CanvasBT Privacy Policy
Last Updated: December 2025 • Effective: 04 December 2025

Privacy by design, simple and transparent

CanvasBT is built to work locally, with minimal data collection and clear control for you.

UK GDPR DPA 2018 No tracking Local-only processing Encrypted Bluetooth

1. Introduction

CanvasBT (“we,” “us,” “our,” or “the App”) is a product of Inventors Tech Ltd and is committed to protecting your privacy and ensuring you have a positive experience with our application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the CanvasBT App) and associated services.

This Privacy Policy applies to all users of CanvasBT regardless of location, though it is specifically designed to comply with UK data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our App. Your continued use of CanvasBT signifies your acceptance of this Privacy Policy.

2. Information we collect

2.1 Information you do not provide (minimal data collection)

CanvasBT is designed with privacy at its core. We operate on a principle of data minimisation and do not collect personal data unless absolutely necessary for the App to function.

  • Not collected: Personal identification information (name, email address, phone number)
  • Not collected: Location data
  • Not collected: Device identifiers or user tracking data
  • Not collected: Browsing history or usage analytics
  • Not collected: Biometric data

2.2 Permissions required

To provide core functionality, CanvasBT requests the following device permissions:

a) Bluetooth permission

Purpose: To enable secure, direct communication with your CanvasBT e-paper display device

Data processed: Connection metadata only (device pairing information)

Storage: Stored locally on your device only; not transmitted anywhere else

User control: You can revoke this permission at any time via your device settings

b) Storage/Gallery access permission (if used)

Purpose: To allow you to select images from your device’s photo gallery

Data processed: Only images you explicitly select; no metadata is collected

Storage: Your photos remain on your device; processed images are cached locally

User control: You have full control over which images you share with the App

c) Camera permission (if image capture feature used)

Purpose: To capture photos directly within the App

Data processed: Only photos you capture; no camera metadata is retained

Storage: Photos stored locally on your device

User control: You control when the camera is accessed

2.3 Data processing within the app

Local processing

  • Offline: All image processing occurs locally on your device.
  • No exfiltration: Your photos never leave your device through CanvasBT systems.
  • Transmission: Processed entirely offline unless you explicitly initiate upload to your e-paper display.
  • No servers: Images are not transmitted to our servers or any third party.
  • Deletion: Images are deleted from cache when you clear them or uninstall the App.

API keys

If you choose to use AI image generation via OpenAI’s DALL-E, you must provide your own OpenAI API key. We do not store or manage your API credentials. Your key is stored locally on your device only.

3. Lawful basis for processing

3.1 Legitimate interest

  • Functionality: Providing core App functionality (Bluetooth communication)
  • User-directed: Processing your locally-stored images as you direct
  • Direct link: Enabling device-to-display communication without intermediary servers

3.2 Consent

  • Optional features: Third-party services (e.g., image search APIs)
  • Local storage: Retaining processed images on your device
  • Withdrawal: You may withdraw consent at any time via App settings or device permissions

3.3 Contractual necessity

Facilitating the Bluetooth connection between App and display device (part of the service you use).

4. Third-party services

4.1 Image search APIs

Pexels and Pixabay

  • Purpose: Optional free stock image search
  • Data shared: Only search queries you enter; no personal data is transferred
  • Separate privacy: They have their own privacy policies; we are not responsible for their practices
  • No collection: We do not collect, store, or track your search history
  • Control: Image search is optional; you can use only your own photos

OpenAI DALL-E API (optional AI generation)

  • API key: You supply your own OpenAI API key; we do not store it
  • Data shared: Only the prompt you provide; no personal information is sent
  • Processing: Requests go directly to OpenAI’s servers; we do not act as intermediary
  • Terms: Subject to OpenAI’s own terms and privacy policy
  • Your responsibility: Comply with OpenAI’s usage terms and any associated costs
  • No collection: We do not collect or store records of AI generation requests

4.2 No data sharing

  • No selling: We do not sell, rent, or lease personal data to third parties
  • No combining: We do not combine third-party data with personal information
  • Independence: Third-party services operate independently; we only send what you explicitly choose

5. Data storage and retention

5.1 Local device storage

  • Processed images: Cached locally for quick access
  • App settings: Preferences stored locally (e.g., brightness, refresh rate)
  • Bluetooth: Pairing information stored locally

5.2 Data deletion

  • In-app: Use “Clear Cache” or “Reset Data” in settings
  • Uninstall: Removes all locally-stored data
  • Permissions: Manage via device Settings

Important: Once deleted, data cannot be recovered. Deletion is permanent and irreversible.

5.3 Data retention policy

  • Local image cache: Retained until you clear it or uninstall
  • Bluetooth pairing: Retained; deleted if you unpair
  • App settings: Retained unless cleared or device reset
  • API keys: Stored locally; not backed up to cloud

6. Data security

6.1 Security measures

Local processing

  • On-device: All image processing is on your device
  • No servers: We do not store, process, or access your images

Bluetooth security

  • Encrypted: Direct, encrypted connection
  • No intermediaries: Point-to-point communication
  • User initiation: Pairing requires explicit action; you control connections

Cryptographic protection

  • Device encryption: Benefits from built-in encryption (if enabled)
  • HTTPS: API communication uses industry-standard HTTPS
  • Secrets: API keys stored in secure storage when available

Access controls

  • Local-only: Only your device can access stored data
  • Third-party scope: Services only access data you explicitly send
  • No cloud: No cloud backup of personal data

6.2 Security limitations

While we implement reasonable security measures, no system is completely secure. We cannot guarantee absolute security. You are responsible for:

  • Updates: Keeping your device OS updated
  • Lock: Using a PIN or biometric lock
  • Permissions: Revoking App permissions if you stop using features
  • API usage: Monitoring your OpenAI usage if you use the AI feature

7. Your data protection rights

7.1 Right of access (Article 15)

You can request what personal data we hold about you. As we collect minimal data and store it locally on your device, you have direct access to all data we process through your device settings.

7.2 Right of erasure (Article 17)

You can request deletion of your data. You can exercise this right immediately by clearing the App cache, uninstalling the App, or resetting your device.

7.3 Right to rectification (Article 16)

You can correct inaccurate data. As we store minimal personal data, this right is limited in scope.

7.4 Right to restrict processing (Article 18)

You can restrict processing by revoking permissions, disabling features, or not providing optional information.

7.5 Right to data portability (Article 20)

You can request your data in a portable format. Your image cache and app settings can be accessed directly on your device.

7.6 Right to object (Article 21)

You can object to processing by uninstalling the App or disabling permissions.

7.7 Right not to be subject to automated decision-making (Article 22)

CanvasBT does not use automated decision-making or profiling.

8. Children’s privacy

CanvasBT welcomes users of all ages. The app collects no personal data from any users and processes all images locally on your device with zero data collection or transmission to our servers. Children can safely display their artwork on e-paper displays.

Zero privacy risk: Parents can use CanvasBT with confidence knowing no personal information is collected or stored.

9. International data transfers

9.1 Third-party service locations

When you use optional features (Pexels, Pixabay, OpenAI), your data may be transferred to the United States or other countries where these services operate because you explicitly request the service and the service is located outside the UK.

9.2 Data protection adequacy

  • OpenAI (USA): Relies on Standard Contractual Clauses (SCCs) and additional safeguards for UK/EU data
  • Pexels & Pixabay: Have their own data transfer mechanisms; refer to their privacy policies

9.3 Your control

You control whether data is transferred by choosing whether to use these optional features.

10. Cookies and tracking technologies

10.1 App-based tracking

CanvasBT does not use cookies, tracking pixels, or other tracking technologies.

10.2 PECR compliance

As we do not deploy tracking technologies, the Privacy and Electronic Communications Regulations (PECR) do not materially apply to the App itself.

10.3 Third-party service tracking

When you use Pexels, Pixabay, or OpenAI through the App, those services may deploy tracking technologies according to their own privacy policies. We are not responsible for their tracking practices.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the “Last Updated” date, notify you through the App or via other reasonable means, and request your consent if required by law. Your continued use of CanvasBT following publication of changes constitutes acceptance of the revised Privacy Policy.

12. Contact us

CanvasBT Privacy Support

Website: https://inventorstech.io/index.php/contact-us/

Email: info@inventorstech.io

Response time: We aim to respond to data protection inquiries within 30 days.

13. Your right to lodge a complaint

If you believe CanvasBT has violated your data protection rights, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s independent authority for data protection:

  • Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom
  • Website: https://ico.org.uk/
  • Phone: 0303 123 1113 (local rate)
  • Email: casework@ico.org.uk

You also have the right to lodge a complaint with a supervisory authority in any EU/EEA member state where you reside or work.

14. Data Protection Officer

If you have enquiries about our data protection practices or wish to make a formal request under your data protection rights, you may direct these to:

Email: info@inventorstech.io

15. Glossary of terms

Term Definition
Personal Data Any information relating to an identified or identifiable natural person
Processing Any operation on personal data (collection, storage, use, transmission, deletion)
Data Controller The entity that determines the purposes and means of processing personal data (Inventors Tech Ltd is the data controller)
Data Subject The individual to whom personal data relates (you, the user)
UK GDPR The General Data Protection Regulation as retained in UK law after Brexit
DPA 2018 The Data Protection Act 2018 (UK national data protection legislation)
Lawful Basis The legal justification for processing personal data under Article 6 of the UK GDPR
Special Category Data Sensitive personal data including racial/ethnic origin, religious beliefs, health data, biometric data

16. Supplementary information

16.1 What we don’t do

  • We do not sell or share user data
  • We do not build user profiles or use behavioural analytics
  • We do not embed third-party tracking or analytics SDKs
  • We do not access your contacts, calendar, or other private device data
  • We do not maintain servers collecting user information
  • We do not conduct automated profiling or decision-making
  • We do not use your data for marketing purposes

16.2 Data Protection Impact Assessment (DPIA)

Given the minimal data collection, limited processing, and strong privacy-by-design approach of CanvasBT, a formal DPIA is not required. However, we remain committed to assessing privacy risks during product development.

16.3 Data retention summary table

Data type Retention period Storage location Deletion method
Processed Images Until cleared by user Device cache App settings or uninstall
App Settings Until cleared by user Local device storage App settings or device reset
Bluetooth Pairing Data Until unpaired Local device storage Unpair device or reset App
Search Queries Not retained Not stored N/A (real-time only)
API Keys Until cleared by user Local device storage (secure storage if available) App settings or device reset
Third-Party Data Per third-party policy Third-party servers Contact third-party service
Thank you for using CanvasBT. We believe privacy is not a feature — it’s a fundamental right.