Privacy Policy

Last Updated: February 26, 2026

This Privacy Policy describes how Canvo ("we", "us", or "our") handles your data when you use our mobile application ("the App"). We built Canvo with a local-first, Bring-Your-Own-Key (BYOK) architecture specifically to prioritize your privacy and data ownership.

1. Data Collection and Storage

Local Storage: Canvo operates primarily on your device. Your conversation history, custom Canvas blocks, application settings, and API keys are stored in an encrypted database locally on your device. We do not maintain cloud servers to sync, store, or view your conversations.

2. Third-Particle API Connections

To function as an AI client, the App transmits your prompts, attachments (if provided), and conversation history directly to the Large Language Model (LLM) APIs you configure (e.g., OpenRouter, Google, OpenAI, Anthropic).

This data is sent directly from your device to the API provider.
We do not proxy these requests through our servers.
Your data handling during these requests is governed by the respective Privacy Policies of the third-party providers you choose to connect to.

3. Device Permissions

Canvo may request the following permissions on your device to enable specific tools (only triggered upon your explicit request within a chat):

Location: To provide location-aware responses through the get_location tool.
Contacts: To search and reference contact information through the contacts_search tool. This data is read-only and only sent to the LLM if you prompt it.
Camera & Media: To capture photos directly or allow you to attach images, documents, or audio files to your prompts.
Microphone: To enable voice-to-text input features.

4. Third-Party Integrations (OAuth)

You may optionally connect Canvo to your Google account using OAuth to enable advanced tools. If you choose to do so:

Gmail API: Canvo requests read/write access to draft, send, or read emails on your behalf only when you explicitly prompt the AI to do so using the gmail tool.
Calendar API: Canvo requests read/write access to view your schedule or create events only when you explicitly prompt the AI to do so using the calendar tool.
Data Usage: Your email and calendar data is never stored on our servers. It is retrieved locally and sent only to your configured LLM provider to fulfil your request. Canvo's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

4. Data Sharing and Telemetry

We do not sell, rent, or trade your personal information. We do not embed hidden analytics trackers or crash reporting SDKs that exfiltrate your chat data. Information is only shared with the API providers you explicitly configure via your keys or WebSocket connections.

5. Data Retention and Deletion

Because your data is stored locally, you have complete control over it. You can delete your entire conversation history, API keys, and configuration at any time by clearing the application data in your Android Settings or uninstalling the App.

6. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the date at the top of this policy and, if necessary, through a notice within the App.

7. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

dev@canvo.cloud