Privacy Policy

1. Introduction

Kanvas ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at getkanvas.ai and any associated services, applications, or tools (collectively, the "Service").

By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

• Account information: Name, email address, password, profile photo, and workspace details when you create an account.
• Workspace content: Tasks, messages, documents, files, comments, and any other content you create or upload within your workspace.
• Payment information: Billing address and payment method details, processed securely through our third-party payment processor (Stripe). We do not store full credit card numbers.
• Communications: Messages you send to our support team, feedback, and survey responses.

2.2 Information Collected Automatically

• Usage data: Pages visited, features used, clicks, scrolling behavior, and time spent on the platform.
• Device information: Browser type, operating system, device type, IP address, and screen resolution.
• Cookies and tracking: We use cookies and similar technologies to maintain sessions, remember preferences, and analyze platform usage. See Section 7 for details.
• Log data: Server logs that record requests, timestamps, referring URLs, and error reports.

2.3 Information from Third Parties

• OAuth providers: When you sign in via Google or GitHub, we receive your name, email, and profile picture from those services.
• Integrations: If you connect third-party tools (GitHub, Figma, Slack, etc.), we may receive data necessary to provide the integration functionality.

3. How We Use Your Information

• Provide, operate, and maintain the Service.
• Authenticate your identity and manage your account.
• Process transactions and send related information including billing confirmations.
• Power AI features (e.g., the Kanvas AI assistant) to provide contextual suggestions, summaries, and automations within your workspace.
• Send service-related notifications, updates, and security alerts.
• Respond to your support requests and communications.
• Analyze usage patterns to improve and optimize the platform.
• Detect, prevent, and address fraud, abuse, and technical issues.
• Comply with legal obligations and enforce our terms.

4. AI and Your Data

Kanvas uses artificial intelligence to power features like the AI assistant, meeting summaries, task suggestions, and document generation. Important details about how AI interacts with your data:

• Your data is not used to train AI models. Workspace content sent to AI providers (Anthropic, OpenAI) is used solely to generate responses for your requests and is not retained by those providers for model training.
• AI processing occurs in real-time and is scoped to your workspace context only.
• You can disable AI features at any time from your workspace settings without affecting other functionality.
• AI-generated content (summaries, suggestions, action items) is stored within your workspace and subject to the same data retention and deletion policies as all other content.

5. How We Share Your Information

We do not sell your personal information. We may share information in the following circumstances:

• Service providers: Third-party vendors who assist in operating the Service (hosting, payment processing, analytics, email delivery, AI providers). These providers are contractually obligated to protect your data.
• Workspace members: Content you create within a workspace is visible to other members of that workspace as determined by your workspace permissions.
• Legal requirements: When required by law, subpoena, or government request, or to protect the rights, safety, or property of Kanvas, our users, or the public.
• Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specifically:

• Account data: Retained until you delete your account. Upon deletion, personal data is removed within 30 days, except where retention is required by law.
• Workspace content: Retained until deleted by workspace administrators or until the workspace is deleted.
• Usage and log data: Retained for up to 12 months for analytics and security purposes.
• Billing records: Retained for up to 7 years as required by tax and accounting regulations.

7. Cookies and Tracking

We use the following types of cookies:

• Essential cookies: Required for authentication, security, and core functionality. These cannot be disabled.
• Analytics cookies: Help us understand how users interact with the platform so we can improve the experience.
• Preference cookies: Remember your settings and display preferences.

We do not use advertising or third-party tracking cookies. You can manage cookie preferences through your browser settings.

8. Data Security

We implement industry-standard security measures to protect your data, including:

• TLS 1.3 encryption for all data in transit.
• AES-256 encryption for data at rest.
• Regular security audits and vulnerability assessments.
• Role-based access controls for internal systems.
• Secure, isolated database architecture with row-level security (RLS).

While we take reasonable precautions, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to processing of your data for certain purposes.
• Restriction: Request that we limit how we process your data.

To exercise any of these rights, contact us at privacy@getkanvas.ai. We will respond within 30 days.

10. Children's Privacy

The Service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected such information, we will delete it promptly.

11. International Data Transfers

Your data may be processed in countries other than your own, including the United States. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses where required.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: privacy@getkanvas.ai
• Website: https://www.getkanvas.ai