Local-first stays the default
Canvascope stores its core LMS search index in browser-local storage. The website reflects synced data only after you explicitly sign in or sync a document through connected product flows.
Privacy policy
This Privacy Policy explains how the Canvascope application and website (collectively, “Canvascope,” the “Service”), operated by Canvascope Inc., accesses, uses, stores, shares, retains, and protects your data, including data obtained from your Google Account. Canvascope is local-first where that matters most: course indexing, fast search, and day-to-day retrieval. Connected web and document workflows exist to support you, not to turn academic behavior into an analytics funnel.
Last updated: July 2, 2026
Canvascope stores its core LMS search index in browser-local storage. The website reflects synced data only after you explicitly sign in or sync a document through connected product flows.
When you sign in, the web app reads shared records such as course snapshots, document handoff metadata, Course Brain artifacts, and student profile facts. These records support the product itself rather than a tracking or advertising business model.
The extension tries Chrome's on-device model first. If cloud fallback is used, retrieved prompt context is sent through authenticated Canvascope endpoints only to generate the requested answer.
The website uses the same shared account system as Canvascope and Lectra. Access to synced records stays scoped to the signed-in user, protected by secure access controls, and hardened by cross-account protection events.
If you use syllabus or planner calendar sync, Canvascope may request Google Calendar event access so selected course dates can be written to your calendar. Core search does not require it.
Canvascope is developed and operated by Canvascope Inc. This policy applies to the Canvascope browser extension, the Canvascope website and web app, the Lectra Notes app distributed on the Apple App Store, and the Lectra-connected workflows that share the same account system. If you have any questions about this policy or your data, contact us at canvascopeextension@gmail.com.
When you choose to sign in with Google for account-linked product features, we request the limited OpenID Connect scopes openid, email, and profile. Through these scopes we access and collect the following Google user data:
If you choose to use Canvascope's syllabus or planner calendar sync features, we may also request https://www.googleapis.com/auth/calendar.events so Canvascope can create selected course schedule events in Google Calendar. For that feature, we may store Google OAuth tokens needed to keep calendar writes working until you disconnect access or the tokens expire.
We do not request or access your Gmail messages, Google Drive files, Google Classroom data, contacts, or broad calendar read/write scopes beyond the event-level access described above. We only receive data you explicitly authorize during the Google consent flow.
We use the Google user data described above solely to provide and improve user-facing features of Canvascope. Specifically, we use it to:
We do not use Google user data for advertising, targeted or personalized ads, retargeting, profiling, selling to data brokers or information resellers, determining credit-worthiness, lending, building independent databases, or training, developing, or improving generalized artificial intelligence or machine learning models. Canvascope’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
To support connected study workflows, help you organize assignments, and build your Student Profile, the Canvascope browser extension reads, stores, and syncs clipboard activity.
Specifically, when you copy, cut, or paste content on Canvas, Brightspace, or other sites and applications, or when you load a page, the extension may capture the raw text currently in your clipboard (capped at 4,000 characters per entry for storage and sync limits). This raw text is stored securely in your browser-local storage and synced to our database under the same secure sync path used for your grades, notes, and tasks.
We capture the actual text so that future features can reason over how you copy and study (such as which excerpts or phrasing you reference) to suggest similar resources later. The raw text is processed locally on your device to derive a content-light, privacy-preserving assignment_engagement summary for your Student Profile. This derived summary itself never contains the raw clipboard text. We do not use the raw clipboard text or any other user content to train, develop, or improve generalized AI or machine learning models.
We do not sell your Google user data or any other personal data, and we do not transfer or disclose it to third parties for purposes other than providing or improving the Service. We share data only in the following limited circumstances:
Security procedures are in place to protect the confidentiality of your data. We use encryption in transit (HTTPS/TLS) for all data exchanged with Google and our servers, and your session is carried in a signed, secure, HTTP-only cookie. Access to synced records is scoped to the authenticated user and protected by secure access controls. When Google Cross-Account Protection sends a valid account-risk event, Canvascope can revoke affected sessions and, for disabled accounts, block future token issuance until the account is re-enabled. We restrict internal access to personal data to what is necessary to operate and support the Service.
Lectra Notes is the Apple App Store app from Canvascope for iPhone and iPad. You sign in to Lectra with the same Canvascope account, using Sign in with Apple or Google, and Lectra lets you receive course PDFs, read them, annotate them by hand with Apple Pencil, and use a local Projects workspace with an editor, terminal, Git, Python, optional GitHub linking, and optional SSH connections that you start yourself. The sections below describe Lectra’s data practices specifically and map them to the data types Apple uses in App Store privacy (“Nutrition”) labels. Lectra contains no third-party advertising, analytics, or tracking SDKs.
Consistent with Apple’s App Store privacy categories, Lectra collects the following data, and only to operate the app’s features (“App Functionality”). Each type is linked to your identity because it is stored under your authenticated account:
To deliver documents in near real time, Lectra also registers an Apple Push Notification service (APNs) device token, your device’s name (for example, “Jordan’s iPad”), and the device identifier above with our Supabase backend. These are used solely to wake the app and fetch your pending documents.
Lectra does not request or collect your precise or coarse location, contacts, photo library, camera, microphone, health or fitness data, financial information, Safari/browser browsing history, or advertising data. Lectra does not include in-app purchases or collect purchase history.
Under Apple’s data-use definitions, Lectra uses the data above for App Functionality only: authenticating you, delivering and syncing your documents and annotations, registering your device for notifications, letting you edit local project files, connecting to GitHub when you choose to link it, and providing support. Some on-device study features personalize what you see (for example, generating a summary of the document in front of you), but this personalization happens on your device, as described below.
Lectra does not use your data for Third-Party Advertising, for our own Advertising or Marketing, or for cross-app/cross-site Analytics, and we do not sell your data or share it with data brokers.
Lectra’s study tools, summaries, flashcards, tags, and answers, run on-device using Apple’s on-device Foundation Models (Apple Intelligence) when your device supports them. The text of your documents is processed privately on your device to generate these results. Lectra does not send your document contents to Canvascope servers or to any third party to power these features, and your content is not used to train, develop, or improve any generalized AI or machine-learning models. If a device or OS does not support Apple Intelligence, these features are simply unavailable rather than routed off device.
Lectra Projects is an optional local developer workspace inside the app. Project files, terminal history, Git metadata, and notebooks stay inside Lectra’s app sandbox unless you explicitly sync, export, or push them somewhere else.
If you connect GitHub, Lectra uses GitHub OAuth through the shared Canvascope account system or a personal access token you enter. The resulting GitHub token is stored in the iOS Keychain and attached only to requests made to GitHub so you can browse repositories, clone, pull, commit, and push. You can disconnect GitHub from Lectra, and GitHub access is also subject to GitHub’s own terms and privacy policy.
If you use SSH in the terminal, you enter the host, username, and credentials yourself. SSH passwords are used for the connection attempt and are not stored by Lectra. Known-host records are stored locally to warn if a host key changes. When you connect to a local network host, iPadOS may ask for local network permission; Lectra uses that access only for the user-entered development host or local service.
Sign in with Apple. Lectra offers Sign in with Apple and requests only your name and email. You may choose to hide your email with Apple’s private relay; we never receive more than what you authorize during the Apple sign-in flow.
iCloud. If you enable cloud sync or backup, Lectra can store recovery snapshots of your documents in your own private iCloud (CloudDocuments) container. This data lives in your personal iCloud account under Apple’s control; we do not separately collect or read your iCloud backups.
Push notifications. Lectra uses Apple Push Notification service to know when new documents are waiting. You can turn notifications off at any time in iOS Settings; document delivery then falls back to checking when you open the app.
Lectra does not track you as Apple defines tracking. We do not link your data with third-party data for targeted advertising or advertising measurement, we do not share your data with data brokers, and Lectra contains no advertising identifier (IDFA) usage and no third-party advertising or analytics SDKs. Because Lectra does not track you, it does not present the App Tracking Transparency prompt.
In line with Apple’s account-deletion requirement, Lectra lets you permanently delete your account directly in the app from Account Settings. Account deletion runs a secure server-side function that removes your account and the associated server-side data, then signs you out and clears Lectra’s on-device data for that account. You can also sign out to clear the active session, or email us to request deletion, as described next.
We retain your account and Google user data only for as long as needed to provide the Service and fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law. When the retention period expires, or when data is no longer needed, we delete or anonymize it.
You may sign out at any time to clear your active session. You may also request access to, correction of, or deletion of your personal data, including the Google user data, Google Calendar tokens, and synced product data associated with your account, by emailing us at canvascopeextension@gmail.com. Upon a verified request, we will delete your account data within a reasonable period, except where retention is required by law. You can also revoke Canvascope’s access to your Google Account at any time from your Google Account permissions page.
We may update this Privacy Policy from time to time. If we change how we use Google user data, we will update this page and revise the “Last updated” date above, and where appropriate we will notify you within the product. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
For any questions, concerns, or requests regarding this Privacy Policy or your data, contact Canvascope Inc. at canvascopeextension@gmail.com.