Invite-based access
Canvases are private spaces. Members join through account sign-in and secure invite flows, and content is intended only for members of that canvas.
Security and privacy
Private by invite. Clear about the boundaries.
WeCanvas is built for small trusted groups, not public broadcasting. This page explains the protections in place today and the limits we do not want to overstate.
Account and data controls
WeCanvas uses Supabase for authentication and data storage. Server-side checks and database row-level security are used to limit access to user and canvas data.
SMS consent
Phone numbers are used for WeCanvas SMS only after the phone owner opts in. Members can reply STOP to opt out and HELP for support.
What WeCanvas protects
- Canvas posts, photos, voice notes, and shared context are not public social posts.
- Invited members do not pay to join a canvas.
- Payment details, when billing is active, are processed by Stripe. WeCanvas does not store full card numbers.
- Public routes are separated from internal scripts, tests, verification reports, and admin cleanup tooling.
- Production pages use security headers such as frame protection, content-type protection, and restricted browser permissions.
Important limits
WeCanvas is still in beta. We do not currently claim SOC 2 certification, HIPAA compliance, end-to-end encryption, formal penetration testing, or zero-risk security. If any of those become true later, this page will be updated with specific evidence.
No online service can guarantee perfect security. If you believe you found a security issue, email hello@ourcanvasspace.com with enough detail for us to investigate.
Questions about privacy or security?
We would rather answer clearly than overpromise. Reach out before adding sensitive information to a canvas if you are unsure.
Contact WeCanvas