Privacy Policy

Last Updated: December 1, 2025

Mosaic Manufacturing Ltd. (“Mosaic” or “we”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our websites, software platforms, and other services. It applies to information collected through:

• Mosaic Websites: e.g., our main site (mosaicmfg.com), support portal, online store, and any subdomains.
• Canvas Software Platform: Both the web-based Canvas platform and Canvas Desktop application, and any related cloud services.
• Mosaic Hardware and Digital Services: Information gathered through device connectivity (e.g., if a Mosaic printer connects to our cloud), mobile applications, customer support interactions, marketing events, and any online forms or communications with us.

By using Mosaic’s sites or services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please refrain from using our services. We may update this Policy periodically to reflect changes in our practices or to remain compliant with laws (we will indicate the “Last Updated” date above and notify you of significant changes).

1. Information We Collect

We collect personal information (“PI”) that you provide to us directly, information collected automatically through your use of our services, and information from third parties as described below.

1.1 Information You Provide

• Account and Contact Data: When you create an account on Canvas or make a purchase, we may collect your name, email address, phone number, mailing address, company/organization name, and account login credentials. For example, signing up for a Canvas account requires an email and password, and optionally your name and organization.
• Order and Payment Information: If you purchase products or services from us, we (or our payment processors) collect payment details such as credit card number, billing and shipping address. Payment card data is processed via our trusted third-party payment processor (e.g., Shopify Payments, PayPal) – Mosaic itself does not store full credit card numbers
• We keep records of your purchases and transaction history (products ordered, dates, amounts) for accounting and support.
• Support and Communications: If you contact Mosaic for support or with inquiries (via email, chat, phone, or our support portal), we collect the information you choose to give us. This may include your contact details, a description of the issue, and any screenshots or diagnostic data you send. We will assign you a support ticket number and log the communication. We also collect any feedback you provide (such as responses to surveys or user research).
• User Content: On certain parts of our platform (forums, Canvas community features, or when you upload model files for printing services or sample requests), you may submit content that could include personal information or be attributable to you. For example, if you request a custom sample print, you might upload a 3D model file. Any personal data included in such user-submitted content will be processed as part of our service to you. We urge you to avoid submitting unnecessary personal data in models or forum posts.
• Job Applications: If you apply for a job with Mosaic via our site, we collect the information you provide in your application, such as your resume/CV, contact details, employment history, etc. This is used for recruitment purposes only.

1.2 Information We Collect Automatically

When you use our websites or connected devices, we automatically collect certain technical information (“Navigational Information” and “Analytics Information”) as follows:

• Device and Usage Data: We collect details about your browser or device when you access our site or Canvas platform, such as IP address, device type, operating system, browser type, and settings
• We also log usage data: dates/times of visits, pages viewed, links clicked, and the page that referred you to our site. For Canvas and device usage, our systems may log events like when you start a print, any error codes, and performance metrics of the printer (e.g., temperature, print duration)
• Cookies & Similar Tech: We use cookies, web beacons, and similar tracking technologies to collect information about your interactions with our websites and services
• Cookies are small text files stored on your device. They help us remember your preferences (e.g., your login session, shopping cart contents) and understand usage patterns. We may use both session cookies (which expire when you close your browser) and persistent cookies (which remain until they expire or you delete them). We also employ cookies/tech from analytics providers (like Google Analytics) to gather aggregate usage statistics and from advertising partners to manage our marketing campaigns. You can control cookies through your browser settings – you may refuse or delete cookies, though our site might not function optimally (for instance, you might have to log in repeatedly or certain features may be disabled)
• For more information on cookies and how to opt-out of certain third-party cookies, see http://www.allaboutcookies.org/ 
• Telemetry from Devices: If you connect your Mosaic device to the internet or to Canvas, it may send telemetry data to Mosaic. This can include printer status, error logs, and usage statistics (for example, number of hours printed, types of materials used, firmware version). If you opt-in, it could also send more detailed analytics (such as print success rates, machine sensor data) to help us improve reliability
• We will ask for your consent where required (for instance, during device setup you might be prompted to enable analytics sharing).
• Camera Data (if applicable): Some Mosaic products or integrated third-party printers might have built-in cameras to monitor prints. Mosaic does not actively collect camera feeds from your devices unless you explicitly enable a feature to share that with us for support or analytics. In any case, we will make it clear and obtain consent if images or video from your device are transmitted to Mosaic’s servers
• By default, such camera data stays local to your device or your own cloud account.

1.3 Information from Third Parties

• Resellers/Distributors: If you purchase a Mosaic product through a third-party reseller or distributor, they may share your contact information and purchase details with us to register your product and enable warranty support. We require our partners to ensure you’re informed of such sharing.
• Service Providers: We might receive personal data about you from our service providers in the context of running our services. For example, if we ship you a package, our shipping carrier might provide delivery confirmations or address corrections. If you finance a purchase, our financing partner might notify us of the credit approval decision.
• Social Media and Advertising Partners: We maintain a presence on social media platforms (like Facebook, LinkedIn, Twitter). If you interact with our pages or posts, or use social login for our site, those platforms may send us information like your public profile or engagement metrics. We only use that in accordance with this policy and the platform’s rules. Also, for ad targeting, we may get insights from partners about how our ads performed or if you visited our site after seeing an ad. This data is usually aggregated and not identifying you by name, but it may be linked to things like cookies or device IDs.
• Data Enrichment: In some cases, we may use third-party tools to augment the information you provide. For instance, if you sign up with a business email, we might infer your company name or industry from public databases. This helps us tailor our services (e.g., identifying if you might need commercial support). We do not engage in automated decision-making that produces legal effects concerning you without human involvement; any enrichment is just for our internal understanding and not to exclude or refuse service.

1.4 Sensitive Personal Information

We do not intentionally collect any sensitive personal information (such as social insurance numbers, financial account passwords, health or biometric data, or precise geolocation) unless necessary for a specific service you opt into. Please do not provide such data to us unless required. If you believe you have provided us sensitive data inadvertently, contact us so we can handle or delete it appropriately.

2. How We Use Your Information

Mosaic uses the collected information for the following purposes, relying on a combination of legal bases (performance of a contract, legitimate interests, consent, and legal compliance):

• To Provide Products and Services: We use personal data to process and fulfill orders, deliver products, provide software functionality, and perform services you requested. For example, we use your address to ship your order, your email and password to log you into Canvas, and your billing info to process payment
• If you are using our Canvas platform, we use your account data to maintain your projects, settings, and content in the cloud.
• Account Maintenance and Customer Support: We maintain your account information to allow you to manage your preferences, and we use your information to respond to your inquiries and support requests. If you report an issue with a printer, we may reference your purchase history, warranty status, and any telemetry or logs from the device to diagnose the problem
• We might also use your email or phone number to provide you status updates on support tickets or repairs.
• Product Improvement and Analytics: Usage and telemetry data are analyzed to understand how our products are performing and how customers use them. This helps us identify bugs, improve user experience, and develop new features
• For example, aggregate print success rates or error frequencies can guide us to issue software updates or better support content. We ensure that for analytics, individual identities are not disclosed in public reports – it’s more about trends and statistics. If we use your data for internal training of algorithms (say, to improve print quality prediction), we will anonymize or pseudonymize it.
• Communication and Marketing: Mosaic may use the personal information you provide (such as your name, contact details, company information, and purchasing history) to communicate with you about our products and services, process and fulfill your orders, and recommend products or services that may be of interest to you. We may also use this information to improve our offerings, conduct market research, and send promotional materials about our products, special offers, newsletters, or events. 
• You can opt-out of marketing emails at any time by clicking “unsubscribe” in the email or adjusting your account preferences. We may also send important service-related announcements (transaction confirmations, software updates, security alerts). These aren’t marketing, but rather part of our obligations to keep you informed for service usage, and you may not opt out of critical service emails.
• Personalization: We may use data (like which products you viewed or what industry you indicated) to personalize content on our website or Canvas dashboard. For instance, if you often use a certain material, we might highlight relevant tips or products on login. We also might tailor advertisements you see on third-party platforms based on your interactions with us (this is often done via cookies or advertising networks, so the personal data used is typically limited to an identifier or demographics, not sensitive info).
• Security and Fraud Prevention: Information is used to protect our users, customers, and business. We monitor for suspicious activity – for example, multiple failed login attempts might prompt us to log the IP and investigate potential breaches. We also use automated tools to detect fraud in purchases (unusual credit card use or addresses) and might block or verify such transactions manually.
• Legal Compliance: We may process personal data to comply with our legal obligations. For instance, maintaining accurate financial records for tax purposes, or responding to lawful requests by public authorities. If you exercise data subject rights (like a request to delete your data under GDPR or CCPA), we will use your information to verify identity and fulfill the request. We also keep some data as required by consumer protection laws (e.g., records of consent, proof of purchase for warranty) and will use it as necessary in case of legal claims or regulatory inquiries.

We will seek your consent for any use of your information that is not compatible with the purposes above or not obvious to you. If we plan to use your data for a new purpose, we will update this Policy and notify you when required.

3. How We Disclose or Share Information

Mosaic does not sell your personal information to third parties for money. We do, however, share certain categories of information with third parties in the following circumstances, as necessary to run our business and provide our services (in all cases, only the minimum data required is shared and we put contractual safeguards in place):

• Service Providers and Partners: We use third-party companies to perform functions on our behalf. Examples include: payment processing (e.g., Stripe, PayPal), e-commerce platform hosting (our online store may be hosted on Shopify, which processes your order details), shipping carriers (who get your name and address to deliver products), cloud hosting providers (that power Canvas and store your data), email service providers (to send newsletters or notifications), and analytics services (Google Analytics receives site usage data via tags). These providers are given access to personal information only as needed to perform their services for us and are contractually obligated to protect it and not use it for other purposes. For example, when you make a purchase, we disclose personal data to Shopify to process the transaction and facilitate shipping
• When you use Canvas, your data may be stored on Amazon Web Services or Google Cloud Platform servers, under Mosaic’s account, to ensure reliability and speed.
• Resellers and Distributors: If you are working with a Mosaic authorized reseller (for instance, you bought through a local distributor), we might share information with them to support your product. This could include confirming your warranty registration, or referring your support request to them if they are responsible for first-line support in your region. Conversely, they share info with us as noted in Section 1.3. We ensure any partner is under confidentiality obligations.
• Affiliates: Mosaic may share your information with its corporate affiliates (e.g., a branch office or a subsidiary in another country) for the purposes described. For instance, if you are in the EU and Mosaic has an EU-based affiliate or representative, your data might be accessed or processed by that entity for local support or compliance reasons. All such entities abide by this Policy and are under common ownership and control of Mosaic.
• Legal and Safety: Mosaic may disclose personal information as required by law or when we have a good-faith belief that such action is necessary to (a) comply with a legal obligation (e.g., a subpoena, court order, or government demand); (b) protect and defend Mosaic’s rights or property, including the enforcement of our agreements and terms; (c) prevent fraud, investigate suspected violations, or address security or technical issues; or (d) protect the safety of our users or the public. For example, if required by law enforcement investigating illegal activities involving our platform, we might provide logs or account data as lawfully demanded
• If we receive a data request that we deem overly broad, we will challenge it or seek to minimize the disclosure.
• Business Transfers: In the event Mosaic is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be transferred as part of such a transaction. We would only transfer what is necessary and ensure the recipient (e.g., the new owning entity) honors equivalent privacy protections
• For instance, if Mosaic is acquired by another company, your customer data would likely be one of the transferred assets, so that the service can continue to operate. You will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
• With Consent: Apart from the situations above, we will share your personal data with third parties only if we have your explicit consent to do so. For example, if we run a joint webinar with a partner and you sign up, we might ask if you consent to us sharing your contact info with that partner (for them to send you their product info). If you consent, we’ll share it; if not, we won’t. You can revoke any such consent at any time.

We strive to anonymize or aggregate data where feasible before sharing. For instance, we might share aggregated usage statistics with a research partner or publish trends (like “average monthly prints per user”) – these would not identify any individual.

4. International Data Transfers

Mosaic is based in Canada, and we have customers around the world. By using our services, personal information may be transferred to or accessed by Mosaic and our service providers in Canada, the United States, and other countries where we operate or where our cloud servers are located. These countries may have data protection laws that are different from those in your country of residence. Whenever we transfer personal data out of its country of origin, we take steps to ensure adequate protection. For individuals in the European Economic Area (EEA), United Kingdom, or Switzerland, this means if we transfer your personal information to Canada or the U.S., we rely on appropriate legal mechanisms:

• Canada’s Adequacy: Canada (for commercial organizations under PIPEDA) is recognized by the EU as providing adequate data protection, so transfers from the EEA to Mosaic in Canada can occur under that adequacy decision.
• Standard Contractual Clauses: For transfers from the EEA/UK to the U.S. or other countries not deemed adequate, we have in place EU Commission-approved Standard Contractual Clauses (SCCs) or UK International Data Transfer Agreements with our service providers
• These SCCs contractually obligate the recipient to protect personal data to EU privacy standards. For example, our cloud hosting providers and analytics vendors have signed SCCs as needed.
• Data Privacy Framework (if applicable): Mosaic is evaluating participation in the new EU-U.S. Data Privacy Framework (DPF) for relevant data transfers. If and when certified, we will process EEA/UK/Swiss personal data in compliance with the DPF principles.
• Other Safeguards: We may also rely on derogations in certain cases (e.g., when a transfer is necessary for the performance of a contract with you, such as when you are an international customer ordering a product). We also implement technical measures like encryption in transit and at rest to add additional security for cross-border data flows.

You can contact us for more information about our transfer safeguards or to obtain a copy of the SCCs we use.

5. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law. Specifically:

• Account Data: We retain your account information while your account is active and for a reasonable period thereafter in case you decide to reactivate. If you delete your account, we will delete or anonymize your personal data within [60 days], except to the extent it’s necessary to retain for legal obligations or dispute resolution.
• Order and Transaction Data: Purchase records are retained to comply with financial and audit requirements (typically 7 years in many jurisdictions). Warranty records are kept through the warranty period and a bit beyond to handle any post-warranty support goodwill.
• Support Tickets: Communications and support logs are kept for a few years (often 2-3 years) after resolution, so that we have context for any future issues and to train our support team.
• Telemetry and Analytics: Much of the device telemetry is stored in aggregate form indefinitely (since it’s not personal once aggregated). Raw logs that may contain personal identifiers (like IP addresses) are typically rotated or deleted within a shorter timeframe (e.g., 12-18 months for server logs) unless needed longer for security analysis.
• Marketing Data: If you have consented to receive marketing emails, we keep your contact info on the mailing list until you unsubscribe or the email bounces repeatedly. If you unsubscribe, we may keep your email in a suppression list to ensure we honor your opt-out.
• Legal Holds: If we are under a legal obligation to retain data (for example, an ongoing investigation or litigation), we will keep the data until cleared to delete. We also retain any information required to enforce our agreements or resolve disputes, but only for as long as necessary for those purposes. For instance, if you had a dispute with us, we may retain correspondence about that dispute for the statute of limitations period applicable to contract claims.

When we have no ongoing legitimate need to process your personal information, we will either delete it or anonymize it (so that it can no longer be associated with you). If deletion is not immediately feasible (e.g., because data is stored in backups), we will securely store it and isolate it from further processing until deletion is possible.

6. Your Rights and Choices

Depending on your jurisdiction, you have certain legal rights regarding your personal information. We are committed to honoring these rights. These may include:

• Access and Portability: You have the right to request a copy of the personal data we hold about you and to obtain it in a commonly used electronic format. For example, Canvas users can request an export of their account data, which may include profile info and any models or projects saved in our cloud.
• Correction (Rectification): If your information is inaccurate or incomplete, you have the right to ask us to correct it. You can update most basic account information (like your name, contact info) directly via your account settings. For other corrections, contact us.
• Deletion (Right to be Forgotten): You may request that we delete your personal information. If you wish to close your account and delete associated data, we will do so, except for information we are required to keep (see Data Retention above). Note deleting data may affect your ability to use our services (e.g., we cannot recover your Canvas projects after deletion).
• Restriction of Processing: You can ask us to limit processing of your data in certain scenarios – for instance, if you contest the accuracy of the data, or if you object to us processing based on legitimate interest. We will mark the data as restricted and only process it for specific reasons (e.g., legal claims) until the issue is resolved.
• Objection to Processing: You have the right to object to our processing of your personal information when it is based on our legitimate interests, including profiling we perform for marketing. If you object, we will cease the processing unless we have compelling legitimate grounds or where needed for legal reasons. You also have the absolute right to object to your personal data being used for direct marketing purposes – if you opt out, we will stop sending marketing communications.
• Withdraw Consent: If we rely on your consent for any processing (e.g., for sending marketing emails, or for collecting analytics data from your device), you can withdraw that consent at any time. This will not affect the lawfulness of processing before withdrawal, but we will stop the processing going forward. For example, you can turn off analytics sharing on your device or unsubscribe from newsletters.
• Data Portability: In certain cases, you can request to receive your personal data in a structured, commonly used, machine-readable format, and have the right to transmit that data to another service provider (where technically feasible). This typically applies to data you provided directly and that is processed by us by automated means based on consent or contract – for example, your profile and account info could be portable.
• California Privacy Rights: If you are a California resident, the California Consumer Privacy Act (CCPA) provides you the right to know what categories of personal info we collect, how we use and share it, to request access or deletion of your personal info, and the right to opt-out of “sale” of personal info (note: Mosaic does not sell your data for monetary consideration, and we treat sharing for targeted advertising as a “sale” only if legally defined so). We have provided the details of our practices in this Policy (which serves as our CCPA notice). You or your authorized agent can exercise access or deletion rights by contacting us as described below. We will not discriminate against you for exercising your CCPA rights. If we ever offer a financial incentive program that requires opting in with personal info (for example, a discount for providing referrals), we will present the terms of that program clearly and you can opt out at any time.
• Marketing Communications: As noted, you can always opt out of marketing emails by using the unsubscribe link. For cookie-based targeting, you can utilize industry opt-out tools (like the Network Advertising Initiative or browser DNT signals; we honor opt-outs where possible).
• Do Not Track: Our websites currently do not respond to “Do Not Track” browser signals, due to lack of consensus on the standard. However, we treat global privacy control signals related to CCPA (if recognized by browsers) as an opt-out of sale/sharing of data as applicable.

To exercise any of your rights, please contact us at support@mosaicmfg.com or via the contact information in Section 9. We will verify your identity through reasonable means (for instance, by confirming control of your email or asking for details of your recent interactions). For certain requests, we may ask for additional confirmation if the data is sensitive. We aim to respond to your request within 30 days (or the timeframe required by law). If we need an extension or cannot fulfill your request, we will explain the reasons (e.g., certain data cannot be deleted if required for a legal obligation).

7. Security Measures

Mosaic takes data security seriously and employs technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption: Our websites and Canvas platform use HTTPS (TLS encryption) for all data in transit. Sensitive information (like passwords and payment details) is encrypted during transmission. We also encrypt personal data at rest in our databases where appropriate, or use tokenization for things like payment info.
• Access Controls: Personal data is accessible only to those Mosaic employees and service providers who have a need to know it for the purposes described. We enforce role-based access and require strong authentication for our internal systems. Administrative access to cloud servers and databases is logged and limited.
• Security Policies and Training: Mosaic maintains internal security policies covering data handling, device security, and incident response. Our staff are trained on proper use of customer data and cybersecurity best practices, including how to spot phishing or social engineering attempts.
• Threat Detection: We utilize network and application security monitoring to detect and respond to potential threats. This includes firewalls, intrusion detection systems, and automated alerts for unusual system activity. We keep our software and infrastructure updated with security patches.
• Third-Party Audits: Key service providers (like payment processors or cloud hosts) that manage personal data on our behalf are vetted for their security practices. For instance, our payment processor is PCI-DSS compliant for handling credit card info. We may also undergo security assessments or audits as needed, especially if required for enterprise clients.
• Data Backups: We perform regular backups of critical data to prevent data loss and store backups securely (with encryption) off-site. In case of a data loss event, we have disaster recovery plans to restore availability of personal data in a timely manner.
• Incident Response: In the event of a data breach or security incident involving personal information, Mosaic has a response plan. We will notify affected individuals and regulators as required by law, and we’ll take steps to mitigate the damage and prevent future incidents.

Please note: No system can be 100% secure. While we strive to protect your information, we cannot guarantee absolute security. It is important for you to also play a role: protect your account credentials, choose strong passwords, and notify us immediately if you suspect any unauthorized access to your account. We will not ask you for your password via email, so beware of phishing attempts.

8. Children’s Privacy

Mosaic’s products and services are not directed to children under the age of 13 (or under 16 in certain jurisdictions, as applicable), and we do not knowingly collect personal information from children in this age group. If you are under 13, please do not attempt to use our websites or provide any personal information about yourself to us. If we learn that we have collected personal information from a child under the relevant age without verified parental consent, we will promptly delete that information. Parents or guardians who believe Mosaic might have any information from or about a child under 13 (or under 16, as applicable) should contact us so we can investigate and delete it. Some Mosaic products (like 3D printers) might be used in educational settings under adult supervision. Any data collected in such context is intended to be provided by the adult teacher or school, not directly by children. Schools using our services in classrooms are responsible for ensuring appropriate consent and acting as the guardian of the student data in compliance with local laws (e.g., FERPA in the US). We will cooperate with educators to ensure student data is protected and used solely for educational purposes.

9. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how Mosaic handles your personal information, please contact us at: Mosaic Manufacturing Ltd.
Address: 403-111 Peter Street, Toronto, M5V2G9, Canada
Email: support@mosaicmfg.com
We will respond to privacy-related inquiries as soon as reasonably possible, and at most within the timeframe required by applicable law. If you are not satisfied with our response, and you are in a jurisdiction with a data protection authority, you have the right to contact your local data protection authority or privacy regulator. For example, in Canada it’s the Office of the Privacy Commissioner; in the EU, you can approach the supervisory authority in your country. We would however appreciate the chance to address your concerns directly before you do so, so please consider reaching out to us first. Thank you for trusting Mosaic with your personal information. We value your privacy and work hard to keep your data secure.