Skip to main content
Back to Home
CANVEX

Privacy Policy

Last updated: March 2026

Overview

Canvex ("we", "us", "our") is an AI-powered business canvas generator available at canvex.org. We are committed to protecting your privacy and being transparent about how your data is handled. This policy explains what data we collect, how we use it, and what we do not collect.

Bring Your Own Key (BYOK) Model

Canvex operates on a BYOK (Bring Your Own Key) model. You provide your own API key from OpenAI, Anthropic, or Google to power AI canvas generation. Here is how your key is handled:

  • Your API key is stored only in your browser (sessionStorage or localStorage).
  • Your API key is never stored, logged, or persisted on our servers.
  • When you generate a canvas, your key is sent directly from your browser to the selected AI provider (OpenAI, Anthropic, or Google) via our server-side proxy. The key is used for a single request and immediately discarded.
  • We have no ability to view, retrieve, or use your API key after the request completes.

What Data We Collect

  • Canvas content: When you share a canvas publicly, its content (title, sections, items) is stored in our MongoDB database to make it accessible via a share link.
  • Business prompts: The text you enter to describe your business idea is sent to the AI provider for generation. We may store a truncated version in audit logs for debugging purposes.
  • Session metadata: Basic analytics such as canvas type, provider used, and timestamps to help us improve the product.

What Data We Do NOT Collect

  • API keys — never stored server-side, never logged.
  • Personal information — no account creation, no email, no name required.
  • Tracking cookies — we do not use third-party tracking or advertising cookies.

Canvex does not train AI models on your canvas data.

Local Storage

Your canvas data is primarily stored in your browser's localStorage. This is the canonical copy of your work. Data in localStorage persists until you manually delete it or clear your browser data. We also store your canvas in MongoDB as a secondary backup for sharing features.

Data Retention

Canvases stored in MongoDB persist until you delete them or until we perform routine data cleanup. Shared canvases remain accessible via their share link until removed. Local canvas data persists in your browser until you clear it.

Third-Party Services

When you generate a canvas, your business prompt is sent to your chosen AI provider (OpenAI, Anthropic, or Google) using your own API key. Each provider has their own privacy policy governing how they handle your data. We encourage you to review their policies.

Your Rights

You can delete your canvas data from localStorage at any time by clearing your browser data. To request deletion of server-side canvas data, please contact us. You can stop using the service at any time — there is no account to close or subscription to cancel.

Contact

For any privacy-related questions or requests, please reach out via amotaal.com.