Canva states it may use designs, images, text, and other content you create or upload on its platform to train and improve its AI tools and general product features.
This analysis describes what Canva's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision is significant because it asserts that user-generated content, which may include proprietary business designs, personal photos, or confidential documents, can be used for AI model training purposes, subject to controls described elsewhere in the policy.
Interpretive note: The precise scope of opt-out controls and whether they satisfy GDPR consent standards cannot be determined from policy text alone; operational implementation of controls requires separate verification.
The updated privacy policy no longer explicitly discloses that Canva uses cookies to personalize ads, analyze website performance, or tailor content on partner sites. Previously, the policy stated these purposes and directed users to the cookie policy for more information and choice. The revised policy now mentions only that essential cookies are used to make Canva work. This change removes transparency about non-essential cookie uses and eliminates the cookie consent interface (Accept all cookies / Manage cookies buttons) that was previously presented in the privacy policy document itself.
View change record →The updated privacy policy no longer includes explicit language describing Canva's use of non-essential cookies for personalization, advertising tailoring, and website analytics. Previously, the policy stated that Canva would use these cookies only if users accepted. The removal of this disclosure means the policy no longer clearly explains these cookie categories or presents a consent interaction for non-essential cookies at the point where this information was previously disclosed. Depending on applicable cookie law and Canva's implementation, users may need to consult additional documentation such as a separate cookie policy to understand how non-essential cookies are managed.
View change record →The updated privacy policy no longer explicitly discloses optional cookie uses or provides cookie preference controls on the privacy policy page itself. Previously, Canva stated it would use non-essential cookies for personalization, ad targeting, and analytics only if users accepted, and offered 'Accept all cookies' and 'Manage cookies' options. The removal of this disclosure and consent mechanism may affect how users understand cookie practices and when consent is obtained. Users who previously accessed cookie preferences through the privacy policy will need to locate these controls elsewhere on the Canva platform if they remain available.
View change record →Users who upload sensitive, proprietary, or personal content to Canva should be aware that the policy states this content may be used for AI training and service improvement. The practical scope of this use depends on what opt-out controls are available and whether users have reviewed the separate AI feature terms.
How other platforms handle this
Depending on where you are located, you may have certain rights regarding your personal information, including the right to access, correct, delete, or restrict processing of your personal information, the right to data portability, and the right to object to or withdraw consent for certain processi...
For individuals in the United States, please also refer to our Notice For Individuals Residing In Certain US States below and the Consumer Health Data Policy.
Depending on your location, you may have certain rights regarding your personal data, including the right to access, correct, delete, or port your data. EU and UK users may also have the right to object to or restrict certain processing. California residents may have the right to know, delete, corre...
Monitoring
Canva has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may use content you create, upload, or share on Canva to improve our products and services, including to train and improve our AI and machine learning models. This is subject to the settings and controls available to you and any additional terms that apply to specific AI features.— Excerpt from Canva's Canva Privacy Policy
REGULATORY LANDSCAPE: This provision implicates GDPR Articles 6 and 9 regarding lawful basis for processing, and Article 22 regarding automated decision-making. For EU users, AI training use of personal data requires a clear lawful basis, typically consent or legitimate interests with a balancing test. The EU AI Act may also apply depending on the classification of Canva's AI systems. The FTC Act is relevant for US users regarding transparency of AI data use practices. GOVERNANCE EXPOSURE: High. The use of user-generated content for AI training is a sensitive and actively scrutinized data practice. Enterprise and business customers who use Canva to create proprietary materials face potential exposure if content governance policies do not account for this provision. The adequacy of disclosed opt-out controls is a key question that compliance teams should verify operationally rather than relying solely on the policy text. JURISDICTION FLAGS: EU and UK users have heightened exposure given GDPR consent and transparency requirements. California users may have rights under CPRA regarding automated processing. Enterprise customers in regulated industries such as financial services, healthcare, and legal services face additional risk if confidential client materials are processed under this provision. CONTRACT AND VENDOR IMPLICATIONS: B2B and enterprise procurement teams should verify whether Canva's Data Processing Agreement explicitly addresses AI training use of customer content and whether opt-out controls are contractually guaranteed. Standard DPA language may not cover AI training use, and this should be a specific negotiation point for enterprise agreements. COMPLIANCE CONSIDERATIONS: Compliance teams should audit what content categories employees are uploading to Canva, verify what opt-out controls are technically available and documented, and update internal acceptable-use policies to reflect AI training data exposure. For EU entities, a legitimate interests assessment or consent mechanism review may be required. For education customers, confirm whether student-generated content is excluded from AI training use.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision is significant because it asserts that user-generated content, which may include proprietary business designs, personal photos, or confidential documents, can be used for AI model training purposes, subject to controls described elsewhere in the policy.
Users who upload sensitive, proprietary, or personal content to Canva should be aware that the policy states this content may be used for AI training and service improvement. The practical scope of this use depends on what opt-out controls are available and whether users have reviewed the separate AI feature terms.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Canva.