Rules for responsible use of Canva services
Overall Score
Risk by Category
Canva's Acceptable Use Policy (AUP) outlines prohibited activities to maintain a safe, legal, and trustworthy platform. Effective May 24, 2024, it covers 10 main categories of prohibitions including illegal or harmful activities, child sexual abuse material, fraud, harassment, hateful content, IP violations, malware distribution, spamming, security violations like scraping or hacking, and other misuses such as reverse engineering or generating excessive server load. Violations can lead to account suspension or termination without notice. Users are encouraged to report violations, and the policy can be updated with notice.
Canva reserves the right to suspend or terminate accounts for any violation without prior notice or detailed explanation.
Policy does not outline a formal appeal mechanism for enforcement actions.
Detailed, categorized prohibitions help users understand boundaries.
Easy reporting process via designated form to address issues promptly.
Policy is reviewed and updated periodically with user notification.
Spotify collects the following categories of personal data. High Risk categories are used for advertising profiling or involve sensitive personal information.
Design files, images, text, and usage metadata collected during service use.
Your data serves the following purposes. Mandatory purposes cannot be disabled without canceling the service. Opt-out available purposes allow some user control.
Uploaded designs, images, and text are subject to review for compliance; may be accessed by Canva moderators.
Spotify shares data with several categories of third parties. Sharing with advertising partners is extensive and represents the primary commercial use of your behavioral data.
Focuses on user prohibitions; sharing handled in Privacy Policy.
The following rights may be available to you depending on your region. EU/EEA users have the broadest protections under GDPR. Non-EU users have more limited guarantees.
Right to use service can be revoked for violations with limited recourse.
Users have the right to report suspected AUP breaches.
Data is retained for different periods depending on category, and security disclosures vary in depth. The policy highlights the following retention and transparency points.
Retention Periods
Retention details deferred to Privacy Policy; content may be retained post-violation for investigation.
Violative content may be preserved for legal/compliance purposes.
Security & Transparency
Explicit ban on hacking, scraping, DDoS, and unauthorized access.
Does not disclose specific security measures like encryption.
Source Text
Prohibits production/distribution of CSAM or any child exploitation.
Interpretation
Zero-tolerance; immediate severe action, aligns with global laws.
Source Text
Users must not upload or use infringing content.
Interpretation
High risk for creators using unlicensed materials; Canva enforces DMCA.
Source Text
No bots, scraping, or interfering with service.
Interpretation
Protects platform; limits automation, common in SaaS.
Source Text
Canva may suspend/terminate without notice.
Interpretation
Strong enforcement power; users bear compliance burden.
Illegal activities, CSAM, fraud, harassment, hate speech, IP infringement, malware, spam, security violations, and excessive automated use.