Privacy Policy

Last updated: November 2025

Information We Collect

Canvas Brain collects and processes the following information:

• Canvas Course Content: Pages, assignments, files, and other course materials from your Canvas LMS account that you choose to access through the extension
• Uploaded Files: PDF, DOCX, and PPTX files you choose to upload through the extension interface
• Chat Messages: Questions and conversations you have through the chat interface
• Account Information: Email address and encrypted password for account creation and authentication
• Device Information: Device fingerprint for security and authentication purposes
• Usage Data: Information about how you interact with the extension, including which features you use

How We Collect Information

We collect information in the following ways:

• Directly from you: When you create an account, upload files, or interact with the chat interface
• From Canvas LMS: When you use the extension to access your Canvas course content, the extension retrieves content from Canvas on your behalf
• Automatically: Through the extension's normal operation, including usage analytics and error logging

How We Use Your Information

We use the collected information for the following purposes:

• To provide and maintain the Canvas Brain service
• To process and respond to your chat queries using AI services
• To compress and organize course content for efficient storage and retrieval
• To authenticate your account and ensure security
• To improve the extension's functionality and user experience
• To troubleshoot technical issues and provide support

Course content is compressed and stored locally in your browser. Content is sent to third-party AI services (Google Gemini, OpenAI) for processing chat queries and content compression. We do not store your course content or chat messages on our servers beyond temporary API processing necessary to provide the service.

Important: The Canvas Brain team cannot see your chat messages. Your chat conversations are processed directly by third-party AI services (Google Gemini, OpenAI) and are not accessible to or viewable by Canvas Brain staff or administrators. Chat messages are not logged, stored, or monitored by our team.

Data Storage

Data is stored in the following locations:

• Local Browser Storage: All scraped and compressed course content is stored locally in your browser using Chrome's storage API. This data remains on your device and is not transmitted to our servers except when processing chat queries.
• Server Storage: Account information (email address and encrypted password) is stored on our secure servers for authentication purposes. We do not store your course content, uploaded files, or chat messages on our servers. The Canvas Brain team has no access to and cannot view your chat conversations.
• Third-Party Storage: When you use chat features, your queries and relevant course content are temporarily sent to third-party AI services (Google Gemini, OpenAI) for processing. These services may store data according to their own privacy policies.

Data Retention: Account information is retained for as long as your account is active. Local browser storage data persists until you clear your browser data or uninstall the extension. Third-party AI services may retain data according to their respective retention policies.

Data Sharing and Disclosure

We share your information in the following circumstances:

• Third-Party AI Services: We share your chat queries and relevant course content with Google Gemini API (for chat responses) and OpenAI API (for content compression). These services process your data according to their own privacy policies and terms of service.
• Service Providers: We may use third-party service providers to host our servers and manage our infrastructure. These providers have access to account information necessary to provide the service.
• Legal Requirements: We may disclose information if required by law, court order, or government regulation, or to protect our rights and the safety of our users.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of the transaction.

We do not sell your personal information or course content to third parties. We do not share your data with advertisers or marketing companies.

Third-Party Services

Canvas Brain uses the following third-party services:

• Google Gemini API: Used for processing chat queries and generating responses. Google's privacy policy applies to data sent to this service.
• OpenAI API: Used for content compression and processing. OpenAI's privacy policy applies to data sent to this service.
• Heroku: Used for hosting our server infrastructure. Heroku's privacy policy applies to data stored on their platform.

We encourage you to review the privacy policies of these third-party services to understand how they handle your data.

Data Security

We implement appropriate technical and organizational measures to protect your information:

• Passwords are encrypted using industry-standard hashing algorithms
• Data transmission is encrypted using HTTPS/TLS protocols
• Access to account information is restricted to authorized personnel only
• Regular security audits and updates are performed

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Your Rights and Choices

You have the following rights regarding your information:

• Access: You can access your account information through the extension settings
• Deletion: You can delete your account and associated data by contacting us
• Local Data Control: You can clear local browser storage data at any time through your browser settings
• Opt-Out: You can stop using the extension at any time, which will prevent further data collection

Children's Privacy

Canvas Brain is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

Contact

For privacy concerns, questions about this policy, or to exercise your rights regarding your data, please contact us at tyb3@cornell.edu.