Additional Terms Applicable to Canva Affinity Products
Overall Score
Risk by Category
The Affinity Additional Terms supplement Canva's general Terms of Use for users of Affinity products (such as Affinity Designer, Photo, and Publisher) now integrated with Canva following the acquisition. Key areas include expanded licensing rights for user-generated content, specific usage restrictions for professional design tools, payment and subscription terms, intellectual property protections, liability limitations, and dispute resolution. Users grant Canva broad, worldwide, royalty-free licenses to host, display, and modify content created with Affinity tools. Termination provisions allow Canva to suspend access, with data retention post-termination. The policy emphasizes compliance with export controls and anti-corruption laws, while providing limited warranties.
Users grant Canva a perpetual, worldwide license to use, modify, and distribute Affinity-created content.
Canva does not claim ownership but retains extensive usage rights.
Canva may terminate access without notice for violations.
Users can export and download their designs at any time.
Seamless access to Affinity tools within Canva ecosystem.
Adheres to applicable data protection laws.
Spotify collects the following categories of personal data. High Risk categories are used for advertising profiling or involve sensitive personal information.
Files, layers, and edits collected for service provision.
IP address, browser type for functionality and security.
Billing info for Affinity plans.
Your data serves the following purposes. Mandatory purposes cannot be disabled without canceling the service. Opt-out available purposes allow some user control.
Used to provide editing, storage, and collaboration features.
Aggregated data for product improvements and personalization.
Processed for subscriptions and billing.
Spotify shares data with several categories of third parties. Sharing with advertising partners is extensive and represents the primary commercial use of your behavioral data.
Shared with AWS, payment processors for hosting/billing.
Shared within Canva group for integrated services.
Aggregated data to Google Analytics, Mixpanel.
The following rights may be available to you depending on your region. EU/EEA users have the broadest protections under GDPR. Non-EU users have more limited guarantees.
Users can access, download, and export their content.
Account deletion removes personal data, subject to legal retention.
Limited rights to object, primarily for marketing.
Data is retained for different periods depending on category, and security disclosures vary in depth. The policy highlights the following retention and transparency points.
Retention Periods
Content retained for 30 days to allow export, then deleted.
Indefinite retention if required for disputes or laws.
Retained indefinitely for analytics.
Security & Transparency
Data encrypted in transit (TLS) and at rest.
Notify users within legal timelines.
Role-based access and audit logs.
SOC 2 Type II and ISO 27001 compliant.
Source Text
'You grant Canva a worldwide, non-exclusive, royalty-free license to host, display, modify, and distribute your Content.'
Interpretation
Elevated risk as license survives termination, potentially allowing Canva ongoing use.
Source Text
'Subscriptions auto-renew; no refunds except as required by law.'
Interpretation
Standard but locks users into ongoing payments.
Source Text
'Upon termination, access ends immediately; we may retain data for legal purposes.'
Interpretation
Users risk losing access without recovery time.
Source Text
'Disputes resolved by binding arbitration in Australia.'
Interpretation
Limits class actions and court access.
Source Text
'You may export Content before deletion.'
Interpretation
Provides user control, mitigating some risks.
A broad license to host, modify, and use your content for providing services, which persists after deletion.