Canva

Comprehensive transparency with clear scope, plain language summaries, detailed section navigation, specific contact information including regional representatives, current version dating, and policy archives availability.

Clear primary purposes stated with detailed secondary uses disclosed including AI training and machine learning, marketing opt-out available, and consent mechanisms for new purposes, though purpose limitation commitment could be more explicit.

Strong maintenance framework with current update date, version archives, material change notifications via multiple methods, specific privacy contact details, regional representatives, and compliance certifications, though review frequency could be more specific.

Detailed enumeration of specific data types collected through multiple methods (direct, automatic, third-party, cookies, device identifiers, location) with clear purposes and collection necessity disclosures, though some sensitive data handling could be more explicit.

Strong disclosure with named third parties (Facebook, Google, LiveRamp, etc.), specific categories of service providers, clear purposes, and contractual obligations mentioned, plus detailed Canva Education third-party processor list with deletion commitments.

Generic security commitment with basic measures mentioned (password verification) but lacks specific encryption details, certifications, or breach notification procedures, includes appropriate disclaimers about security limitations.

Comprehensive cross-border disclosure with specific countries named, Data Privacy Framework compliance, EU Model Clauses for transfers, adequacy assessments acknowledged, and detailed third-party processor requirements with appropriate safeguards.

Comprehensive rights coverage including access, correction, deletion, marketing opt-out, consent withdrawal, privacy settings control, AI training opt-out, and complaint escalation to data protection authorities with multiple contact methods provided.

Good disclosure of AI/ML use with specific examples (image analysis, audio translation, personalization), opt-out available for AI training, and automated profiling disclosed, but lacks human review rights and detailed algorithmic transparency.

Excellent child protection with clear age thresholds, service restrictions, parental consent mechanisms, COPPA/FERPA certification, specific Canva Education protections, advertising restrictions, and detailed deletion policies for student accounts.