Your Privacy Matters

Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your personal information when you use Canvelop.

1. Introduction

Welcome to Canvelop ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our design platform, mobile application, or interact with our services (collectively, the "Service").

By using Canvelop, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

Last Updated: February 13, 2026

2. Information We Collect

2.1 Account and Registration Information

  • Basic Account Data: Name, email address, and password (stored in encrypted/hashed format)
  • Profile Information: Profile picture/avatar image, email verification status
  • Social Authentication Data: If you sign up using third-party authentication, we may collect your Google ID or Discord ID, and associated profile information (name, email, profile picture)
  • Optional Information: YouTube URL (if you choose to provide it)
  • User Role: Account type (user, moderator, or administrator) as assigned by our system

2.2 Design and Content Data

  • Design Projects: All designs, templates, and projects you create, edit, or save through our platform. Project data includes:
    • Design JSON content stored in compressed format (gzip/brotli compressed and base64 encoded) for efficient storage
    • Project names, descriptions, and metadata
    • Canvas dimensions (width, height) and canvas settings
    • Thumbnail images for project previews
    • Multi-page project data including page count, page configurations, and page-specific content
    • Canvas state information including zoom levels, viewport positions, and workspace settings
    • Design history and version information
    • Template metadata when projects are created from templates (source template IDs, country, language, religion, theme, size, style)
    • Project creation and modification timestamps
  • Uploaded Images: Images you upload to our platform for use in your designs, including:
    • Original filenames and file metadata
    • File sizes (original size and compressed/optimized size after processing)
    • Image dimensions (width, height in pixels)
    • MIME types (image/png, image/jpeg, image/jpg, image/webp, etc.)
    • Storage URLs and file paths
    • Image processing metadata and optimization information
    • Upload timestamps and user association
  • Saved Templates: Templates you save from your designs for future use, including:
    • Template IDs and unique identifiers
    • Template configurations and design data
    • Template names, descriptions, and metadata
    • Template thumbnails and preview images
    • Creation timestamps and last modified dates
    • Template sharing preferences (if applicable)
  • Template Purchases: Records of individual premium templates you purchase, including:
    • Template IDs and identifiers
    • Purchase dates and timestamps
    • Expiration dates (exactly 5 days/120 hours from purchase time)
    • Prices paid in Indian Rupees (INR)
    • Payment transaction IDs from Razorpay (order ID, payment ID)
    • Purchase status and access information
  • Design Elements Usage: Information about how you use our design assets:
    • Design elements (icons, graphics, decorative elements) used in projects
    • Frames selected and applied to designs
    • Backgrounds used in projects
    • Shapes and graphical elements added to designs
    • Asset categories and search queries
    • Usage frequency and patterns
  • QR Code Data: QR codes you generate through our QR Code Generator, including:
    • Encoded content (URLs, text, contact information, or other data you encode)
    • QR code styling preferences (colors, shapes, gradients, background colors)
    • Error correction levels and QR code settings
    • Logo or image overlays (if uploaded for QR codes)
    • Generation timestamps and usage information
    • Note: The content you encode in QR codes is stored to enable regeneration, editing, and QR code management. This content remains your property but is stored on our servers
  • Editor Preferences & Usage: Information about how you use our design editor:
    • Zoom levels and viewport preferences
    • Canvas settings and workspace configurations
    • Tool preferences and frequently used features
    • Keyboard shortcuts and customizations
    • Color palette preferences
    • Font preferences and recently used fonts
    • Filter and effect preferences
    • Export format preferences
  • Design Actions & Interactions: Information about your design activities:
    • Design creation, editing, and deletion activities
    • Template usage and customization patterns
    • Export activities (formats used, frequency)
    • Image upload and usage patterns
    • Feature usage statistics (which tools, filters, effects you use most)
    • Session duration and engagement metrics

2.3 Payment and Subscription Information

  • Subscription Details: Comprehensive subscription information including:
    • Subscription plan type (1_month, 6_months, or 1_year)
    • Subscription status (active, expired, cancelled, etc.)
    • Subscription start date and activation timestamp
    • Expiration date (currentPeriodEnd) - when subscription access expires
    • Subscription price in Indian Rupees (INR) at time of purchase
    • Subscription ID, customer ID, and price ID from Razorpay
    • Subscription creation and modification timestamps
  • Payment Transaction Data: Payment processing information including:
    • Payment IDs and order IDs from Razorpay (our payment processor)
    • Customer IDs and transaction identifiers
    • Payment amounts in Indian Rupees (INR)
    • Transaction timestamps and payment dates
    • Payment status (successful, failed, pending, refunded)
    • Payment method type (card, netbanking, UPI, wallet, etc.) - but not the actual payment details
    • Receipt information and transaction references
  • Important Payment Security Note: We do not store your full credit card numbers, bank account details, CVV codes, or other sensitive payment card information on our servers. All sensitive payment data is handled directly and securely by Razorpay, which is PCI-DSS compliant and follows strict security standards. We only store payment transaction identifiers and metadata necessary for order fulfillment and customer support.

2.4 Authentication and Session Data

  • Session Tokens: JWT (JSON Web Tokens) used for authentication, with expiration times (7 days in production, 30 days in development environments)
  • OAuth Account Data: If you use social authentication, we store OAuth provider account IDs, access tokens, refresh tokens, and token expiration information (for Google, Discord, etc.)
  • Session Information: Session tokens and expiration timestamps

2.5 Usage and Technical Information

  • IP Address: We collect IP addresses for rate limiting, security purposes, and to prevent abuse. IP addresses may be used to determine approximate geographic location (country/region level)
  • Device and Browser Information: Browser type, operating system, device type, screen resolution, viewport size, and other technical information automatically collected when you access our Service
  • Usage Patterns: Comprehensive information about how you interact with our Service:
    • Features accessed (design editor, templates library, QR generator, subscription management, etc.)
    • Templates viewed, searched, filtered, and selected
    • Designs created, edited, saved, and deleted
    • Export activities including formats used (PNG, JPG, PDF, ZIP) and frequency
    • Tools used (drawing, shapes, text, images, filters, effects, etc.)
    • Time spent on the platform, session duration, and engagement metrics
    • Interaction patterns, navigation paths, and feature discovery
    • Multi-page project creation and management patterns
    • Image upload frequency and storage usage
    • Subscription and purchase decision patterns
  • API Usage & Technical Data: Technical information about your API usage:
    • Request logs including endpoints accessed, request methods, and response codes
    • API endpoint usage statistics and patterns
    • Rate limit tracking and enforcement data
    • Performance metrics including response times and latency
    • Error logs and system diagnostics
    • Authentication token usage and session information
    • Data transfer volumes and bandwidth usage
  • Feature Usage Analytics: Detailed information about which features you use most frequently:
    • AI features usage (background removal frequency, processing requests)
    • Drawing tools usage and drawing patterns
    • Text editing activities (fonts used, text styling preferences)
    • Image filter and effect usage (which filters applied most often)
    • QR code generation frequency and customization preferences
    • Export format preferences and usage patterns
    • Template usage patterns (categories, themes, styles preferred)
    • Shape and element usage statistics
    • Background management activities
    • Canvas manipulation patterns (zoom, pan, transformations)

2.6 Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to:

  • Maintain your authentication session
  • Remember your preferences and settings
  • Analyze usage patterns and improve our Service
  • Provide personalized content and recommendations

You can control cookies through your browser settings, but disabling cookies may limit some functionality of our Service.

2.7 Communication Data

  • Support Communications: Messages, emails, or tickets sent through our contact forms, customer support system, or support email
  • Service Notifications: Transactional emails such as account verification, password reset, subscription confirmations, and service updates

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery and Functionality: To provide, maintain, and improve our comprehensive design platform, including:
    • Processing subscription and template purchase transactions
    • Managing your account, profile, and subscription status
    • Storing and retrieving your design projects (in compressed JSON format for efficiency)
    • Storing and managing your uploaded images and user content
    • Enabling AI features (background removal, image processing) with server-side processing
    • Providing export functionality in multiple formats (PNG, JPG, PDF, ZIP)
    • Enabling QR code generation with customization options
    • Supporting multi-page design editing and project management
    • Managing design templates, saved templates, and template purchases
    • Delivering all platform features including design editor, canvas tools, text editing, image editing, filters, effects, drawing tools, shapes, elements, frames, backgrounds, and all design capabilities
    • Maintaining design history, undo/redo functionality, and project versioning
    • Enabling canvas manipulation (zoom, pan, layers, grouping, alignment)
    • Supporting background management and customization
  • Authentication and Security: To authenticate your identity; manage user sessions; detect, prevent, and address fraud, security breaches, and unauthorized access; enforce rate limits; and protect against malicious activities
  • Payment Processing: To process subscription payments and individual template purchases through Razorpay; manage subscription status and access; and maintain payment records for accounting and legal purposes
  • Communication: To send you service updates, subscription notifications, account-related communications (verification, password reset), marketing communications (with your consent), and respond to your inquiries and support requests
  • Personalization: To customize and enhance your experience on our platform:
    • Recommend templates based on your preferences, usage history, and design patterns
    • Show content relevant to your usage patterns and interests
    • Remember your settings and preferences (canvas settings, tool preferences, color palettes, font preferences)
    • Personalize your workspace and editor interface
    • Suggest design elements, frames, backgrounds, and assets based on your projects
    • Customize feature recommendations and help content
  • Analytics and Improvement: To analyze, understand, and continuously improve our platform:
    • Analyze usage patterns, feature adoption, and user behavior
    • Identify popular templates, design elements, and features
    • Understand how users interact with our design editor, canvas tools, and features
    • Optimize platform performance, loading times, and responsiveness
    • Develop new features based on user needs and feedback
    • Improve AI features (background removal, image processing) through usage analysis
    • Enhance export functionality and format support
    • Optimize data storage and compression strategies
    • Improve search, filtering, and content discovery
    • Conduct A/B testing and feature experimentation
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes; respond to legal requests; enforce our Terms of Use; and protect our rights and interests
  • Business Operations: To manage subscriptions, handle customer support, conduct business analytics, and maintain service quality

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

  • Payment Processors: We share payment information with Razorpay, our payment processor, to process subscription payments and template purchases. Razorpay is PCI-DSS compliant and handles all payment card data securely. We do not store your full payment card information
  • OAuth Providers: If you use social authentication (Google, Discord), we interact with these providers to authenticate your identity and obtain basic profile information. Your use of these services is also governed by their respective privacy policies
  • Service Providers: We may share information with trusted third-party service providers who assist us in operating our platform, including hosting services, cloud storage providers, analytics services, email delivery services, and customer support tools. These service providers are contractually obligated to protect your information and use it only for the purposes we specify
  • Legal Requirements: When required by law, court order, government regulation, or legal process; to respond to legal requests; to protect our rights, property, or safety; or to investigate potential violations of our Terms of Use
  • Business Transfers: In connection with a merger, acquisition, sale of assets, or business reorganization, where your information may be transferred as part of the transaction. We will notify you of any such change in ownership or control
  • With Your Consent: When you explicitly consent to sharing your information for specific purposes
  • Aggregated or Anonymized Data: We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you for research, analytics, or business purposes

5. Data Security

We implement industry-standard security measures to protect your personal information:

  • Encryption: All data transmitted between your device and our servers is encrypted using SSL/TLS technology
  • Password Security: Passwords are hashed using secure hashing algorithms and never stored in plain text
  • Secure Storage: Your data is stored in secure databases with access controls and encryption at rest:
    • Design project data is stored in compressed format (gzip/brotli compressed and base64 encoded) to optimize storage, reduce costs, and improve performance
    • Uploaded images are stored securely with optimized compression and proper access controls
    • Database access is restricted to authorized personnel only
    • Regular security audits and vulnerability assessments
    • Data backups are encrypted and stored securely
  • Payment Security: Payment information is processed through PCI-DSS compliant payment processors (Razorpay). We do not store your full payment card details on our servers
  • Access Controls: Comprehensive access control measures:
    • Access to personal information is limited to authorized personnel on a strict need-to-know basis
    • Role-based access control (RBAC) for different user types (regular users, moderators, administrators)
    • Administrative access requires multi-factor authentication where applicable
    • Access logs and audit trails for sensitive operations
    • Regular access reviews and permission audits
  • Rate Limiting: We implement rate limiting to prevent abuse and unauthorized access attempts
  • Regular Security Updates: We regularly update our security practices, software, and systems to address emerging threats and vulnerabilities
  • Authentication Tokens: JWT tokens are used for secure authentication with appropriate expiration times

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information using commercially acceptable means, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

6. Data Retention and Deletion

6.1 Active Accounts

We retain your personal information and content for as long as your account is active and you continue to use our Service. This includes:

  • Account information and profile data
  • Design projects and uploaded images
  • Saved templates and template purchase records
  • Subscription and payment records

6.2 Account Deletion

When you delete your account, we will delete or anonymize your personal information within 30 days, including:

  • Your account profile information (name, email, profile picture)
  • Authentication data (password hashes, session tokens, OAuth tokens)
  • All design projects with cascade deletion (project JSON data, thumbnails, metadata)
  • All uploaded images with cascade deletion (image files, metadata, storage references)
  • Saved templates created from your designs (user-generated templates)
  • Template purchase records (subject to legal retention requirements for financial records)
  • QR codes generated through your account
  • Editor preferences and usage analytics data
  • Session tokens, authentication tokens, and session information
  • OAuth account connections (Google, Discord) and associated tokens

Note: Some data may be retained longer than 30 days if required by law or for legitimate business purposes, such as payment records for accounting and tax compliance, legal dispute resolution records, security logs, and anonymized aggregated analytics data that cannot be used to identify you.

6.3 Retention of Certain Data

Some information may be retained longer than 30 days if required by law or for legitimate business purposes, including:

  • Payment and transaction records (retained for accounting and tax purposes as required by law)
  • Legal records and dispute resolution data
  • Anonymized usage data for analytics and service improvement
  • Security logs and fraud prevention records

6.4 Subscription and Purchase Records

Subscription records and template purchase history may be retained even after account deletion if required for financial record-keeping, tax purposes, or dispute resolution, as required by applicable law.

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request access to the personal information we hold about you, including your account data, design projects, and usage information
  • Correction: Update or correct inaccurate or incomplete information through your account settings or by contacting us
  • Deletion: Request deletion of your account and associated data. You can delete your account through your account settings, which will trigger deletion of your data within 30 days (subject to legal and contractual obligations)
  • Data Portability: Request a copy of your data in a portable format, including your design projects and uploaded images
  • Withdraw Consent: Withdraw your consent for certain data processing activities, where processing is based on consent
  • Opt-Out of Marketing: Unsubscribe from marketing communications at any time by using the unsubscribe link in our emails or updating your preferences
  • Object to Processing: Object to certain types of data processing, where applicable under data protection laws

To exercise these rights, please contact us at contact@canvelop.com. We will respond to your request within 30 days, or as required by applicable law.

Note: Some rights may be limited if we need to retain information for legal compliance, contractual obligations, or legitimate business purposes.

8. Children's Privacy

Canvelop is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at contact@canvelop.com. If we become aware that we have collected information from a child under 13, we will take steps to delete such information promptly.

If you are between 13 and 18 years of age, you represent that you have your parent's or guardian's permission to use the Service and that they have read and agreed to this Privacy Policy on your behalf.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using Canvelop, you consent to the transfer of your information to these countries. We take appropriate measures to ensure your information is protected in accordance with this Privacy Policy.

9.1 GDPR (European Economic Area)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we comply with the General Data Protection Regulation (GDPR) and UK GDPR. You have additional rights under these regulations, including the right to data portability, the right to object to processing, and the right to lodge a complaint with a supervisory authority.

9.2 CCPA (California Residents)

If you are a California resident, we comply with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). You have the right to know what personal information we collect, the right to delete personal information, the right to opt-out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising your privacy rights.

9.3 Indian Data Protection Laws

For users in India, we comply with applicable data protection laws, including the Information Technology Act, 2000, and related rules. Our data processing practices are designed to protect your personal information in accordance with Indian law.

10. Third-Party Services and Links

Our Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies:

  • Razorpay: Our payment processor. See Razorpay's privacy policy for how they handle payment data
  • Google: If you use Google OAuth authentication, your use is also governed by Google's privacy policy
  • Discord: If you use Discord OAuth authentication, your use is also governed by Discord's privacy policy
  • Hosting and Cloud Services: We use third-party hosting and cloud storage providers to store and process your data. These providers are contractually obligated to protect your information

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational, legal, or regulatory reasons. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date
  • Sending you an email notification (for significant changes)
  • Displaying a notice on our platform (for major changes)

Your continued use of Canvelop after any changes to this Privacy Policy constitutes your acceptance of the updated policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: contact@canvelop.com

Address: Mota Varachha, Surat, Gujarat, India

Website: https://canvelop.com

For questions about data protection rights or to submit a data protection request, please email us at contact@canvelop.com with the subject line "Privacy Request."

13. Additional Information

For more information about our data practices and your rights, please also review our Terms of Use.

This Privacy Policy should be read in conjunction with our Terms of Use, which govern your use of our Service.