Personal Privacy Policy

Summary of our Privacy Policy

Our privacy commitment: Canvasback has never sold your information to someone else for advertising, or made money by showing you other people's ads, and we never will. This has been our approach and we remain committed to it. This policy tells you what information we do collect from you, what we do with it, who can access it, and what you can do about it.

This detailed policy constitutes the actual legal document explaining our personal privacy policy.

Part I – Information Canvasback collects and controls

We only collect the information that we actually need. Some of that is information that you actively give us when you sign up for an account, register for an event, ask for customer support, or buy something from us. We store your name and contact information, but we don't store credit card numbers (except with your permission and in one of our secured payment gateways).

There are six general categories of information we collect:

  • Become an advocate
  • Become a volunteer
  • Make a donation
  • Buy a handmade gift
  • Rent one of our timeshares (this information is not collected on the website, but by direct contact with Canvasback via email or phone) or
  • Sign-up to receive information by subscribing to our eNews and/or OnBoard Newsletter

When you visit one of our websites or use our software, we automatically log some basic information like how you got to the site, where you navigated within it, and what features and settings you use. We use this information to improve our websites and services and to drive new product development.

What we do with your information

We use your information to provide the services you've requested. We analyze the information we collect to understand user needs and to improve our websites and services.

We're required to have a legal basis for collecting and processing your information. In most cases, we either have your consent or need the information to provide the service you've requested from us. When that's not the case, we must demonstrate that we have another legal basis, such as our legitimate business interests.

You can decline certain kinds of information use either by not providing the information in the first place or by opting out later.

We limit access to your personal information to our employees and contractors who have a legitimate need to use it. If we share your information with other parties (like developers, service providers, domain registrars, and reselling partners), they must have appropriate security measures and a valid reason for using your information, typically to serve you.

The European Economic Area (EEA) provides certain rights to data subjects (including access, rectification, erasure, restriction of processing, data portability, and the right to object and to complain). Canvasback undertakes to provide you the same rights no matter where you choose to live.

We keep your personal information for as long as it is required for the purposes stated in this Privacy Policy. When we no longer have a legitimate need to process your information, we will delete, anonymize, or isolate your information, whichever is appropriate.

Part II – Information that Canvasback processes on your behalf

You own your service data. We protect it, limit access to it, and only process it according to your instructions. You may access it, share it through third-party integrations, and request that we export or delete it.

We hold the data in your account as long as you choose to support Canvasback or notify us that you no longer wish to receive any information from Canvasback.

If you are in the European Economic Area and you believe that someone has entrusted your information to us for processing (for instance, your employer or a company whose services you use), you can request certain actions from us regarding your data. To exercise those data rights, please contact the person or company that entrusted the data to us and we will work with them on your request.

Part III – General

There are some limitations to the privacy we can promise you. We will disclose personal information if it's necessary to comply with a legal obligation, prevent fraud, enforce an agreement, or protect our users' safety. We do not currently honor Do Not Track signals from internet browsers; when a universal standard for processing them emerges, we will follow it.

Third-party websites and social media widgets have their own separate privacy policies. Always check the relevant privacy policy before sharing personal information with third parties.

You can always contact us to: ask questions about our privacy practices, request a GDPR-compliant Data Processing Addendum, alert us if you believe we have collected personal data from a minor, or ask to have your personal information removed from our blogs or forums.

We will contact you to let you know if we make any major changes to our privacy policy, or in the highly unlikely event that we ever decide to sell our business.