CSC CloudStack Canvas
Privacy Policy

Privacy Policy

Version 1.0 — Effective April 2, 2026

1. Introduction

CloudStack Canvas ("we," "us," "CSC") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data. This policy applies to all users of cloudstackcanvas.com and related services.

2. Data We Collect

Account data: Name, email address, username, profile information (company, job title, location, website, bio), and hashed passwords.

Usage data: Pages visited, features used, canvas sessions, project save/load events, and error logs. Collected to improve the product.

Project data: Your infrastructure diagrams, node configurations, and generated IaC templates stored server-side when you save projects.

Technical data: IP address, browser type, device identifiers, and session tokens needed to operate the service securely.

Payment data: Billing information is processed by Stripe. We store only a Stripe customer ID and the last 4 digits of payment methods. We never store raw card numbers.

3. Data We Do NOT Collect

  • AWS credentials, access keys, or secret keys
  • Live AWS account data or resource inventories (unless a future feature explicitly requests it with your consent)
  • The contents of your live cloud infrastructure
  • Sensitive personal data (health, financial, biometric) — do not enter these in project descriptions

4. How We Use Your Data

  • Provide and operate the Service (storing projects, authenticating users)
  • Send transactional emails (account confirmation, billing receipts)
  • Send product update emails (if you opted in)
  • Analyze usage to improve features and fix bugs
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

We do not sell your personal data to third parties.

5. Data Sharing

We share data only with:

  • Stripe — payment processing (subject to Stripe's Privacy Policy)
  • AWS — infrastructure hosting for the application itself
  • Authentication providers (Google, GitHub) — only the OAuth token needed to verify your identity
  • Legal authorities — when required by law, court order, or to protect safety

6. Data Retention

We retain your account and project data for as long as your account is active. After account deletion we retain data for 30 days for recovery purposes, then permanently delete it. Anonymized usage analytics may be retained indefinitely.

7. Cookies and Tracking

We use strictly necessary cookies for authentication sessions. We do not use advertising trackers or third-party analytics cookies. You may disable cookies in your browser; however, the application requires session cookies to function.

8. Your Rights (GDPR / CCPA)

Depending on your jurisdiction you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct inaccurate data via Settings → Profile
  • Erasure — request deletion of your account and associated data
  • Portability — export your project data in JSON format
  • Restriction — request we stop processing your data in certain circumstances
  • Opt-out of marketing — unsubscribe via Settings → Preferences or email footer

To exercise these rights email privacy@cloudstackcanvas.com. We will respond within 30 days.

9. Data Security

We use industry-standard security measures including TLS encryption in transit, encrypted storage at rest, hashed passwords (bcrypt), and periodic security reviews. No system is 100% secure; we will notify you of any confirmed breach affecting your data within 72 hours as required by GDPR.

10. Children

The Service is not directed to users under 16. We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it promptly.

11. International Transfers

Your data may be processed in the United States. If you are in the EU/EEA, we transfer data under Standard Contractual Clauses (SCCs) approved by the European Commission.

12. Changes to This Policy

We will notify you of material changes via email or in-app notice at least 30 days before they take effect. The current version is always available at this URL.

13. Contact

For privacy questions or requests: privacy@cloudstackcanvas.com

Terms of Service →← Back to dashboard