Canva states that depending on your jurisdiction, you may have rights to access, correct, delete, or export your personal data, and to object to certain uses, with requests submitted through Canva's privacy settings or request form.
This analysis describes what Canva's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision describes the mechanism through which users can exercise data rights under GDPR, CCPA, and equivalent frameworks. The conditional framing ('depending on where you live') means that the availability of specific rights varies by jurisdiction, and users outside covered jurisdictions may have fewer or no enforceable rights under this policy.
The updated privacy policy no longer includes explicit language describing Canva's use of non-essential cookies for personalization, advertising tailoring, and website analytics. Previously, the poli…
The updated privacy policy no longer explicitly discloses optional cookie uses or provides cookie preference controls on the privacy policy page itself. Previously, Canva stated it would use non-esse…
EU, UK, California, and Australian users have the most clearly stated rights under this provision, including the right to request deletion of personal data held by Canva. Users in jurisdictions not covered by specific privacy legislation may have more limited rights as described in this policy.
How other platforms handle this
Managing And Deleting Your Information. You have the right to access, correct, or delete your information in certain circumstances. We store information until it is no longer necessary to provide our Services or until your account is deleted, whichever comes first. You can delete your WhatsApp accou...
These reasons for collecting and processing Personal Data determine and limit what Personal Data we collect and how we use it (section 3. below), how long we store it (section 4. below), who has access to it (section 5. below) and what rights and other control mechanisms are available to you as a us...
In some regions (like the U.S., the EEA, Switzerland and the UK), you have certain rights under applicable data protection laws. ... HOW CAN YOU REVIEW, UPDATE OR DELETE THE DATA WE COLLECT FROM YOU?
Monitoring
Canva has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Depending on where you live, you may have certain rights with respect to your personal information, including the right to access, correct, or delete your personal information, the right to data portability, and the right to object to or restrict certain processing. To exercise these rights, you can visit our privacy settings page or submit a request through our privacy request form.— Excerpt from Canva's Canva Privacy Policy
REGULATORY LANDSCAPE: This provision implicates GDPR Articles 15-22 (rights of data subjects), CCPA and CPRA consumer rights provisions, the Australian Privacy Act's access and correction rights, and UK GDPR equivalent rights. The timeframes for responding to rights requests under GDPR (one month, extendable to three months) and CCPA (45 days, extendable) are regulatory requirements that Canva must operationally satisfy, though response time commitments are not specified in the policy text reviewed. GOVERNANCE EXPOSURE: Medium. Rights request handling is a well-established compliance area, but operational fulfillment, including completeness of data disclosure, verifiable identity authentication, and response timing, creates ongoing compliance risk. The absence of specified response timeframes in the policy text means operational compliance must be verified separately. JURISDICTION FLAGS: EU and UK users have the most comprehensive and enforceable rights under GDPR and UK GDPR. California residents have CCPA and CPRA rights including the right to know, delete, correct, and opt out. Australian users have rights under the Australian Privacy Act. Users in other jurisdictions may have rights under applicable national or state laws not specifically enumerated in this policy. CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers acting as controllers under GDPR must be able to fulfill data subject rights requests directed to them that require Canva's cooperation as a processor. DPAs should specify Canva's obligations to assist controllers in responding to data subject rights requests within regulatory timeframes. COMPLIANCE CONSIDERATIONS: Compliance teams should test the functionality of Canva's privacy request portal to confirm that access, deletion, and portability requests can be submitted and fulfilled within applicable regulatory timeframes. For enterprise deployments, confirm that the DPA includes processor assistance obligations for rights requests. Document the identity verification mechanism used by Canva for rights requests to assess adequacy under applicable law.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision describes the mechanism through which users can exercise data rights under GDPR, CCPA, and equivalent frameworks. The conditional framing ('depending on where you live') means that the availability of specific rights varies by jurisdiction, and users outside covered jurisdictions may have fewer or no enforceable rights under this policy.
EU, UK, California, and Australian users have the most clearly stated rights under this provision, including the right to request deletion of personal data held by Canva. Users in jurisdictions not covered by specific privacy legislation may have more limited rights as described in this policy.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Canva.