top of page

Privacy Policy

CardCue for Canvas Course Cards — Last updated: April 4, 2026

 

Summary: This extension does not collect, transmit, or share any of your personal data.  Everything stays in your browser.

What Data Does This Extension Access?

CardCue accesses data from your Canvas LMS instance using the Canvas REST API. This includes:

  • Your course enrollments and grades

  • Assignment names, due dates, and submission statuses

  • Quiz information

  • Your custom course color preferences

This is the same data that is already displayed on your Canvas dashboard. The extension simply presents it in an enhanced format.

 

How Is Your Data Used?

All data is fetched directly from your Canvas instance (e.g., yourschool.instructure.com) and processed entirely within your browser. The extension uses this data solely to enhance your dashboard view with grades, schedules, and assignment information.

 

What Data Is Stored?

The only data stored locally (using Chrome's storage API) is a list of custom Canvas domains you have enabled through the extension popup. This is a simple list of website addresses (e.g., "canvas.yourschool.edu") and contains no personal information.

No course data, grades, assignment information, or personal details are stored persistently.

Data Sharing and Third Parties

This extension does not:

  • Send any data to external servers

  • Use analytics or tracking services

  • Share data with any third parties

  • Include advertisements

  • Use cookies

 

Network Requests

The extension only makes network requests to your Canvas LMS instance (*.instructure.com or your custom Canvas domain). It does not communicate with any other servers.

 

Permissions Explained

  • Host permissions (*.instructure.com): Required to access the Canvas API on your school's Canvas site to fetch course and assignment data.

  • Storage: Used to save the list of custom Canvas domains you have enabled. No personal data is stored.

  • ActiveTab and Scripting: Used to enable the extension on custom Canvas domains when you explicitly click the "Enable on this Canvas site" button.

  • Optional host permissions: Requested only when you choose to enable a custom (non-instructure.com) Canvas domain.

 

Data Security

Because no data leaves your browser, there is no risk of data interception or unauthorized access through this extension. Your Canvas session authentication is handled entirely by your browser and Canvas — this extension does not access or store your credentials.

 

Children's Privacy

This extension does not knowingly collect any personal information from anyone, including children under the age of 13.

 

Changes to This Policy

If this privacy policy is updated, the changes will be reflected on this page with an updated date. Significant changes will be noted in the extension's changelog.

Contact

If you have any questions about this privacy policy or the extension's data practices, please reach out through the Chrome Web Store support tab for this extension.

bottom of page