Last updated: May 30, 2026
Privacy Policy
Canopy is operated by Canopy Technologies, Inc. (“Canopy,” “we,” “us,” or “our”). This policy explains what information we collect, how we use it, and your rights under California law.
1. Information we collect
Account information. When you create a Canopy account, we collect your name, work email address, and firm name.
Contact inquiries. If you submit our contact form, we collect your name, firm name, and message.
Firm and project data. To operate the platform, we store the projects, clients, documents, and deliverables your firm creates and uploads.
Usage and log data. We collect server logs, error reports, and product analytics to operate and improve the service. This may include IP address, browser type, pages visited, and actions taken in the application.
Billing information. Subscription billing is handled by Stripe. We do not store full payment card numbers. We receive and store subscription status, plan tier, and billing email.
Client portal access. When a document is delivered to your clients via the Canopy portal, we log the delivery event and access timestamp. Client portal sessions use cryptographically signed cookies and do not require client account creation.
2. How we use your information
- — To provide, operate, and maintain the Canopy platform
- — To process and deliver compliance documents on your behalf
- — To send transactional emails (delivery notifications, team invites, account activity)
- — To generate AI-assisted project history queries, scoped to your firm's data only
- — To process subscription billing
- — To detect and prevent fraud, abuse, and security incidents
- — To respond to support requests and contact form inquiries
- — To comply with legal obligations
We do not sell your personal information. We do not use your firm's project data to train AI models for other customers.
3. Third-party processors
We share data with the following sub-processors to operate the service:
| Processor | Purpose |
|---|---|
| Supabase | Database, authentication, and file storage |
| Anthropic | AI-assisted project history queries (server-side only; your data is not used to train Anthropic models) |
| Stripe | Subscription billing |
| Resend | Transactional email delivery |
| Vercel | Application hosting and deployment |
| Sentry | Error monitoring |
4. Data retention
We retain account data for the duration of your subscription and for 90 days following cancellation, after which it is deleted. Audit logs and delivery certificates are retained for 7 years to support your firm's regulatory compliance obligations. You may request earlier deletion of personal data subject to applicable law.
5. Security
Canopy uses industry-standard security practices including TLS encryption in transit, encrypted storage at rest, row-level security enforced at the database layer, HMAC-signed session tokens, and SHA-256 document fingerprinting. We conduct periodic security reviews. No system is perfectly secure; if you discover a vulnerability, please contact us at security@canopy.app.
6. Your rights under California law (CCPA/CPRA)
California residents have the right to:
- — Know what personal information we collect and how it is used
- — Delete personal information we hold about you
- — Correct inaccurate personal information
- — Opt out of the sale or sharing of personal information (we do not sell or share personal information)
- — Non-discrimination for exercising your privacy rights
To exercise these rights, contact us at privacy@canopy.app or use the deletion request form below.
7. Cookies
Canopy uses strictly necessary cookies to maintain authenticated staff sessions and signed client portal sessions. We do not use third-party advertising cookies. If we add analytics that use cookies, we will update this policy and, where required, request your consent.
8. Changes to this policy
We may update this policy from time to time. Material changes will be communicated by email to account holders at least 14 days before taking effect. Continued use of the service after that date constitutes acceptance of the updated policy.
9. Contact
Questions about this policy? Email privacy@canopy.app.
Request data deletion
Enter the email address associated with your account. We will process your request within 30 days.