Home » Canvas Host blog » Founder's Blog

Topic: Founder’s Blog

Meeting GDPR Compliance

Hello! I say this because it’s probably the only article you’ve read about GDPR compliance that will ever begin with “Hello!”

GDPR is a set of regulations that protect the personal contact information of all residents of the European Union, that take effect on May 25, 2018. It sets forth rules for which companies worldwide must protect how they process and store information about their EU-residing customers, up to and including how those customers’ personal data is to be destroyed on request. Failure to protect the data can be costly, albeit through international litigation. The basic point is, EU-based customers have rights over their personal information, and if you’re a company working with those customers, you need to pay attention, and now, or else.

That sounds a bit dire, but GDPR is here and real. It’s something we all need to talk about, and it’s not something to be feared. Believe it or not, it is to be celebrated and supported. It is a platform from which companies worldwide can learn many lessons from which to ensure their own customers’ personal data is protected, whether they reside within the EU or not.

Since the creation of Canvas Host in 2002, we have endeavored to protect the personal information about all of our customers. From day one, we have held in our minds the notion that each customer is like a member of our family. Each of you have entrusted us with your business and personal data. Since that point, we have always maintained a hard line that we will never sell your data, nor use your data in any way other than to provide you the services for which you have contracted us to deliver you.

In recent months, as GDPR’s launch has approached, our company has reflected on the many things we already do to protect your personal information, and steps we take to further protect your hosting account’s data backups. We’ve taken pride in a strict Privacy Policy, and we have amended it to signify our compliance with GDPR.

As a B Corporation, we go to the ends of the Earth to be an ethical host amidst a sea of swirling uncertainty.

We’ve also resisted the tide towards “all things cloud”, and to this day host 100% of our data within our network and direct control. We do operate a secondary data center space in Bend, Oregon, for the sole purpose of storing and serving data for select customers.

What does that mean towards GDPR?

As a Data Controller and Data Controller, we have legal basis to store and manage your personal contact information. In layman’s terms, because you are a customer, we need to store your name, email address, credit card number, IP address, and so forth, because that is all part of how we are able to provide you service to your hosting account, authenticate you as a paying customer in your hosting account and the Support area, and tell you apart from a random hacker.

It is true that in the “Latest Patch” emails we send to customers, there are links we provide for services and special deals we are running. At the same time, that is solely driven by us. We have not, nor will ever sell or provide your personal contact information to a third party, unless forced by a court order. We treat the protection of your personal contact information extremely seriously.

Because of the global reach of GDPR, we have decided to apply its restrictions to all customers residing outside of the United States. And, if you are a resident of the United States, we will honor your request that we abide by GDPR’s same requirements.

If you are a resident of the EU, we have already unsubscribed you from our Latest Patch newsletter. If you wish to re-subscribe to it, you may do so at this link:

Latest Patch Newsletter Signup Form

If you have any concerns whatsoever about the protection of your personal data, please email sales@canvashost.com and let us know. We are here, we are listening, and we want only to serve your needs as best we can.

Additionally, if you are a EU resident, and you are concerned about your own website visitors’ activities on the site you host with us, please contact us if you need a contract (composed in English) noting how Canvas Host acts to protect your website and its visitors. We understand this is a complex component of GDPR, and are still working to understand the full scope of how this may impact our customers in various countries.

Finally, I want to state this to every single customer: One of GDPR’s requirements is that a company elect a Data Protection Officer (DPO), who regularly reviews the company’s policies to ensure it is meeting compliance, and corrects any lapses in those spaces. Canvas Host is a relatively small team, but I have elected to take on that role. As the company’s founder, and now as the DPO, I want to personally communicate to you my intent, as I have since 2002, that this company is here because of you; We are here to serve you; And we will never sell your data, nor intentionally compromise your privacy.

Canvas Host is the only certified B Corporation web host in the world. GDPR is but a formal set of policies that for many years, we have already upheld, and we are here to learn from it. We are not a perfect business; We are a human business; And together, you have our commitment that we will work to improve what we do, and how we do it.

Thank you,

David Anderson, Founder and Co-Owner

To B or not to B: Transparency in Business

Transparency in business is like a two-way sheet of glass, with you on one side, and the world on the other.

It shows others a clear window into who you are, the ethics you uphold, and the reasons behind your business decisions. Transparency allows others to see the real you. It serves to affirm your authenticity, and provides accountability through your actions.

In the absence of transparency, a business owner essentially operates from behind a one-way mirror. Your view of the other side might be blinded by the avarice, ego, and prejudice reflected back on you. The rest of the world can still see you from the other side, but you’ve blinded yourself from seeing them.

I’ve encountered businesses over the years that would like to believe they are transparent, but are not: Business owners who seem unable to accept any responsibility for their actions, who cast blame on former employees, and who think they can do no wrong. What these companies don’t realize is that “the fish rots from the head”. Accountability and responsibility both begin, and end, with those actually running the business.

We have entered an age of “purpose washing”, or as I like to say, “B washing”, in which companies project a much more socially responsible image of their company than truly exists. I am continually reminded of the need for transparency in business. No longer is it enough to take one’s words. We must look at the actions of a company, how it treats its staff and truly upholds the community, to understand the real ethics at work.

This is why I’m so strongly supportive of the B Corporation certification and movement. I strongly believe it to be the absolute highest standard of certification for socially responsible businesses. It cannot be subverted by the whim of the business owner. It is a window of transparency at a time when it is needed most.

When you hire a B Corporation, you can trust in that certification, and further, that its team, from ownership to management to staff, are united by a vision of driving business as a force for good.

To B, or not to B? That is the question you should ask the companies engaging you.

Celebrating Four Years as an Oregon Benefit Company

Wow! It’s been four years since we became an Oregon Benefit Company!

On January 2, 2014, we joined 28 other businesses to kick off a brand new Oregon business program. In the years since, it has grown into a statewide movement of more than 1,800 companies united through a common goal of using business as a force for good. (Read about the inaugural signing: Canvas Host: An Oregon Benefit Company)

Signed into law on June 18, 2013, House Bill 2296 enabled Oregon businesses to incorporate social causes into their operating by-laws. We were already a B Corporation, which implements similar corporate by-laws, but Oregon’s implementation of the benefit company structure brought us legal protection and precedence to operate on the triple bottom line.

Over the years, we’ve continued our mandate to uphold a higher level of ethics, transparency, and honesty throughout our business operations. From how we care for our customers, to how we provide meaningful services without the up-sell, to how we’ve improved employees’ lives with benefits most companies our size only dream of, Canvas Host is walking the talk.

What does the term, “benefit company” mean to you? It looks something like this: When you connect with us, we listen to you, and we break down the complicated technical stuff into plain English. We provide you the tools you need, and help you make the most of them. We’re here to help you succeed, period.

Our annual benefit report details the programs we’ve implemented and are actively working on. One of them is the creation of a statewide directory featuring Oregon benefit companies. Our objective is to help unify the community and enhance its capacity to effect positive change throughout the State.

We welcome your input as we enter 2018, and look forward to connecting with you and earning your trust.

Thank you,

David Anderson, Owner

Canvas Host selected as a 2017 Best for the World B Corporation


September 12, 2017

Portland, Oregon — Canvas Host has been selected from among its B Corporation peers as a 2017 Best for the World honoree, as a Service Provider with Minor Environmental Footprint for the Long Term.

Certified B Corporation were evaluated and selected based on areas of impact, including: Best For Workers, Best For Community, Best For Customers, Best For The Environment, Best For The Long Term, and Best For The World: Changemakers.

A total of 846 businesses across 52 industries from 48 countries were recognized on the full list:

“We’re thrilled to have been selected as a Best for the World company”, said David Anderson, owner. “We intentionally operate our company to bring benefit to our team, our customers, our community, and the environment. B Corporation values are in our company’s blood. We can’t imagine doing business any other way. It’s such a huge honor to have made this list, and we intend to answer the challenge to continually impact our world in a positive way, for the Long Term.”

Canvas Host recently renewed its certification through B Lab, the nonprofit certifying body for all B Corporations, and entered its eighth year as a B Corporation with its highest-ever B Impact score of 117 points. The measure evaluates a B Corporation on its impact with respect to Environment, Workers, Customers, Community, and Governance.

Full details of the B Impact score may be read in full on Canvas Host’s profile on the B Corporation website, at:

About Canvas Host

A sustainable web hosting provider based in Portland, Oregon, Canvas Host provides comprehensive web hosting, domain registration, email, e-commerce and dedicated hosting services. An Oregon Benefit Company and certified B Corporation, the company operates on triple bottom line principles of people, planet, and then profit, giving back to the community through partnerships with local non-profits and organizations, organizing monthly educational networking with Green Drinks, planting trees through Friends of Trees, and offsetting not only its energy consumption, but also 15 Portland-area homes with clean, renewable wind energy through Bonneville Environmental Foundation.

For information on Canvas Host’s services, please contact the Sales team at sales@canvashost.com, or by calling 877.HOST.503 x1.


On Making Tax Returns Great Again

b-corporation transparentTo anyone that doesn’t own a business, here’s a primer about personal and business tax returns, the difference between traditional corporations and benefit companies, and why transparency is so flipping important in today’s business and political world.

In America, the 1040 tax return reports your personal taxes owed from all income sources, including business(es). It is not a Schedule C form, which shows income you earned from a business, or a K-1 (form 1065), which shows income earned from a partnership. It is also not the same as a 1120, which is the tax return for the business itself, or an 1120-S in the case of a multi-owner partnership. The 1040 has very little to do with any business aspect of your tax situation, as business and personal taxes are treated separately by the IRS.

Although shareholders or owners personally pay taxes based on profit a company may have earned, a business’ tax liability is documented and reported separately. There are other factors, but this is in some way how businesses “are treated like people” in American business, because the two are taxed separately. A business, in the eyes of the IRS, is subject to very different rules of tax reporting.

For example, if your business files a net loss for a given year, it doesn’t receive a refund following your tax filing.  You simply owe no taxes for the business’ operations in that year, and you can carry that loss forward to offset any future profits the business may earn in later years. Schedule C and form 1120 show this clearly. And yet, you may have a 1040 return indicating you personally owe taxes, such as from earnings on capital gains (from stocks), or passive income on earned interest, unrelated to your business(es).

There are companies out there, and I could name several of the largest competitors in my industry, each of which have more than $1 billion in carried-forward debt for more than a dozen years, which means they can earn as much as they want, and yet, until that debt is fully “balanced out” with reported profits, neither those mega corporations, nor their owners, pay a single dime in taxes. For the entirety of one company’s operations, for example, one that used naked women to sell domains to NASCAR fans, that company has never once reported a profit, in the 18+ years of its existence. So no taxes have ever been paid on its revenue, ever.

Business tax returns can show many “interesting” details that you don’t find on personal returns: Side businesses and assumed business names commonly involved in umbrella companies and schemes, additional shareholders no one would otherwise know about, foreign subsidiaries and tax shelters that are fully legal in the eyes of the IRS, and retained earnings and distributions paid out tax-free as they are a release of assets, to name but a few. A business tax return can tell you immediately whether the company you’ve publicly come to know about, is truly the same company the IRS privately knows about.

The concern many have about our current President’s reluctance to share his tax returns are based on 1) He promised to release them and yet refuses; 2) It’s a simple act of transparency and addresses the point that if you have nothing to hide, then prove it; 3) No, it’s not enough, when you have established a long list of lies you have openly admitted to telling, for us to take you at your word that your taxes are above board; And 4) Those of us who regularly file our business tax returns understand just how telling it is about us as owners, how we run our business, and whether we are honest, versus pulling the wool over the eyes of everyone we do business dealings with, including our government.

Anyone who has maintained a business of many years should know the importance of an accurate and honest tax filing. Though the IRS only cares about the past seven years of a person’s or business’ returns, a lot can happen in those years. So with only a partial return, say… something from 2005, it’s not enforceable or audit-able, it’s meaningless in the present history of that company’s operations, and it says nothing about what current or carried-forward debts that company may hold and which it is in fact hiding from its non-ownership shareholders.

And that is why I feel our President isn’t offering up his current returns. It has nothing to do with us, the general public and our trust or distrust in him. It has much more to do with his sworn commitment to uphold profit motive for the shareholders that have invested billions in his enterprises, and whether he has breached his fiduciary duty to act in their interest first. Remember that phrase.

As bad as all the lawsuits may have been for the reported 41% of his failed businesses, can you imagine just how bad it would be for our current President for the shareholders of his businesses to learn that he didn’t act in their best interest? Tremendous power is given to shareholders of American businesses: Owners and officers can get sued and thrown in prison faster for lying to shareholders, than for committing violent crimes.

That is what is meant by the phrase, “fiduciary duty”. In a traditional corporation, the officers running the show are there to earn money for the company’s shareholders. If they don’t, they can be forcefully removed from that office, sued, and jailed. As much as it sounds nice to have investors who will front you capital for whatever plans you may have, they want their share to, and if they don’t get it, they are lawfully given the power to come after you personally for it. This is the primary reason many corporations push profit motive first and only, at all costs. It’s a way of keeping the investors happy and the officers out of jail. It’s also a way to wreck the planet, screw others in your industry out of business, and forcefully push droves of employees to the brink. Just think about a popular smartphone maker’s Chinese employees committing suicide at a giant manufacturing plant. That happens because profits are more important to its shareholders, than are its workers’ well-being.

This is one reason why in the current shifting tide of business, benefit companies and B Corporations are increasingly important and popular. They require a company’s officers to act not only in the interest of investors, but also to care for the environment, the community, and employees, which may come at a cost of profit to the shareholders. Benefit companies have in their operating agreement and articles of organization, language protecting officers’ rights to do just this. If you’re a shareholder in a benefit company, you cannot sue the officers for doing things that say, might help the environment but at a cost of less profit.

There are also mandates of being transparent and upholding business ethics. As an owner of a benefit company, I can be held accountable and even sued by a member of the public, if it is determined I acted on profit motive before considering the other requirements. My fiduciary duty goes far beyond profit motive. It forces a different type of conversation, you see. It promotes healthy business that yes, loves profit, but all the more cares about everything and everyone touched by that company’s operations.

Before you think I am complaining, I chose this path for my business. I couldn’t imagine it any other way. It’s something I believe in so strongly, that I willingly did this and have subjected my company to intense scrutiny in the name of accreditation as a B Corporation. It helps create trust with my customers, and I believe it makes for better business, period.

For me at least, it was an easy choice. And so, I put my money where my mouth is. My combined business and personal return, though small in comparison to large companies, still results in dozens of dense forms and pages. It’s quite a read. And yes, I have willingly opened my books to outside scrutiny as part of my company’s B Corporation certification. It’s a requirement, as a B, to permit third-party auditing. I believe so strongly in backing up my words, that I have had no hesitation to provide them this information.

In today’s world, it’s not enough to say something. You need to prove it. Third-party accreditation, such as the B Corporation seal you see all over this website and by our brand, are there to serve as a reminder that we stand by our commitment to honesty, integrity, and transparency. The B seal is a symbol of something you can trust in a business world full of uncertainty.