Privacy Policy
Last updated: May 2026
Introduction
This Privacy Policy governs the privacy practices for the TypeGradient app, TypeCutOut app, TypeExtrude app, TypeLettering app, TypeStudio app, TypeCraft app, Vectorify app, Video FX Studio app, Figma to Canva app, and any other application developed by © Pixel Tinkers (referred to as "the Apps"). This policy explains how we handle information collected, processed, or generated through the use of the Apps.
We are committed to being transparent about the data we handle and to keeping your information safe. Please read this policy carefully so you understand what we collect, why, and the choices available to you.
For information about reporting security vulnerabilities, see our Security Policy.
Information Collection
Apps that run entirely inside Canva
Most of our Apps are designed to work without requiring you to create a Pixel Tinkers account. For these Apps, we do not collect personally identifiable information, do not track or store user sessions on our servers, and do not use advertising cookies or similar tracking for marketing purposes.
Design content you create stays within the Canva environment according to Canva's own terms and privacy practices.
Account-based Apps
Certain Apps require you to sign in before you can use them. When this is the case, we use trusted third-party authentication providers to verify your identity. The sign-in process is handled by the authentication provider; we never see, receive, or store your password.
Figma to Canva currently supports:
- Google Sign-In — used in the Figma plugin
- Canva OAuth — used in the Canva companion app
When you sign in, we may receive and store the following information from the authentication provider:
- Email address — used to identify your account and associate your data within the App (when provided by the provider or voluntarily by you; see below)
- Display name and profile photo — used to personalize your experience inside the App
- Unique user identifier — a technical ID provided by the authentication service, used to match your session across visits
- OAuth tokens — access and refresh tokens required to keep you signed in and to call platform APIs on your behalf (stored securely; we do not store passwords)
You may also voluntarily provide an email address in the Figma plugin if one was not supplied by Google, for account identification and support.
We may store technical session data (such as IP address and browser user agent) for security, fraud prevention, and session management.
Figma to Canva — Design Export Data
Figma to Canva is different from our other Apps because it uses a hosted backend to transfer your design from Figma to Canva. When you use this App, data read or derived from the Figma Plugin API may be sent to our servers.
Backend hostname: figma-canva-backend.pixeltinkers.workers.dev
What we collect and store
| Data type | Description | Retention |
|---|---|---|
| Export metadata | Design structure derived from your Figma selection (e.g. layout, text content, styles, element properties) needed to recreate the design in Canva | 24 hours after export creation, then automatically deleted |
| Export assets | Images (PNG, JPEG, or SVG) generated from your Figma layers | 24 hours after export creation, then automatically deleted |
| Cover image | A preview thumbnail of your export (if generated) | 24 hours, same as the export |
| Export listing | Export name, status, page count, asset count, and timestamps | 24 hours, same as the export |
| Pairing codes | Short-lived codes used to link your Figma account to the Canva app | Until used or expired (short TTL) |
| Account information | As described in Account-based Apps above | While your account is active; deleted on request |
Exports are accessible only to the authenticated user who created them. You can delete an export before it expires where the App provides that option.
What we do not do with export data
- We do not sell, rent, or share your export content with advertisers or data brokers
- We do not use your Figma or Canva design content for advertising or unrelated profiling
- We do not retain export metadata or assets beyond the 24-hour window except where required for security logs or legal compliance
How the transfer works
- In Figma, the plugin reads your selected frame(s) via the Figma Plugin API and builds an export.
- Export metadata and assets are uploaded to our backend over HTTPS.
- In Canva, the companion app retrieves your export using your authenticated session so you can import it into a design.
How We Use Your Information
Personal information and export data are used exclusively for the following purposes:
- Providing the Apps — including authentication, export transfer, import into Canva, and restoring your account state when you return
- Account matching — to recognize you across the Figma plugin and Canva companion app (e.g. via pairing codes)
- Debugging and support — to investigate and resolve technical issues or errors you may encounter
- Service reliability — aggregated usage metrics (e.g. export completed, pairing linked) to monitor performance and improve the Apps; these metrics do not include your full design file content
- Service communications — to occasionally reach out with important updates, changes, or announcements related to the Apps you use. We will not send marketing or promotional emails unrelated to our Apps
We do not sell, rent, or share your personal information with advertisers or data brokers. We do not use your data for behavioral advertising or any purpose other than those listed above.
Data Retention & Deletion
| Data category | Retention period |
|---|---|
| Figma to Canva exports (metadata, assets, cover images) | 24 hours from creation, then automatic deletion |
| Pairing codes | Short-lived; deleted when used or expired |
| Account information (profile, OAuth tokens, sessions) | While your account is active and as needed to provide the Apps |
| Usage analytics events | Retained in aggregated form per our infrastructure provider's policies |
If you would like to request deletion of your personal data or account, contact us at products@pixeltinkers.io and we will process your request promptly.
Data Security
We take data security seriously. We implement industry-standard measures—including encrypted connections (HTTPS) and secure cloud storage—to protect the integrity and confidentiality of information we handle.
Because we rely on established third-party authentication providers and never store passwords, credential exposure through our authentication flow is limited to industry-standard OAuth token handling.
For details on how to report security issues, see our Security Policy.
Third-Party Services & Subprocessors
Our Apps integrate with third-party services and platforms. These providers have their own privacy policies and data-handling practices. We work with reputable providers who follow industry standards for privacy and data protection.
The following third parties are relevant to Figma to Canva and our hosted backend:
| Provider | Role |
|---|---|
| Figma | Platform where the export plugin runs; subject to Figma's privacy policy |
| Canva | Platform where the companion app runs and designs are imported; subject to Canva's privacy policy |
| Sign-in for the Figma plugin; subject to Google's privacy policy | |
| Cloudflare | Hosting (Workers), database (D1), object storage (R2), and real-time infrastructure for our backend |
| Sentry | Error monitoring and crash reporting for the Figma plugin and Canva companion app (we configure it to avoid sending authorization credentials in error reports) |
Other Apps may use only Canva and, where applicable, services required by the Canva Apps SDK.
We encourage you to review the privacy policies of any third-party services you access through our Apps.
Analytics & Error Monitoring
For Figma to Canva, we log aggregated usage events on our backend (for example: export created, export completed, pairing completed, WebSocket connected). These events are associated with a technical user identifier and may include non-content metadata such as export ID, duration, or asset counts. They do not include the full text or visual content of your design.
We use Sentry to collect error and diagnostic information when the Apps encounter failures. This helps us fix bugs. We take steps to reduce sensitive data in error reports (for example, stripping authorization headers where applicable).
We do not use these tools for advertising or to build marketing profiles.
Cookies & Similar Technologies
Our simple Canva Apps generally do not use advertising cookies.
Account-based Apps (including Figma to Canva) use session tokens and similar mechanisms strictly for authentication and to keep you signed in. These are essential to the service, not used for cross-site advertising.
International Data Transfers
Pixel Tinkers is based in the United States. If you use the Apps from other regions, your information may be processed in the United States and in other countries where our infrastructure providers (such as Cloudflare) operate data centers. We rely on our providers' contractual and technical safeguards for cross-border transfers.
Your Rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data
- Withdraw consent to data processing where consent is the legal basis
- Object to or restrict certain processing, where applicable by law
To exercise any of these rights, contact us at products@pixeltinkers.io. We will respond within a reasonable timeframe.
If you are in the European Economic Area or United Kingdom, you may also have the right to lodge a complaint with your local data protection authority.
Legal Bases for Processing (EEA / UK)
Where applicable, we process personal data on the following bases:
- Contract — to provide the Apps and export transfer service you request
- Legitimate interests — to secure our services, prevent abuse, and improve reliability (balanced against your rights)
- Consent — where you voluntarily provide information (e.g. optional email) or where required by law
Children's Privacy
The Apps are not intended for use by children under the age of 13. We do not knowingly collect personal information from children. If you believe that a child under 13 has provided us with personal information, please contact us immediately at products@pixeltinkers.io so that we can promptly remove such information.
Changes to This Privacy Policy
We may update or modify this Privacy Policy from time to time. Any changes will be effective upon posting the revised version on our website or within the Apps. The "Last updated" date at the top will reflect the most recent revision. We encourage you to review this Privacy Policy periodically.
Contact Us
We value your feedback, questions, and concerns. If you have any inquiries about this Privacy Policy or how we handle your data, please reach out to us at products@pixeltinkers.io. We will make every effort to respond promptly.
Conclusion
This Privacy Policy describes how Pixel Tinkers handles information in connection with the TypeGradient app, TypeCutOut app, TypeExtrude app, TypeLettering app, TypeStudio app, TypeCraft app, Vectorify app, Video FX Studio app, Figma to Canva app, or any other application developed by Pixel Tinkers. If you do not agree to these terms, please refrain from using the Apps.
© Pixel Tinkers. All rights reserved.