Additional terms of service for verified educational users and institutions
Overall Score
Risk by Category
This policy outlines the additional terms of use specifically for Canva for Education accounts, which provide free or discounted access to Canva's tools for verified educational institutions, teachers, and students. It supplements Canva's general Terms of Use and Privacy Policy, emphasizing non-commercial use, administrative controls for schools, content restrictions, compliance with education laws like FERPA/COPPA, and limitations on liability. Key focuses include eligibility verification, account management by admins, data sharing within institutions, and prohibitions on resale or commercial exploitation of designs.
School administrators can view, manage, and delete user content within their organization.
Users under 13 require parental consent; compliance with COPPA.
Service provided 'as is' with no guarantees for educational outcomes.
Verified edu users get Pro features for free.
Supports compliance with student privacy laws.
Users retain ownership of their designs.
Spotify collects the following categories of personal data. High Risk categories are used for advertising profiling or involve sensitive personal information.
Email and institution details for verification.
Activity logs for account management.
Your data serves the following purposes. Mandatory purposes cannot be disabled without canceling the service. Opt-out available purposes allow some user control.
Design data shared with school admins for management.
Usage data used to improve edu features.
Spotify shares data with several categories of third parties. Sharing with advertising partners is extensive and represents the primary commercial use of your behavioral data.
Shared with cloud providers under strict agreements.
Shared within verified edu organizations.
The following rights may be available to you depending on your region. EU/EEA users have the broadest protections under GDPR. Non-EU users have more limited guarantees.
Users can access and export their designs.
Users and admins can delete content; data removed per privacy policy.
Institutions have controls over student accounts.
Data is retained for different periods depending on category, and security disclosures vary in depth. The policy highlights the following retention and transparency points.
Retention Periods
Data retained as needed for billing/compliance, then deleted.
Institutional records kept for verification.
Retained indefinitely for analytics.
Security & Transparency
Data encrypted in transit and at rest (per main policy).
Supports FERPA/GDPR compliance.
Secure role-based access for institutions.
Source Text
Accounts only for verified .edu emails or institutions.
Interpretation
Limits access to legitimate edu users, reducing abuse risk.
Source Text
Admins can suspend/delete accounts and view content.
Interpretation
Balances institutional oversight with user privacy.
Source Text
Designs cannot be sold or used commercially.
Interpretation
Enforces edu-only purpose.
Source Text
No guarantee of suitability for teaching.
Interpretation
Standard disclaimer protecting Canva.
Verified teachers, students, and staff from accredited educational institutions.