Legal
Privacy Policy
Last updated: May 29, 2026
1. Overview
CanvaCheat (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data when you use our desktop Software and website (canvacheat.com).
2. Data We Collect
2a. Account Information
When you sign in we collect your email address and display name via Clerk (our authentication provider). Clerk stores this data on our behalf. See Clerk's Privacy Policy.
2b. Subscription & Payment Data
Payments are processed by Stripe. We never see or store your card number, CVV, or full billing details — Stripe handles all of that. We store only your subscription plan (Free / Premium / Pro / Lifetime) and scan quota on our servers. See Stripe's Privacy Policy.
2c. Screenshots & AI Processing
When you trigger a scan, the Software captures a screenshot of your screen and sends it to our backend API, which forwards it to OpenAI for analysis.
- Screenshots are processed in real time and are never stored on our servers.
- We do not log, save, or retain the content of your screenshots.
- OpenAI may process the image data per their own policies. See OpenAI's Privacy Policy.
2d. Usage Data
We log the number of scans used per account for quota enforcement. We do not log the content of scans, what was on your screen, or your answers.
2e. Session Cookies (Desktop App)
The desktop app runs a local web server on 127.0.0.1 to host Clerk's sign-in UI. Clerk stores session cookies in this local context so you stay logged in between restarts. These cookies never leave your device outside of Clerk's normal authentication flow.
3. How We Use Your Data
- To authenticate your account and manage your session
- To track and enforce your plan's scan quota
- To process payments and manage subscriptions
- To send transactional emails (receipt, plan change, expiry warnings)
- To respond to support requests
We do not:
- Sell your personal data to third parties
- Use your screenshots for training AI models
- Share your data with advertisers
- Send marketing emails unless you explicitly opt in
4. Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Clerk | Authentication | Email, name, session token |
| Stripe | Payments | Email, billing info (via Stripe) |
| OpenAI | AI analysis | Screenshot image (not stored) |
| Railway / Vercel | Hosting | Standard server logs (IP, timestamp) |
5. Data Retention
- Account data is retained while your account is active and for up to 90 days after deletion.
- Screenshots are never retained — they are discarded immediately after AI processing.
- Scan usage counts are retained for billing purposes for up to 24 months.
6. Your Rights
Depending on your jurisdiction (including GDPR and CCPA), you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your account and associated data
- Object to or restrict certain processing
- Port your data to another service
To exercise any of these rights, email support@canvacheat.com. We will respond within 30 days.
7. Security
We use industry-standard security practices including encrypted connections (TLS), encrypted local session storage (Windows DPAPI), and server-side authentication via signed JWTs. No system is 100% secure, and we cannot guarantee the absolute security of your data.
8. Children
The Software is not directed at individuals under 18. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected such data, contact us and we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Continued use of the Software after changes are posted constitutes acceptance. Material changes will be communicated via email or in-app notice where reasonably practicable.
10. Contact
Questions or concerns? support@canvacheat.com