Security at Canva

Your trust is at the center of what we do and why security is a top priority for us. Our products, processes and systems are designed to protect our users and data.

Security features

Encryption

We keep designs secure in transit and at rest. In transit, designs are only accessible via TLS/SSL, and at rest, designs are encrypted with AES256.

Data security

Our people and systems can only access the data they need to do their job and we store your designs with cloud providers who have top-tier physical security controls.

Highly available

We use a global CDN to prevent network attacks and keep Canva highly available.

Monitored and resilient

Our threat detection, logging and alerting systems notify our oncall teams about potential incidents.

Secure development practice

We peer review and test our code prior to release, including manual and automated checks for security issues.

Staged releases

We only release software after qualifying it in development and staging environments.

Account security

We provide SSO and MFA options for users and enterprises to secure their accounts

In-app permissions

Users can be assigned different roles to administer, manage, design or access content.

Bug bounty program

We welcome responsible security research. We run a bug bounty program and provide ways for security researchers to notify us of vulnerabilities in our products and environments.

Learn more

Canva and the EU General Data Protection Regulation (GDPR)

Canva is committed to helping our users understand the rights and obligations under the General Data Protection Regulation (GDPR), which took effect on May 25, 2018.

We have introduced tools and processes to ensure we comply with GDPR requirements.

To learn more about our GDPR compliance, please read our Privacy Policy and our Help Centre article.

Frequently Asked Questions

By default, all content you post on Canva is private.

All your private data is stored in systems that are only accessible via the Canva application.
When you log in to Canva, we give your Canva account access to the private files.
Your private designs can only be accessed by logging in to your account.
Your private designs cannot be accessed by anyone that is not logged in to Canva, or anyone using a different account unless you share your designs.

You share a design with a team by placing your design in a team folder.

When team members then log in to Canva, we give their Canva account access to these private files that have been placed in the team folder. Team members can also see any uploaded files included in the design.

If you publish a design publicly, this changes the privacy settings and the design can then be accessed by anyone that has the URL to the file.

Canva stores your data in the cloud using several types of storage, depending on the type of data, including databases, file storage and other systems.

Our systems are only accessible by people and services who need access.
We encrypt designs using AES256. This means that your designs are unreadable by someone with access to the disks holding your designs.

Canva operates in many countries that each have their own laws about data privacy and security.

Our legal team continually monitors the evolving regulatory landscape to identify changes and determine what action Canva needs to take to uphold our obligations in each jurisdiction.

To find out more, please read our Privacy Policy.

Not yet. We know this is important to many of our users, so we’re currently pursuing ISO27001 certification.

Yes. Our security team is comprised of dedicated Security Engineers who work across the company to ensure our product, platforms and operations are secure.

Canva operates a continuous security assessment program using BugCrowd.

The program has been operating privately, but has recently moved to an open program.
Find out more about the bug bounty program here.

As part our our ISO27001 certification, we will be adding more types of assessment, including recurring vulnerability scans across our production environment and annual pentesting.

We apply sound security practices at Canva by building our products, processes and systems to protect our users.

This includes adhering to multiple legal and regulatory standards regarding data storage and security breach responses. See more here: What laws do you comply with when it comes to data privacy?

We’ve recently started pursuing external security certifications, initially through a program to obtain ISO27001 certification.


Security questions

We're here and ready to answer all of your questions about Canva security.

Contact us