Dr. Phillip Ward, Canva
When data retention fails, companies face regulatory scrutiny and customer distrust. At Canva's scale, manual compliance audits are not viable and the engineering effort required for building and ongoing maintenance are unsustainable. When we refreshed our internal data policies, we saw an opportunity for change. We re-architected retention from the ground up to coordinate and evidence deleting data.
We delivered a new retention framework that required few lines of code per service, and scales across the thousands of storage instances at Canva. The new design prioritises direct measurement of compliance, and minimal engineering effort. The approach decoupled policy from implementation, and isolated domain-specific data knowledge to individual services. Despite it's simplicity, it supports daily audits, logging, chaining, and zero-code policy changes.
In this talk, I will discuss the design choices that underpin this novel approach to retention.
This work includes fantastic contributions from Xushen Ma, Jessica Hu, Saeed Attar, and many other colleagues at Canva.
Dr. Phillip Ward is the Lead of Privacy Engineering at Canva, specializing in privacy technology with over a decade of experience in software engineering, data science, and computer science. He leads a team focused on creating privacy-enabling infrastructure for the rapidly growing tech company. His team develops innovative solutions for automating risk and audit functions, simplifying compliance for employees, and empowering customers to control their data and experiences. Dr Ward has diverse experience across hydrological modeling, neuroscience, financial services, physiology, data science and software engineering, and he holds university degrees in maths, physics, computer science, and biomedical imaging.
author = {Dr. Phillip Ward},
title = {How Canva Built Simple, Auditable, and Maintainable Data Retention},
year = {2026},
address = {Santa Clara, CA},
publisher = {USENIX Association},
month = jun
}
