Trust & Security Portal

Start your security review
View & download sensitive information
Ask for information
ControlK

Overview

Canva is an online digital design and publishing platform that enables individuals, teams, and enterprises to create visual content collaboratively. It supports the creation of a wide range of content, including social media posts, presentations, videos, posters, logos, and websites. With over 220 million monthly active users worldwide, trust, privacy, and security are central to how we operate. Learn more about Canva here - https://www.canva.com/about/.

This Trust & Security Portal provides visibility into Canva’s security posture, privacy practices, compliance commitments, and reliability controls. You can also request access to our security documentation and audit reports through the portal.

Compliance

SOC 2 Type 2 Logo
SOC 2 Type 2
ISO/IEC 27001 Logo
ISO/IEC 27001
PCI DSS Logo
PCI DSS
EU-US DPF Logo
EU-US DPF
GDPR Logo
GDPR
Privacy Shield Logo
Privacy Shield
CCPA Logo
CCPA
DSA Logo
DSA

Canva is reviewed and trusted by

Expedia Group-company-logoExpedia Group
Salesforce-company-logoSalesforce
T-Mobile-company-logoT-Mobile
Stripe-company-logoStripe
Airbnb-company-logoAirbnb
HubSpot-company-logoHubSpot

Documents

REPORTSBanking Documents
REPORTSPCI DSS
REPORTSPentest Report
REPORTSSecurity & Privacy Overview
REPORTSSOC 3 Report
COMPLIANCEISO/IEC 27001
COMPLIANCESOC 2 Type 2
SELF-ASSESSMENTSCAIQ Lite
SELF-ASSESSMENTSHECVAT Full
SELF-ASSESSMENTSSIG Lite
SELF-ASSESSMENTSVSA Full
LEGALCyber Insurance

Data Security

Access Monitoring
Data Backups
Encryption-at-rest
View more

App Security

Application Penetration Testing
Code Analysis
Secure Development Training
View more

Infrastructure

Status Monitoring
Anti-DDoS
BC/DR
View more

AI

AI Security
AI Monitoring
AI Governance
View more

Data Privacy

Cookies
Data Breach Notifications
Data Protection Impact Assessment (DPIA)
View more

Legal

SubprocessorsAmazon Web Services (AWS)-company-logoBlack Forest Labs-company-logoGoogle-company-logoMongoDB-company-logoOpenAI-company-logo
Cyber Insurance
Data Processing Agreement
View more

Product Security

Audit Logging
Data Security
Integrations
View more

Network Security

Data Loss Prevention
Distributed Denial of Service Protection (Anti-DDoS)
Firewall
View more

Endpoint Security

Anti-Malware
Disk Encryption
DNS Filtering
View more

Access Control

Access Log Management
Automated Account Management
Device Lock
View more

Corporate Security

Asset Management Practices
Email Protection
Employee Training
View more

Change Management

Change Management Program
Changes Notification & Verification
Configuration Management Program
View more

Risk Management

Risk Assessments
Third-Party Dependence

ESG

Anti-Bribery and Corruption
Anti-Modern Slavery
Emissions management
View more

Reports

Banking Documents
PCI DSS
Pentest Report
View more

Self-Assessments

CAIQ Lite
HECVAT Full
SIG Lite
View more

Subprocessors

Trust & Security Portal Updates

CVE-2025-12792

Copy link
Vulnerabilities

Security Bulletin

Published Date: 13 November 2025
CVE: CVE-2025-12792
Severity: Low
CVSS: 3.2 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
Affected Products and Versions: The Canva for Mac desktop app before version 1.117.1, released through the Mac App Store. The Canva for Mac desktop app distributed through canva.com is not affected.

Details

The Mac App Store distribution of the Canva for Mac desktop app was built without Hardened Runtime. A local threat actor with unprivileged access could execute arbitrary code that inherits the TCC (Transparency, Consent, and Control) permissions assigned to Canva.

Remediation Advice

Canva recommends users upgrade to the latest version of the Canva application via the Mac App Store.

Acknowledgements

This vulnerability was submitted to Canva's Bug Bounty Program by p1tsi.