Privacy Policy

Last updated 14 June 2026

This policy explains what data canvas-drop collects, why, and how it is handled. We keep this to the minimum needed to run the service.

Who we are

canvas-drop (canvas-drop.com) ("canvas-drop", "we", "us") operates this instance and is the data controller for the information described below. canvas-drop is open-source software (MIT); this policy covers the instance hosted at canvas-drop.com.

What we collect

• Account identity. When you sign in with Google, we receive your name, email address, and profile-picture URL from your identity provider to identify you and control access.
• Session. A single essential cookie that keeps you signed in. We use no tracking or advertising cookies.
• Content you create. The canvases you deploy or store — their files, code, and any key-value data your canvases save.
• Usage and security logs. An audit log of significant actions, AI-usage records (only if AI features are enabled and you use them), and your IP address, used transiently for rate-limiting and abuse prevention.

How we use it

Solely to provide and operate the service: to authenticate you, enforce access, serve the canvases you create, and keep the platform secure. We do not sell your data, show ads, or run third-party analytics or phone-home telemetry.

Who we share it with

• Your sign-in provider (Google). Authentication happens through Google; their handling of your sign-in is governed by Google's own privacy policy.
• AI provider. Only if AI features are enabled and you use them, the prompts you send are forwarded to the configured AI provider (Anthropic) to generate responses.
• Hosting infrastructure. Our hosting and storage providers process data on our behalf to run the service.

Retention

We keep your identity and content for as long as your account and canvases exist. Deleting a canvas or your account removes the associated data. Security and audit logs are kept for a limited period for abuse prevention, then discarded.

Your rights

You can request access to, correction of, or deletion of your personal data by contacting us at mark.pasternak@gmail.com.

Changes

We may update this policy; the "last updated" date above reflects the current version.

Contact

Questions about this policy? Email mark.pasternak@gmail.com.