Last updated: 14 March 2024
1. Introduction
At Flourish, we’re committed to protecting and respecting your privacy. We try to collect the minimum amount of personal information we need to run our services.
This privacy policy (“Privacy Policy“) applies to our “Service“ (which includes, but is not limited to our website at flourish.studio, our Software Developer Kit (“SDK”), our Flourish API and our Flourish app within the Canva platform and any other format or method through which Users can access or use our Flourish platform from time to time). It explains when and why we collect personal information about people who visit our website, how we use it, the conditions under which we may disclose it to others, and how we keep it secure. Capitalized terms that are not defined in this Privacy Policy have the meaning given to them in our Terms and Conditions.
By using our Service, you confirm that you have read and understand this Privacy Policy.
We may change this Privacy Policy from time to time, so please check this page occasionally to ensure that you’re happy with any changes.
There are several types of user accounts in Flourish, as described in our terms and conditions. References to ‘Users’ in this Privacy Policy include all types of account, unless otherwise stated.
Any questions regarding our privacy practices and this Privacy Policy should be sent by email to support@flourish.studio, or in writing to Flourish Privacy, 33-35 Hoxton Square, London, N1 6NN.
2. Who are we?
The data controller responsible for your personal information is Canva UK Operations Limited (‘Flourish’), company number 08825531, registered address 33-35 Hoxton Square, London, N1 6NN.
3. How do we collect information from you?
We obtain information about you when you sign up for access to Flourish, when you use Flourish, and when you sign up for our email newsletter. We also collect any personal information that is in data and code that you choose to upload to our website. We may also collect certain information from you automatically through cookies and other tracking technologies, as described below.
4. Why do we collect information from you?
We collect the information that we need in order to provide you with access to Flourish. We use your information to administer your account, take payments from you (if applicable), provide you with news and updates on Flourish, information about Flourish products or services which may interest you, and improve Flourish for you and other Users.
5. What is Flourish’s role under the GDPR and UK data protection laws?
Depending on the situation and the type of data involved, Flourish may act as a data controller or a data processor. Where you are using the Service and making decisions about the personal data that is being processed in the Service (including by uploading and using content), you are acting as the data controller, and Flourish is acting as a data processor. Flourish’s processing of your customer personal data will be governed by the terms of Flourish Data Processing Addendum.
If you are an individual and have questions or concerns about how your personal data is handled by one of our Flourish Users in one of their Projects or their User Content, you should contact the relevant User that is using our Service and refer to their separate privacy policies.
6. What information do we collect from you?
a. Information you give us directly
When you sign up for our email newsletter, we collect your email address and company details (if applicable).
When you sign up to Flourish, we collect your Flourish username, display name and email address, plus optional additional information about your company, job role and your intended use of Flourish.
When you purchase a subscription to the Service, we will collect and store your billing information (such as address and VAT number). We use third-party payment providers to process payments on the Service. All payment information is handled only by PCI-compliant organizations. When paying with a credit card, payment information is stored and processed by our payment providers on our behalf. If you contact us, for example to report a problem or send us a question, we store details of the communication. We may also store any phone number used to call our customer service number or social media handle used to connect with our customer service team.
We also store any data and code you upload to Flourish as part of your use of the service, which may include personal information or sensitive information about you or others.
You are under no obligation to provide any personal information. However, if you should choose to withhold requested information, we may not be able to provide you with certain services.
b. Information we collect about you automatically
When you use Flourish, we collect certain information automatically such as the actions you take, and the time you take those actions. By using cookies, we also collect information such as the type of internet browser you use.
With regard to each of your visits to our website we will automatically collect the following information:
technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page. You cannot be identified from this aggregate information retained or used for these purposes.
For more information about our use of cookies, see the Cookies section below.
We may also record users’ screen sessions using the Mouseflow tool or similar tools. These recordings may capture code, data and text that you have uploaded to the service but will not capture other personally identifiable information. You can view Mouseflow’s security policies and choose to opt out of Mouseflow tracking.
7. How do we use your personal information?
We may use information you give to us in the following ways:
to carry out our obligations arising from any contracts entered into between you and us, including to process your payments, and to provide you with the information, products and services that you request from us;
to provide you with information about Flourish, and other of our services that may interest you;
notify you of changes to our services;
to ensure in our legitimate interests that content from our site is presented in the most effective manner for you and for your computer; and
seek your views or comments on the services we provide.
We may use information we collect about you in the following ways:
to administer our site under our terms and for internal operations, including troubleshooting, and, in our legitimate interests, data analysis, testing, research, statistical and survey purposes;
to improve our product and website to ensure that content is presented in the most effective manner for you and for your computer;
to prevent, detect, investigate and address safety, security, fraud and abuse risks and to develop our algorithms and models to identify violations of this Privacy Policy or our Terms and Conditions (e.g. detecting content such as spam or offensive material);
to allow you to participate in interactive features of our service, when you choose to do so;
as part of our legitimate efforts to keep our site safe and secure;
for our legitimate interest of measuring or understanding the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
to make suggestions and recommendations to you and other Users about goods or services that may interest you or them in our legitimate interests and subject to your stated preferences where relevant.
8. Our legal basis for processing your information
We need a legal basis to collect, use and disclose your personal information. Our legal basis for collecting, using and disclosing your data will depend on the information concerned and the context in which it is processed. However, we will normally process your data only where we need the data to perform a contract with you, it is in our legitimate interests to do so, or we have your consent to do so. In some cases, we may also have a legal obligation to process your information.
Further to the purposes outlined above, the following may apply:
If you contact us (e.g. by email), we use your information processed to carry out pre-contractual measures, fulfill our contract with you or because it is in our legitimate interests to do so.
If you sign up for our newsletter, we rely on your consent to process your information to send you our newsletter on a regular basis.
When you sign up to Flourish, we process your information to create and maintain your account in order to fulfill our contact with you.
If your information is processed to deal with business transactions, your information is processed to carry out pre-contractual measures, fulfill our contract with you or because it is in our legitimate interests to do so.
We process your information to ensure system security, make suggestions and recommendations to you, manage and improve our Service and understand the effectiveness of advertising we serve to you and others where it is in our legitimate interests to do. We also rely on legitimate interests where we process your information for data analysis, testing, research, statistical and survey purposes. We do not rely on this lawful basis where our legitimate interests are overridden by your interests.
We may process your information because it is necessary to comply with our legal obligations, such as for tax, accounting and audit purposes.
9. Cookies and other technologies
When you visit Flourish, we (and the third parties we work with) send cookies or other technologies to your computer or mobile device.
Cookies are small pieces of information which are issued to your computer or mobile device when you visit a website and which store and sometimes track information. Some of the cookies used by Flourish are set by us, and some are set by third parties who are delivering services on our behalf, as detailed below. Although they do identify a user’s computer, cookies do not personally identify users and passwords and credit card information are not stored in cookies.
A number of cookies we use last only for the duration of your web session and expire when you close your browser. Other cookies are used to remember you when you return to Flourish, and will last for longer.
Most web browsers automatically accept cookies, but if you prefer, you can change your browser to prevent that and your help screen or manual will tell you how to do this. However, you will not be able to take full advantage of our website if you do so.
For more information on how we use cookies and other technologies, and how you can control them, please read our Cookies Policy.
When you embed Flourish content on your website, we do not place any cookies.
10. Who do we share your information with?
a. Our affiliates, employees and authorized contractors:
We may share your information, including personal data with any member or authorized contractor of Canva UK Operations Limited and our affiliates and group companies.
b. Our third-party service providers and partners:
We may share your information, including personal data, with third-party service providers and agents who work on our behalf and provide us with services related to the Service (including for billing and credit card payment processing, maintenance, sales, marketing, administration, support, data enrichment, hosting, and database management services, or outside professional advisors) or co-sponsors and presenters of webinars and events that you attend or co-branded content partners when you download or request certain marketing of such content. Additional information about the Subprocessors we use to support delivery of our Service is set out here.
c. Third-party services and third parties (with whom you are collaborating or with whom you consent):
i. Links to other websites.
Flourish may contain links to other websites run by other organizations. This Privacy Policy applies only to our website and Service, so we encourage you to read the privacy statements on the other websites you visit. We are not responsible for how they process your personal information.
ii. Profile, Project and Template visibility.
Anyone with view access to your projects (e.g. you and any colleagues in the same Company account) will see your Projects or Templates listed on your profile page (“Profile”), along with your name, username and any additional information that you decided to add to your profile. You can also optionally enable your profile page to be publicly visible. If you do this, anyone on the internet will be able to view your published projects and profile information (but not any unpublished projects).
iii. Business transactions.
We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganization, or if we’re under a duty to disclose or share your personal information in order to comply with any legal obligation (such as a court order, subpoena or other legal obligation) or to enforce or apply our terms of use or to protect the rights, property or safety of our supporters and Users. However, we will take steps to ensure that your privacy rights continue to be protected in accordance with the terms of this Privacy Policy.
We will not sell or rent your information to third parties. We will also not share your information with third parties for their own marketing purposes.
We may disclose aggregate statistics about visitors to business partners, suppliers, sub-contractors for performance of the contract with you, and prospective purchasers of Flourish, but these statistics will not include any personally identifiable information about you.
iv. Law enforcement.
For matters that we are required to use your information by law: Flourish will use or disclose your information where we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement; (b) to enforce our Terms and Conditions or to protect the security or integrity of our Service; and/or (c) to exercise or protect the rights, property, or personal safety of Flourish, our Users or others.
11. Security
When you give us personal information, we take steps to ensure that it’s treated securely.
While we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.
Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
12. How do we store your information?
Except where otherwise expressly agreed, your personal information is sent to and stored on secure servers within the European Economic Area (EEA). This storage is necessary in order to process the information.
We may transfer your personal information to our other offices, affiliates and/or to the third parties mentioned in the circumstances described above (see “Who do we share your information with”), which may be situated outside the UK and EEA. These countries concerned may not offer an equivalent level of protection for personal information as laws in the UK and EEA.
Where personal information is transferred outside the UK and EEA in relation to providing our Service, we will take all steps reasonably necessary to ensure that your information is subject to appropriate safeguards, such as relying on a recognized legal adequacy mechanism or entering into approved standard contractual clauses relevant to transfers of personal information - as well as ensuring that your personal information is treated securely and in accordance with this Privacy Policy.
By using Flourish, you understand that your personal information may be transferred and processed outside the UK and EEA.
13. How long do we keep your information?
If you ask us to delete your account, any project or profile information, plus any templates created by you that are not being used by other Users, will be deleted immediately. However, templates created by you that are already being used by other Users may continue to be available to those Users.
If we delete your account for other reasons - such as a missed payment on a paid account - we will continue to store all projects, profile information and templates for a minimum period of 2 years after closure of an account, in order to allow the account to be reactivated without any data loss. We reserve the right to delete all templates, profile information and projects at the end of this period, or sooner on request from the company administrator who controls the account. We may also be required to retain your information to comply with our legal, financial and audit obligations, and for backup and archival purposes
14. Your rights and choices
You have a choice about whether or not you wish to receive information from us, and we will not contact you unless you have given prior consent. If you do not want to receive news, updates or marketing from us, please click the “Unsubscribe” link in any email, or contact us: support@flourish.studio (You will continue to receive any essential emails regarding your Flourish account.)
The accuracy of your information is important to us. If you change email address, or any of the other information we hold is inaccurate or out of date, you can correct this in the Flourish app on your Settings page, or by contacting us at support@flourish.studio.
You also have certain rights under applicable data protection laws.
You have the right to ask for a copy of the information we hold about you. To request this information, contact us at support@flourish.studio.
Under certain circumstances, you also have a right:
to request the rectification or erasure of your personal information held by us;
to withdraw your consent to the processing of your personal information, where we rely on your consent as our lawful basis to do so;
to object and request that we cease processing your information, where we rely on legitimate interests as our lawful basis to do so;
to request that we restrict the processing of your personal information (while we verify or investigate your concerns with this information, for example); and
to request that your information be provided in structured, commonly used and machine-readable format or transferred to a third party controller.
If you are unhappy with the way we have handled your information, you also have a right to complain to a supervisory authority. The UK supervisory authority is the UK Information Commissioner.
15. Changes to this policy
We may update this Privacy Policy from time to time to reflect our current practice and ensure compliance with applicable laws. When we post changes to this Privacy Policy, we will revise the “Last Updated” date at the top of this page. We encourage you to check this page occasionally to ensure that you’re happy with any changes. By using our Service, you confirm that you have read and understand this Privacy Policy.
16. Contacting us
Please submit any questions or comments you have about our privacy practices or this Privacy Policy, or any requests concerning your personal data information, by email to support@flourish.studio or write to us at: Flourish Team, Canva UK Operations Limited, 33-35 Hoxton Square, London, N1 6NN.
Our local representative in the EEA is European Data Protection Office (EDPO) with registered address at Regus Block 1, Blanchardstown Corporate Park, Ballycoolen Road, Blanchardstown, Dublin, D15 AKK1, Ireland. The EDPO can be contacted at info@edpo.com. If you are in the EEA, data subject request forms can be accessed at http://edpo.com/gdpr-data-request/.