Canvas Enhancer — Privacy Policy

Last updated: June 2026

Overview

Canvas Enhancer is a browser extension for Chrome and Microsoft Edge that adds AI-powered tools to the Canvas LMS. This policy explains what data we collect, how we use it, and what we do not do with it.

We collect only what is necessary to deliver the product. We do not sell your data, share it with advertisers, or use it for any purpose other than operating Canvas Enhancer.

What we collect

  • Canvas account identifier. The extension reads your Canvas user ID (an integer assigned by your institution's Canvas instance) and your Canvas domain (e.g. school.instructure.com). These are combined into an account key (userID@domain) stored in your browser and on our servers. This key identifies your credit account and is stable across devices on the same Canvas instance.
  • Teacher registration (optional). If you choose to register to receive credits from colleagues, you provide your name and school email address through the Settings panel. This information is stored on our servers and allows other teachers at your school to send credits to you by email. Registration is entirely voluntary.
  • AI credit balance and usage. Your current credit balance, total credits used, and credit transfer history are stored on our servers, keyed to your account identifier.
  • Payment information. If you purchase AI credits, your payment is processed by Stripe. We store only a Stripe customer reference ID and the last 4 digits and brand of your card for display purposes. Your full card number, expiry, and CVV are never transmitted to or stored by Canvas Enhancer — they are held exclusively by Stripe.
  • Auto-reload settings. If you enable auto-reload, your chosen threshold and reload amount are stored alongside your account identifier.

What we do not collect

  • Your Canvas login credentials or session password
  • Student names, student IDs, grades, or any other student personal information
  • The content of Canvas pages you visit (unless you explicitly submit text to an AI feature)
  • Your IP address or browsing history outside of Canvas
  • Any data from websites other than your Canvas instance

Browser permissions

The extension requests the following browser permissions and uses them as described:

  • storage — Saves your preferences, account identifier, and settings locally in your browser.
  • cookies — Reads your Canvas session cookie solely to authenticate requests to the Canvas API on your behalf (for example, to load assignment data for grading tools). No cookies are read from any other website.
  • windows — Opens the credit management panel in a new browser window when requested.
  • management — Allows you to uninstall Canvas Enhancer from within the extension's Settings panel. This permission is used for no other purpose.

The extension operates only on Canvas LMS domains (*.instructure.com, *.canvas.com, *.canvaslms.com) and on the Canvas Enhancer website. It also accesses *.amazonaws.com because Canvas serves uploaded files (such as student submissions) through Amazon S3 — the extension needs this to read submission content for AI grading.

AI processing and student data

When you use AI features (grading, page building, quiz creation), the content you submit — such as assignment instructions or student submission text — is sent to Anthropic's Claude API for processing. This content is used solely to generate the AI response and is governed by Anthropic's Privacy Policy.

Canvas Enhancer does not store, log, or retain the content of submissions or AI responses. Once the response is delivered to your browser, no record of the content is kept on our servers.

FERPA notice: Teachers are responsible for ensuring their use of AI tools complies with their institution's data policies and applicable law, including FERPA. We recommend avoiding submitting content that includes student names or other identifying information to AI features.

Credit sharing between teachers

Canvas Enhancer allows teachers to share AI credits with colleagues at the same school. To send credits to another teacher, you search by their school email address. Searches are scoped to your Canvas domain — you can only find teachers registered on the same Canvas instance as you.

If you register to receive credits, your name and email become discoverable by other teachers at your school searching by your exact email address. No directory or list of registered teachers is ever displayed. You can request removal of your registration at any time by contacting us (see below).

How we use data

The data we collect is used only to:

  • Identify your credit account across devices on the same Canvas instance
  • Track your AI credit balance and deduct credits when AI features are used
  • Enable credit transfers between teachers at the same school
  • Process payments and manage auto-reload charges through Stripe
  • Display your saved card details in the credits panel

We do not sell, share, or transfer any data to third parties for marketing, advertising, or any other purpose.

Data storage and security

Credit balances, registration profiles, and settings are stored in Upstash Redis, a managed database with encryption at rest and in transit. Payment data is stored and secured by Stripe, which is PCI DSS Level 1 certified. The Canvas Enhancer API runs on Vercel, a SOC 2-certified hosting provider.

Data retention and deletion

Your credit balance, registration profile (if created), and settings persist until you request deletion. To delete your data, email canvasenhancer@gmail.com with the subject line "Delete my data" from the email address associated with your account, or include your Canvas domain and Canvas user ID so we can locate your record.

We will process deletion requests within 30 days. Stripe payment records are subject to Stripe's own retention policies for legal and financial compliance purposes.

Children's privacy

Canvas Enhancer is designed for use by teachers and school administrators only. It is not directed at children under 13 and we do not knowingly collect information from children. Student data that appears in Canvas (such as submission text processed by AI features) is handled as described in the AI Processing section above and is never stored by Canvas Enhancer.

Third-party services

Changes to this policy

We may update this policy as the product evolves. Material changes will be noted by updating the date at the top of this page. Continued use of Canvas Enhancer after changes constitutes acceptance of the updated policy.

Contact

Questions about this policy or data deletion requests: canvasenhancer@gmail.com