Security at Canva

Your trust is at the center of what we do and why security is a top priority for us. Our products, processes and systems are designed to protect our users and data.

Security features


We keep designs secure in transit and at rest. In transit, designs are only accessible via TLS/SSL, and at rest, designs are encrypted with AES256.

Data security

Our people and systems can only access the data they need to do their job and we store your designs with cloud providers who have top-tier physical security controls.

Highly available

We use a global CDN to prevent network attacks and keep Canva highly available.

Monitored and resilient

Our threat detection, logging and alerting systems notify our oncall teams about potential incidents.

Secure development practice

We peer review and test our code prior to release, including manual and automated checks for security issues.

Staged releases

We only release software after qualifying it in development and staging environments.

Account security

We provide SSO and MFA options for users and enterprises to secure their accounts

In-app permissions

Users can be assigned different roles to administer, manage, design or access content.

Bug bounty program

We welcome responsible security research. We run a bug bounty program and provide ways for security researchers to notify us of vulnerabilities in our products and environments.

Learn more

Canva and the EU General Data Protection Regulation (GDPR)

Canva is committed to helping our users understand the rights and obligations under the General Data Protection Regulation (GDPR), which took effect on May 25, 2018.

We have introduced tools and processes to ensure we comply with GDPR requirements.

To learn more about our GDPR compliance, please read our Privacy Policy(opens in a new tab or window).

Frequently asked questions

Security questions

We're here and ready to answer all of your questions about Canva security.

Contact us