Cloud World Model
    Back to Home

    Privacy Policy

    Effective date: May 11, 2026

    1. Overview

    Cloud World Model ("the Platform") is a product of Canvas Cloud AI. This Privacy Policy explains what information we collect when you use the Platform, how we use it, and the choices you have. By accessing or using the Platform you agree to the practices described here.

    2. Information We Collect

    • Account & API key data — when you generate an API key we store a hashed version of the key, a display prefix, the scopes you requested, and optional metadata you supply.
    • Simulation data — scenario definitions, resource configurations, traffic patterns, failure injections, metrics, and events that you create or run on the Platform.
    • Usage & log data — server-side request logs including IP address, request path, HTTP method, response status, and timestamps. These are used for security monitoring, debugging, and rate limiting.
    • Webhook configuration — callback URLs and HMAC secrets you register for asynchronous job notifications.
    • Browser data — standard browser telemetry such as page load timing, screen size, and browser type collected by our hosting provider (Replit).

    We do not collect payment card data, government identifiers, or sensitive personal health information.

    3. How We Use Your Information

    • Operate and improve the simulation engine and APIs.
    • Authenticate API requests and enforce rate limits.
    • Detect abuse, fraud, and security threats.
    • Send job-completion webhook callbacks to URLs you configure.
    • Generate AI-powered explanations of simulation results via OpenAI (see Section 5).
    • Comply with legal obligations.

    4. Sharing of Information

    We do not sell your data. We share information only in the following limited circumstances:

    • Service providers — Replit (hosting & infrastructure) and other vendors necessary to operate the Platform, bound by confidentiality obligations.
    • OpenAI — simulation context (resource types, metrics, and event descriptions) is sent to OpenAI to generate explanations. Responses are treated as untrusted text. No API keys or personal identifiers are included in prompts.
    • Legal requirements — if required by law, regulation, court order, or to protect the rights and safety of Canvas Cloud AI and its users.

    5. Data Retention

    Simulation data and API key metadata are stored in-memory and are not persisted across server restarts unless database persistence is explicitly enabled for your deployment. Log data is retained for up to 90 days. You may delete your simulation data at any time via the API.

    6. Security

    API keys are stored as bcrypt hashes; raw key values are shown only once at creation time. Webhook callbacks are signed with HMAC-SHA256. All traffic is protected by TLS. Despite these measures, no system is perfectly secure and you use the Platform at your own risk.

    7. Your Rights & Choices

    Depending on your jurisdiction you may have rights to access, correct, or delete personal data we hold about you. To exercise these rights, or to ask a question about this policy, contact us at:

    Canvas Cloud AI
    Email: privacy@canvascloud.ai

    8. Children

    The Platform is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.

    9. Changes to This Policy

    We may update this policy from time to time. Material changes will be announced on the Platform. Continued use of the Platform after the effective date of any change constitutes your acceptance of the revised policy.

    See also: Terms of Service