Privacy Policy

1. Introduction

This Privacy Policy explains how Kanvas ("we", "us", "our"), operated by bFrame, collects, uses, and protects your personal information when you use our infinite canvas platform ("Service").

By using Kanvas, you agree to the collection and use of information as described in this policy.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, name (optional), password (hashed)
• Profile Information: Any additional information you add to your profile
• Content: Images and metadata you upload to your canvases
• Communications: Messages you send us via contact forms or email
• Payment Information: Billing details processed through Stripe (we do not store full credit card numbers)

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, time spent on the Service
• Device Information: Browser type, operating system, screen resolution
• Log Data: IP address, access times, referring URLs
• Cookies: Session cookies for authentication (see Cookie Policy)

2.3 Information from Third Parties

• OAuth Providers: If you sign in with Google, we receive your email and profile name
• Payment Processor: Stripe provides us with transaction status and subscription details

3. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Service
• Process transactions and send billing-related communications
• Send you technical notices, updates, and security alerts
• Respond to your comments, questions, and support requests
• Monitor and analyze usage patterns to improve user experience
• Detect, prevent, and address technical issues and security threats
• Enforce our Terms of Service

4. Data Storage and Security

4.1 Storage

• Account data is stored in secure databases
• Images are stored on Cloudflare R2 (S3-compatible object storage)
• Data may be processed in the European Union and United States

4.2 Security Measures

• Passwords are hashed using bcrypt
• All data transmission uses HTTPS encryption
• Access to data is restricted to authorized personnel
• Regular security audits and updates

4.3 Retention

• Account data is retained while your account is active
• Upon account deletion, we remove your data within 30 days
• Some data may be retained for legal or legitimate business purposes

5. Data Sharing

We do not sell your personal information. We may share data with:

5.1 Service Providers

• Cloudflare: CDN and image storage
• Stripe: Payment processing
• Resend: Email delivery
• Google: OAuth authentication (if you choose to sign in with Google)

5.2 Legal Requirements

We may disclose information if required by law, court order, or government request.

5.3 Business Transfers

In the event of a merger, acquisition, or sale, user data may be transferred to the new owner.

5.4 With Your Consent

We may share information when you explicitly consent to the sharing.

6. Shared Canvases

When you share a canvas:

• Anyone with the share link can view your canvas and its images
• Embedded canvases are viewable on third-party websites
• You control sharing and can disable it at any time
• Shared content is still subject to our Terms of Service

7. Your Rights

Depending on your location, you may have the right to:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a portable format
• Objection: Object to certain processing of your data
• Restriction: Request restriction of processing

To exercise these rights, contact us at privacy@kanvas.cloud.

8. Cookies

We use cookies for:

• Essential Cookies: Authentication and security
• Preference Cookies: Remembering your settings

See our Cookie Policy for more details.

9. Children's Privacy

Kanvas is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses where required.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notice. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions or to exercise your rights, contact us at:

Email: privacy@kanvas.cloud

For general inquiries: contact@kanvas.cloud

13. Data Protection Officer

bFrame is the data controller for your personal information. For GDPR-related inquiries, contact our data protection team at dpo@kanvas.cloud.