Skip to main content

Serif Privacy Policy

Last Updated: 30 October 2025

Please read this Privacy Policy carefully as it explains how Serif (Europe) Limited (a Canva company) (“Serif”, “we”, “our” “us”) collects and uses personal data and your rights in respect of that data.

Serif is the controller of, and responsible for, personal data collected from users of Affinity’s products up to and including version 2.6 only (“Affinity by Serif”), services, events, forums and websites (being serif.com and any other websites or applications created by us from time to time that link to this Privacy Policy, together, our “Sites”)

Please note: Canva is the controller of, and responsible for, personal data collected from users of Affinity version 3 and beyond (“Affinity by Canva”), and Serif will only process version 3 personal data on Canva’s behalf, in accordance with Canva’s instructions.

We may need to update this Privacy Policy from time to time. When we do we will notify you by updating this page, so please check it periodically, and/or, if the changes are material, showing you a banner to notify you when you visit our website or sending you an email If you have any queries relating to our use of your personal data or this Privacy Policy, you can email dataprotection@serif.com or write to us at Serif (Europe) Ltd, 12 Wilford Ind Est, Nottingham NG11 7EP.

1. Information we collect

We process the following types of personal data:

  • Account Information - When you registered for an Affinity by Serif account, sign up to receive our newsletters, or to take part in our free public betas, or download a free trial of our software, or sign up to the Affinity Forum, an account is created which may include your name, email address, IP address (which may be used to infer general location at a city or country level) and phone number. This may also include your payment information when you make a purchase on our Websites. Please do not share your username or account details with any third party.
  • Contact Information - If you: (a) complete one of our enquiry forms on Our Sites; (b) enter into a contract with us for our services; (c) report a problem with Our Sites ; or (d) otherwise correspond with us, we may collect your name, address (including email address), other contact details, phone numbers and identification.
  • Technical Information - When you visit the Sites, we (and our third-party partners) use cookies and similar online tracking technologies to collect information needed for our Sites and services to work and stay secure or to improve and personalise your experience, if you’ve agreed. For more information on how we use cookies and other technologies and how you can control them, please read our Cookies Policy.
  • Usage Data - Affinity by Serif and Affinity by Canva applications collect information from your device for the purpose of aggregated reporting, for example usage data, application name and version number, language and OS version. This is used to ensure correct content is shown in the welcome screen of the applications and to help notify you of product updates.
  • We will also collect crash report data, but only if you agree.
  • In addition, our beta versions of the applications will automatically send additional data to help diagnose issues including GFX card information, Direct X data, CPU info and platform patches.
  • Participation and Feedback Data - Information related to transactions you conduct on the Sites and/or services, including when you choose to register for a webinar, event, or participate in a survey, or download special content, and your interactions with the Sites and/or services (for example when you provide feedback).
  • Information from third-parties - We may receive information about you from third parties. For example, if you access the Affinity by Serif service through a third-party connection or log-in, that third-party may pass certain information about your use of its service to us. Or if you’re using Affinity by Canva, then we receive some information from Canva so we can process information to provide the service, on Canva’s behalf.

2. Why do we process personal data?

We will only process your information when have good reason and the law says we can, including:

  • To meet our contractual obligations to provide our services (e.g. to enable you to access and use the Sites, to provide access to your purchases and product keys, to provide customer support, process payments when applicable, monitor to keep the service running or keeping a record of licence-holders);
  • To meet our legal obligations (e.g. keep our services and users safe and secure, by detecting and preventing malware, viruses, pay taxes and assist public authorities if we’re required to do so)
  • To exercise our legitimate interests, but only when it does not adversely affect your interests and rights. For example:
    • So we can keep in touch to manage complaints or queries and, where legally allowed, to send you marketing and/or personalise our communications with you;
    • To produce insights, reporting and measure growth so we can spot opportunities and grow our business,
    • To prevent and investigate unacceptable use and fraud;
  • When we have your consent - e.g. when you signed up to our newsletter. If we have asked for your consent will always offer you the opportunity to withdraw your consent for this processing at any time.
  • Very rarely, we may also need to process personal data in order to protect someone’s vital interests.

3. Who do we share your personal data with?

To keep our business and services running efficiently we may need to share personal data with affiliates and third-party service providers. The types of third parties we use are:

  • Canva affiliates (“Affiliates”) - We may share your information, including personal data with our parent company any Affiliates for general business reporting, to receive or provide services or service features to or from another Affiliate and/or share efficiencies;
  • Billing and Payment providers;
  • Database and content management service providers;
  • AI service providers;
  • Cloud and infrastructure service providers;
  • Security & fraud software or providers;
  • Sales, marketing and data enrichment providers;
  • Feedback and ratings providers;
  • Professional advisors and professional software providers;
  • Auditors, Public Authorities and/or law enforcement;
  • Social Media and advertising partners, if you’ve shared your details, or so we can advertise to find new audiences or to share content you might have created.
  • Law enforcement - We may share your personal data when we believe it is necessary to comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies or protect us, our business or our users, or third parties, for example to enforce our terms of service, prevent spam or other unwanted communications and investigate or protect against fraud or to maintain the security of our Websites, products and services.
  • Merger, acquisition or reorganisation We may also share, sell or transfer your information to third parties in connection with or contemplation of (including as part of the due diligence process) any merger, acquisition, reorganisation, financing, sale of assets, bankruptcy or insolvency event involving Affinity or any portion of our assets, services or businesses.

4. Your rights

The laws of some countries grant particular rights to individuals in respect of personal data. Individuals in certain countries, including the United Kingdom, European Union and Brazil have the right to:

  • Request access to their data
  • Request that we correct inaccuracies in their data
  • Request that their data be deleted or that we restrict processing of it
  • Request a structured electronic version of their data; and
  • Object to particular uses of their data (e.g. for types of processing where we asked for your consent or process it based on our legitimate interests);

If you have concerns about your privacy you can contact us on the details below. We’ll respond as soon as we can and always within statutory timeframes.

5. How to exercise your rights

Should you wish to make a request in respect of your personal data:

  • If you have an Affinity Store account, you can access and correct your personal data by visiting and navigating to your ‘Account Details’ page.
  • If you’re a user of Affinity by Canva/v3, you should contact the controller, Canva, to exercise your rights
  • You can also make a request in respect of your personal data, including requesting the deletion of your account and your personal data, by emailing us dataprotection@serif.com, or writing to us at the following address:
    • Data Protection Manager
    • Serif
    • 12 Wilford Ind Est
    • Nottingham
    • NG11 7EP

For the protection of all our customers, we will take reasonable steps to confirm your identity before providing you with details of any personal data we may hold about you.

Not all of these rights are absolute and in some circumstances Serif will not be able to do what you ask. If so, we’ll always explain why. For example, we may not be able to provide a copy of your data where it infringes on the rights of another user or if you ask us to delete your personal data which we are required by law or have compelling legitimate interests to keep, or where data cannot be disclosed for legal reasons.

If we are unable to resolve your request, or if you are concerned about a potential violation, you may also have the option to report the issue or make a complaint to the data protection authority in your jurisdiction, where applicable.

Please be aware that once deleted, your account will no longer be accessible and cannot be restored so you should ensure that anything that is accessed via your account that you wish to keep is backed up before proceeding.

6. How do we keep personal data secure?

We have implemented and we continually maintain a variety of technical and organisational measures to protect your personal data from unauthorised access and against unlawful processing, accidental loss, destruction, and damage.

It is important for you to remember to protect yourself against unauthorised access by guarding your password. For example, if you use a shared computer, make sure you logout or close your browser whenever you leave the computer.

7. Do we transfer personal data overseas?

Although the data we collect from you is stored in the UK and European Economic Area (“EEA”), we may need to transfer data to our Affiliates and service providers who are located outside the UK and EEA for the purposes described in this Privacy Policy. We will implement measures to transfer your data securely and in accordance with applicable data protection laws.

8. Children

We do not knowingly collect personal data from anyone under the age of 13. If you are a parent or guardian of a child under the age of 13 and believe your child has disclosed personal data to us, please contact us at dataprotection@serif.com.

Where processing of personal data is based on consent, if we learn that this data belongs to someone under the age of 13, we will cease processing and will take reasonable measures to delete the applicable data from our records, unless the consent is provided by a parent or guardian.

9. How long we keep your personal data?

We will retain your personal data for a commercially reasonable time and for as long as we have a valid purpose to do so. In particular, Affinity will retain your personal data for the purpose of complying with its legal and audit obligations, and for backup and archival purposes.

Where this document is translated into a language other than English, in the event of any dispute arising with respect to its interpretation, the English language version shall prevail.

Contact us

If you have any questions about how we look after your personal data you can email us at dataprotection@serif.com We’ll do our best to resolve your concerns, but if you’re still unhappy you may also have the right to refer your complaint to the Data Protection Authority for your country. In the UK this is Information Commissioner at ico.org.uk, or using their helpline telephone number: 0303 1231113.

Our local representative in the EEA is the European Data Protection Office (EDPO) whose registered address is Ground Floor, 71 Lower Baggot Street, Dublin, D02 P593, Ireland.

This browser is no longer supported. Please upgrade your browser to improve your experience. Find out more.