Privacy Policy

Last updated: March 4, 2026

Introduction

Kanvas ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered task management application.

Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Name (if you choose to provide it)
  • Profile picture (if you sign in with Google)
  • Password (encrypted and never stored in plain text)

Google OAuth Data

When you sign in with Google, we receive:

  • Your Google account email address
  • Your name
  • Your profile picture

We use this information solely for authentication and to personalize your experience. We do not access any other Google data unless you explicitly grant additional permissions for integrations (Gmail, Calendar).

Task and Usage Data

We collect and store:

  • Tasks, projects, and boards you create
  • Task descriptions, due dates, priorities, and labels
  • Usage patterns to improve our AI features
  • Productivity and wellness metrics (if you use scoring features)

Technical Information

  • IP address
  • Browser type and version
  • Device information
  • Usage analytics (page views, feature usage)

How We Use Your Information

We use your information to:

  • Provide and maintain the Kanvas service
  • Authenticate your account and ensure security
  • Personalize your experience with AI-powered features
  • Send you important service updates and notifications
  • Improve our product and develop new features
  • Analyze usage patterns to optimize performance
  • Comply with legal obligations

AI and Machine Learning

Kanvas uses AI to provide smart features like task suggestions, deadline predictions, and productivity insights. We process your task data using Claude AI (Anthropic) to generate these features. Your data is sent to Anthropic's API for processing but is not used to train their models or shared with third parties.

Data Storage and Security

Your data is stored securely using Supabase (PostgreSQL database with encryption). We implement:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for sensitive data
  • Row-level security policies to prevent unauthorized access
  • Regular security audits and updates
  • Secure password hashing (bcrypt)

Third-Party Services

We use the following third-party services:

  • Supabase - Database and authentication
  • Anthropic (Claude AI) - AI-powered features
  • Google Analytics - Website analytics (with your consent)
  • Google OAuth - Optional sign-in method
  • Voyage AI - Semantic search embeddings
  • Stripe - Payment processing (for paid plans)
  • Sentry - Error monitoring and performance
  • Vercel - Hosting and deployment

These services have their own privacy policies and data handling practices. We only share the minimum data necessary for them to provide their services.

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may disclose your information only in these situations:

  • With your explicit consent
  • To comply with legal obligations or court orders
  • To protect our rights, privacy, safety, or property
  • In connection with a business transfer (merger, acquisition)

Your Rights and Choices

You have the right to:

  • Access - Request a copy of your personal data
  • Correct - Update or correct inaccurate information
  • Delete - Request deletion of your account and data
  • Export - Download your data in a portable format
  • Revoke - Disconnect Google OAuth or other integrations at any time
  • Opt-out - Unsubscribe from marketing emails

To exercise these rights, contact us at privacy@kanvas.life or use the account settings in the application.

Data Retention

We retain your data for as long as your account is active or as needed to provide services. When you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or compliance purposes.

Cookies and Tracking

We use essential cookies to maintain your session and remember your preferences.

Analytics Cookies

With your consent, we use Google Analytics 4 to understand how visitors use our site. This helps us improve the user experience. Google Analytics collects:

  • Pages visited and time spent on each page
  • How you arrived at our site (referrer)
  • General geographic location (country/city level)
  • Device type and browser information

We configure Google Analytics with privacy-enhancing settings including IP anonymization. We do not use Google Analytics for advertising or share data with advertisers.

Your Cookie Choices

When you first visit Kanvas, you'll see a cookie consent banner. You can:

  • Accept - Enable analytics cookies to help us improve
  • Decline - Use Kanvas without analytics cookies (essential cookies only)

Your choice is stored for one year. You can also control cookies through your browser settings at any time.

Children's Privacy and COPPA Compliance

Kanvas generally requires users to be at least 13 years old to create an account. However, our Family plan allows parents and guardians to create managed child profiles for family members under 13.

Child Profiles (Family Plan)

Child profiles are created and fully controlled by the parent or guardian account holder. We comply with the Children's Online Privacy Protection Act (COPPA) by:

  • Verifiable parental consent — Only the parent/guardian can create, modify, or delete a child profile through their authenticated account
  • Minimal data collection — Child profiles collect only a display name and age range (e.g., "8-12"). We do not collect dates of birth, email addresses, or other personal information from children
  • No direct child authentication — Children access their profiles through a PIN-protected interface on the parent's device, not through independent accounts
  • Restricted features — Child profiles have limited functionality controlled by the parent via a blocklist of disabled features
  • No AI data collection from children — Child profile activity is not used for AI learning, pattern detection, or behavioral analysis
  • No third-party sharing — Data from child profiles is never shared with third parties for advertising or marketing purposes

Parental Rights

Parents and guardians can at any time:

  • Review all data associated with their child's profile
  • Modify or update their child's profile information
  • Delete their child's profile and all associated data
  • Restrict or expand which features are available to their child
  • Contact us at privacy@kanvas.life with any questions about their child's data

If you believe a child has provided personal information to Kanvas without parental consent, please contact us immediately at privacy@kanvas.life and we will delete it.

Your Rights by Region

European Economic Area (GDPR)

If you are located in the European Economic Area, you have the following additional rights under the General Data Protection Regulation:

  • Legal basis — We process your data based on contractual necessity (providing the Service), legitimate interests (improving the Service), and consent (analytics cookies)
  • Right to access — Request a copy of the personal data we hold about you
  • Right to rectification — Correct inaccurate or incomplete data
  • Right to erasure — Request deletion of your data ("right to be forgotten")
  • Right to restrict processing — Limit how we use your data
  • Right to data portability — Receive your data in a structured, machine-readable format
  • Right to object — Object to processing based on legitimate interests
  • Right to withdraw consent — Withdraw consent for analytics cookies at any time

To exercise these rights, contact us at privacy@kanvas.life. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and California Privacy Rights Act:

  • Right to know — Request details about the categories and specific pieces of personal information we collect
  • Right to delete — Request deletion of your personal information
  • Right to correct — Request correction of inaccurate personal information
  • Right to opt-out of sale — We do not sell your personal information. We do not share your data for cross-context behavioral advertising
  • Right to non-discrimination — We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at privacy@kanvas.life or use the account settings in the application. We will verify your identity and respond within 45 days.

International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this privacy policy.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the application. Your continued use of Kanvas after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

← Back to Home