Who we are
MyCanvasDesign is operated by MyCanvasDesign, based in the United Kingdom. When this policy says "we", "us", or "our", it means MyCanvasDesign.
Contact: support@mycanvasdesign.com
What data we collect and why
MyCanvasDesign is designed to collect as little data as possible. We do not operate user accounts. We do not store your email address, name, or any identifiable information on our servers.
- Design data (local only) — your canvas is autosaved to your browser's
localStorageevery 1.5 seconds. This never leaves your device unless you explicitly use the Share feature. - Shared designs — if you click SHARE, the canvas JSON (no personal data — just shapes, text, colours) is stored on Cloudflare's KV infrastructure (an ephemeral cache) for up to 30 days, then automatically deleted. The data is associated with a random ID, not with any user identity. This is not a permanent backup.
- Community templates — if you publish a template as a supporter, the canvas JSON and metadata (name, tags, canvas dimensions) are stored in Cloudflare KV. No author identity is attached. Templates persist until removed by moderation or at your request.
- License key (local only) — if you activate a supporter license, the key and a random device identifier are stored in your browser's
localStorage. They are not stored on our servers. When you validate the key, it is sent to our edge function which checks it against the Polar API; we cache the validation result (not the key itself) in KV for up to 30 minutes. - IP address — used transiently for rate limiting (e.g. limiting share link creation, API abuse prevention). IP addresses are stored only in Cloudflare KV for the duration of the rate-limit window (between 60 seconds and 1 hour depending on the action), then automatically deleted.
- Icon searches — when you search for or add vector icons, your browser makes a direct request to the public Iconify API. We do not track your searches, but Iconify may log your IP address at their network edge.
Payments
Payment processing is handled entirely by Polar, who act as merchant of record. When you purchase a supporter plan, you interact with Polar's checkout — we never see your card details, billing address, or payment information. Polar collects and stores your email address for order confirmation and to issue your license key. Their privacy policy applies to that data: polar.sh/legal/privacy.
Legal basis for processing (UK GDPR)
Because we do not collect or store personal data on our servers, UK GDPR data controller obligations do not apply to the core service. The only personal data processing we perform is:
- Legitimate interests — rate limiting by IP address to protect the service from abuse (transient, short TTL).
- Analytics — Google Analytics 4 (full platform), used to understand general usage patterns. Google Analytics collects page views, session duration, navigation paths, device type and browser, operating system, approximate geographic location (city/country-level, derived from IP), and behavioural data such as which features are used and how long users spend on each page. This data is processed by Google and may be retained on Google's servers. IP addresses are used by Google to infer location and are then discarded; we do not receive raw IP data through GA. See the Cookie Policy for details and your opt-out options.
Who we share data with
We do not sell or share personal data. We use the following sub-processors to operate the service:
| Processor | Purpose | Location |
|---|---|---|
| Cloudflare, Inc. | Hosting, CDN, KV store (anonymous shared designs, template storage, rate limiting), bot protection (Turnstile) | USA (EU–US Data Privacy Framework; UK data routed via London PoP) |
| Polar | Payment processing and license key issuance. They act as merchant of record — we never receive billing data. | USA |
| Google LLC (Google Analytics 4) | Full analytics platform — page views, session data, device/browser information, approximate geographic location (city/country), and behavioural usage patterns. IP addresses are used by Google to derive location then discarded. Data is retained on Google's servers per their retention settings. Not used for advertising targeting by us. | USA (EU–US Data Privacy Framework) |
| Mailgun (Sinch) | Transactional email — used solely to deliver internal moderation notifications to the site administrator. No user data is included in these emails. | USA |
| Iconify OÜ | Provides the public API for the vector icon library. Your browser fetches icons directly from their CDN. | Estonia (EU) / Global Edge |
How long we keep data
- Anonymous shared designs — automatically deleted after 30 days.
- Community templates — retained until removed by moderation or on request to support@mycanvasdesign.com.
- Rate-limit counters — automatically deleted between 60 seconds and 1 hour depending on the endpoint.
- License validation cache — automatically deleted after 30 minutes.
- Your local data (autosave, license key) — remains in your browser until you clear it via your browser's developer tools. We have no access to it.
Your rights
Because we do not store personally identifiable information, most UK GDPR rights (access, correction, deletion) apply to data held by Polar (for payment/license data) or Google (for analytics data) rather than by us. Contact those processors directly for those requests.
For questions about any data we do hold, email support@mycanvasdesign.com. We will respond within 30 days.
Security
All data is transmitted over HTTPS. Shared design and template data is stored in Cloudflare's infrastructure which provides encryption at rest. Your local data is under your own device's security.
Children
MyCanvasDesign is not directed at children under 13. The core editor requires no account and collects no personal data. If you have concerns, contact us at support@mycanvasdesign.com.
Changes to this policy
We may update this policy. The "last updated" date at the top will reflect any changes. Continued use of the service constitutes acceptance of the updated policy.
Complaints
If you have a concern about how we handle your data, please contact us at support@mycanvasdesign.com and we will address it promptly.