A decade of Canvas at your command — powered by our custom cutting-edge, continuously trained AI engineStart Building →
Legal

Privacy Policy

Effective date: March 16, 2026

Canvas Builder ("we", "us", "our") is committed to protecting your privacy. This policy explains what information we collect, how we use it, and your rights regarding your data.

1. Overview

Canvas Builder is an HTML layout generator that helps you create production-ready web layouts based on the Canvas template system. We operate at canvasbuilder.co and are operated by SemiColonWeb.

By using our Service, you agree to the collection and use of information in accordance with this policy. We collect only the minimum information necessary to provide our Service and will never sell your personal data to third parties.

2. Information We Collect

2.1 Information You Provide

  • Account information: Name and email address when you register with email/password or via Google OAuth.
  • Generation prompts: The text descriptions you submit to generate layouts. These are stored to enable history, revisions, and re-downloads.
  • Purchase code (optional): Your Envato account login if you verify Canvas buyer status for the 10 free credit bonus.
  • Payment information: We do not store payment card details. All payment processing is handled by Polar (our payment processor). We receive only order confirmation and credit amounts.

2.2 Information Collected Automatically

  • Usage data: Pages visited, features used, generation types, and timestamps.
  • Session data: Session tokens, IP address, browser user agent, and device type for authentication security.
  • Generated output: The HTML layouts generated by AI are stored in our database linked to your account, enabling history and re-downloads.
  • Credit transactions: Records of credit purchases and usage (type of generation, credits deducted, timestamps).

2.3 Information from Third Parties

  • Google OAuth: If you sign in with Google, we receive your name, email address, and profile picture from Google. We do not receive your Google password.

3. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Authenticate your account, process generation requests, manage your credit balance, and deliver generated layouts.
  • Maintain your history: Store past generations so you can re-download or revise them at any time.
  • Process payments: Verify credit purchases via Polar and update your balance.
  • Improve the Service: Analyse usage patterns (in aggregate) to improve generation quality, UI, and performance. We do not use your prompts to train AI models.
  • Security: Detect fraud, abuse, and violations of our Terms of Service.
  • Communications: Send essential transactional emails (account creation confirmation, password reset). We do not send marketing emails without your explicit opt-in.

We do not:

  • Sell your personal data to third parties.
  • Use your generation prompts to train AI models.
  • Share your data with advertisers.
  • Use your data for profiling or automated decision-making that produces legal effects.

4. Data Storage & Security

Your data is stored on servers hosted in the United States. We implement the following security measures:

  • Encryption in transit: All connections to Canvas Builder use HTTPS/TLS.
  • Encryption at rest: Database data is encrypted at rest by our hosting provider.
  • Authentication tokens: Session tokens use cryptographically secure random values with expiry.
  • Password hashing: Passwords are hashed using bcrypt — we never store plaintext passwords.
  • Access controls: Database access is restricted to the application server with principle of least privilege.

No method of electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify affected users within 72 hours of becoming aware of the breach.

5. Cookies & Tracking

Canvas Builder uses a minimal set of cookies necessary for the Service to function:

  • Session cookie: A secure, httpOnly cookie storing your authenticated session token. Essential for keeping you logged in. Expires after 30 days of inactivity.
  • CSRF token: A security token to prevent cross-site request forgery attacks.

We do not use:

  • Third-party advertising cookies
  • Cross-site tracking pixels
  • Analytics services that track you across websites (e.g., Google Analytics)

You can disable cookies in your browser settings, but this will prevent you from logging in to Canvas Builder.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

All users

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Update or correct inaccurate personal information via your Account settings.
  • Deletion: Delete your account and all associated data at any time via Account → Danger Zone → Delete Account. Generated HTML outputs are permanently deleted.
  • Portability: Export your generation history as a ZIP file (contact us at [email protected]).

EU / EEA users (GDPR)

  • Right to restrict processing: Request that we limit how we process your data.
  • Right to object: Object to processing based on legitimate interests.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time.
  • Lodge a complaint: You have the right to lodge a complaint with your local Data Protection Authority.

California users (CCPA)

  • You have the right to know what personal information is collected and how it is used.
  • You have the right to opt-out of the "sale" of personal information. We do not sell personal information.
  • You have the right to non-discrimination for exercising your privacy rights.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

7. Data Retention

  • Account data: Retained for as long as your account is active. Deleted within 30 days of account deletion.
  • Generation history: Retained until you delete your account or delete individual generations. You can delete generations from your History page.
  • Credit transaction logs: Retained for 7 years for financial and tax compliance purposes, even after account deletion (anonymised after 2 years).
  • Session data: Active session tokens expire after 30 days of inactivity. Expired sessions are purged automatically.
  • Server logs: Nginx access logs retained for 30 days for security and debugging.

8. Children's Privacy

Canvas Builder is not directed to children under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe we have collected information from a child under these ages, please contact us immediately at [email protected] and we will delete the information promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Posting the updated policy at this URL with a new effective date
  • Sending an email to your registered address for material changes
  • Showing an in-app notification on your next login

Continued use of Canvas Builder after changes take effect constitutes acceptance of the updated policy. If you do not agree with the changes, please delete your account before the effective date.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

We aim to respond to all privacy-related enquiries within 5 business days.