Canvas Badges Business Account Privacy Policy

Effective Date 12/6/2022

Canvas Badges is an online platform to create, curate, distribute, receive, explore, and share micro-credentials (“Badges”), and users can access tools to issues Badges to Badge Recipients, as well as associated administrative tools and services, such as Canvas Credentials.

Canvas Badges is provided by Instructure, Inc. (“Instructure,” “us,” “we,” or “our”) through our websites (,, and, Canvas Credentials, and our APIs (collectively “the Site” or “Canvas Badges”). This Canvas Badges Business Account Privacy Policy applies to your use of Canvas Badges if you are accessing the Site on behalf of a business, agency or other organization for whom you are issuing Badges or performing other tasks within Canvas Badges (“Business Account Owner,” “they,” or “them”). This Canvas Badges Business Account Privacy Policy often refers to “you”, i.e., the Canvas Badges user with an account associated with a Business Account.

This Canvas Badges Business Account Privacy Policy does not apply to any information collected by Instructure in our capacity as controller, such as information collected on the Site or through other channels for marketing purposes.

This Privacy Policy forms part of our Terms. For a listing of the other documents that form part of our Terms, click here. Capitalized terms not otherwise defined herein shall have the meaning set forth in the Canvas Badges Terms of Service. In the event of a conflict between this Canvas Badges Business Account Privacy Policy and the Canvas Badges Terms of Service, the Terms of Service will control.


1.1. Our Responsibilities. This Canvas Badges Business Account Privacy Policy applies to your use of Canvas Badges as a user on behalf of a Business Account Owner, and explains what personal data we collect through Canvas Badges based on such use (“Customer Data”), how we use, store, transfer, and share that data on your behalf, and your choices and rights concerning our personal data practices. Customer Data may include data you share about yourself and data about other individuals you share at the request of the Business Account Owner you are associated with.

1.2. Your Responsibilities. We process Customer Data pursuant to the Canvas Badges Terms of Service or, if applicable, the master agreement your organization has with us. We have no direct control or ownership of the Personal Information we process for Business Account Owners. Business Accounts Owners are responsible for complying with any regulations or laws that require provided notice, disclosure, and/or obtaining consent prior to transferring the Customer Data to us for process purposes.


Business Account Owners may use Canvas Badges to facilitate a variety of actions, including creating and issuing Badges and sharing Badges on behalf of Badge Recipients. When Business Account Owners use Canvas Badges, they may collect personal data such as first and last name, email address, physical address, or phone number and provide such information to us (“Personal Information”). We also collect Personal Information from Badge Recipients, including registration information, including email address, username, password, first and last name, and account settings. When Business Account Owners integrate Canvas Credentials, additional information associated with awarding badges may be collected, like leaderboard rankings and analytics. Instructure processes such Personal Information as our Business Account Owners direct and in accordance with our agreements with them, and we store it on our service providers’ servers. Our agreements with our Business Account Owners prohibit us from using Personal Information except as necessary to provide and improve Canvas Badges, as permitted by this Canvas Badges Business Account Privacy Policy, and as required by law. Our Business Account Owners control and are responsible for correcting, deleting or updating Personal Information provided to Instructure. We may work with our Business Account Owners to help them provide notice to individuals about their data collection, processing and usage.


3.1. Sensitive Personal Data. We do not intentionally collect any sensitive personal data, such as health information, genetic data, religious information, and government issued ID numbers.

3.1. Children’s Personal Data. Canvas Badges are not intended for children under 13. Our Terms prohibit anyone under the age of 13 from using Canvas Badges.


We share Personal Information contained in the Customer Data with certain third parties in the following circumstances:

4.1. Badge Sharing with Badge Recipients. Once a Badge is issued, that Badge becomes sharable at the discretion of the Badge Recipient.

4.2. Badge Sharing by Third Parties. As part of the Badge Connect™ open standard, Instructure may share issued Badges with third parties. The third party accessing Canvas Badges for such purposes is solely responsible for obtaining the Badge Recipient’s consent in advance of accessing Canvas Badges for such purposes and for ensuring it shares such Badges only with third-party services the Badge Recipients’ have expressly authorized.

4.3. Service Providers. To assist us in meeting business operations needs and to perform certain services it is sometimes necessary to share Personal Information with third-party providers, such as providers of hosting, payment processing, email communication, and analytics. If required under applicable law, we will make a list of third-party service providers available to you upon request sent to

4.4. Business Transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of a service to another provider, Personal Information and other information may be transferred to a successor or affiliate as part of that transaction.

4.5. Legal Requirements. We may share Personal Information in order to: (a) comply with our legal obligations, (b) detect, prevent, or otherwise address fraud, security or technical issues, (c) enforce applicable policies, including investigation of potential violations, or (d) protect against harm to the rights, property or safety of our users, the public, or ourselves. We may also share Personal Information with your consent or as otherwise disclosed at the time of collection.

5. DATA RETENTION. Instructure will delete or return all Personal Information contained in Customer Data (including copies thereof), on termination or expiration of your Business Account in accordance with the procedures and timeframes set out in the Canvas Badges Terms of Service, except that this requirement shall not apply to the extent we are required by applicable law to retain some or all of the Personal Information we have archived on back-up systems, which data we will securely isolate and protect from any further processing. Please note that once a Badge is issued, it is freely sharable by that Badge Recipient on an ongoing basis and any Personal Information included in that Badge’s meta-data remains as part of the Badge unless Instructure is directed to delete such information pursuant to a deletion request made by the Badge Recipient or unless the issuer of the Badge corrects or revokes the Badge through its Business Account. Contact us at if you have questions about retention of Business Account related Personal Information.

6. INTERNATIONAL TRANSFER OF DATA. If you are using Canvas Badges from a country outside the United States, Customer Data may be transferred for processing from your current location to our offices and servers and our authorized third-party service providers located globally, including in the United States. Other countries may have data protection laws less stringent than or otherwise different from the laws in effect in the country in which you are located. When we transfer information of individuals in the European Economic Area (EEA) or the United Kingdom (UK), we make use of standard contractual data protection clauses, which have been approved by the European Commission.

7. COOKIES. We use cookies, and other similar technologies, for activities such as (a) maintaining the functionality of Canvas Badges, e.g., automatic account sign-in, (b) securing the Site, (c) improving Canvas Badges, and (d) deploying website analytics, e.g., Google Analytics. The cookies we set are essential for the operation of our Site or are used for performance or functionality. By using Canvas Badges, you agree that we can place these types of cookies on your computer or device.

8. SECURITY. We take reasonable administrative and technical steps to protect Customer Data from loss, misuse and unauthorized access, disclosure, alteration, or destruction. We protect the security of Customer Data during transmission by using Secure Sockets Layer (SSL) software or other encryption technology, which encrypts personal data you input. Wherever appropriate, we obfuscate and/or encrypt Customer Data in our systems and/or during information transfer. However, no method of transmission over the internet is 100% secure and we cannot absolutely guarantee the security of Customer Data. It is important for you to protect against unauthorized access to your password to the Site and to your computer. Be sure to sign out of Canvas Badges when finished.

9. CALIFORNIA PRIVACY DISCLOSURE. We may use cookies or other similar tracking technologies to collect information about your browsing activities over time and across different websites. We may allow third-party service providers and other third parties to do the same. We do not respond to “Do Not Track” (DNT) signals and we operate as described in this Canvas Badges Business Account Privacy Policy whether or not a DNT signal is received.

10. DATA REQUESTS. If you want to access, correct, amend, or delete data controlled by a Business Account Owner, you should direct your query to the Business Account Owner (the data controller). We will work with customers to respond to data subject requests as outlined in our DPA.

You may request the deletion of your Canvas Badges account by sending a request to You should also review our DPA to understand our obligations as a processor of your data and how we comply with relevant data protection laws.

If you are seeking to exercise your data subject access rights for the data Instructure processes as a controller, please see the Canvas Badges Privacy Policy.

11. THIRD-PARTY LINKS. This Canvas Badges Business Account Privacy Policy does not apply when you use a link to go from Canvas Badges to another website. Your browsing and interactions on any third-party website, are subject to that third party’s own rules and policies. In addition, you agree that we are not responsible for and we do not exercise control over any third-parties that you authorize to access your content. If you are using a third-party website, e.g., Facebook, and you allow such third-party access to your content, you do so at your own risk