Legal terms governing enterprise subscriptions to Canva services
Overall Score
Risk by Category
The Canva Master Subscription Agreement (MSA) outlines the terms for enterprise customers subscribing to Canva's cloud-based design platform. It covers subscription services, payments, intellectual property rights, user content licenses, confidentiality, warranties, indemnification, termination, and governing law. Key aspects include broad licenses granted by users to Canva for hosting and displaying content, disclaimers of warranties, limitations on liability, and Australian governing law. The agreement references the separate Privacy Policy for data handling details.
Users grant Canva a worldwide, perpetual, royalty-free license to host, display, and distribute user content.
Liability capped at fees paid in 12 months; no liability for indirect damages.
Customer indemnifies Canva for user content and violations.
Subscriptions auto-renew unless cancelled 30 days prior.
Customer retains ownership of its content and output.
Allows termination for convenience with notice.
References industry-standard security practices.
Spotify collects the following categories of personal data. High Risk categories are used for advertising profiling or involve sensitive personal information.
Email, billing info, usage data collected.
Uploaded designs and assets.
Your data serves the following purposes. Mandatory purposes cannot be disabled without canceling the service. Opt-out available purposes allow some user control.
Data used to provide and improve Canva services.
Aggregated data for analytics, per Privacy Policy.
Spotify shares data with several categories of third parties. Sharing with advertising partners is extensive and represents the primary commercial use of your behavioral data.
Shared with processors under contract.
Shared within Canva group companies.
Cloud providers like AWS.
The following rights may be available to you depending on your region. EU/EEA users have the broadest protections under GDPR. Non-EU users have more limited guarantees.
Rights to access and delete content via account controls.
Export options for designs; full portability not specified.
30-day post-termination access to retrieve data.
Data is retained for different periods depending on category, and security disclosures vary in depth. The policy highlights the following retention and transparency points.
Retention Periods
30 days to export data after termination.
Retained as required by law.
Retained indefinitely for analytics.
Security & Transparency
Data encrypted in transit and at rest.
Notify within legal timelines.
SOC 2 compliant; regular audits.
Source Text
Perpetual license to Canva for user content.
Interpretation
Broad rights allow Canva to use content for service delivery and improvements.
Source Text
Liability limited to 12 months' fees.
Interpretation
Standard but may not cover major losses.
Source Text
Customer indemnifies for content and misuse.
Interpretation
Shifts risk to customer for their actions.
Source Text
30-day data access post-termination.
Interpretation
Adequate retrieval window.
You retain ownership of your content and output.