls are technically available and documented, and update internal acceptable-use policies to reflect AI training data exposure. For EU entities, a legitimate interests assessment or consent mechanism review may be required. For education customers, confirm whether student-generated content is excluded from AI training use.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
How 10 AI platforms describe the use of user data for model training, improvement, and development, based on archived governance provisions.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision is significant because it asserts that user-generated content, which may include proprietary business designs, personal photos, or confidential documents, can be used for AI model training purposes, subject to controls described elsewhere in the policy.
Users who upload sensitive, proprietary, or personal content to Canva should be aware that the policy states this content may be used for AI training and service improvement. The practical scope of this use depends on what opt-out controls are available and whether users have reviewed the separate AI feature terms.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Canva.