By default, all content you post on Canva is private.
All your private data is stored in systems that are only accessible via the Canva application. When you log in to Canva, we give your Canva account access to the private files. Your private designs can only be accessed by logging in to your account. Your private designs cannot be accessed by anyone that is not logged in to Canva, or anyone using a different account unless you share your designs.
When team members then log in to Canva, we give their Canva account access to these private files that have been placed in the team folder. Team members can also see any uploaded files included in the design.
If you publish a design publicly, this changes the privacy settings and the design can then be accessed by anyone that has the URL to the file.
Canva is ISO 27001 certified. This certification means that, as an organisation, we have the people, processes and systems in place to effectively identify, assess, treat and monitor our information security risks. It means that we aim to have security built into every facet of our operations, and that we strive to improve our security posture through a process of continuous improvement.
Yes. Our security team is comprised of dedicated Security Engineers who work across the company to ensure our product, platforms and operations are secure.
Yes. Our ISO 27001 certification requires us to have periodic external audits of our information security management system and security controls.
Canva employs specialist external services and tools to conduct multiple different types of security assessments.
We also run weekly vulnerability scans against our production environments, and engage external penetration testers to conduct multiple penetration tests throughout the year.
Canva stores your data in the cloud using several types of storage, depending on the type of data, including databases, file storage and other systems.
Our systems are only accessible by people and services who need access. We encrypt designs using AES256. This means that your designs are unreadable by someone with access to the disks holding your designs.
Canva operates in many countries that each have their own laws about data privacy and security.
Our legal team continually monitors the evolving regulatory landscape to identify changes and determine what action Canva needs to take to uphold our obligations in each jurisdiction.