Campfront Privacy Policy
Campfront (“we,” “our,” “us”) provides software that helps camps manage registration, payments, forms, communication, housing, and staffing.
This Privacy Policy explains how we collect, use, and protect information when you use our website, applications, and services (together, the “Service”).
If you have questions, contact privacy@campfront.com.
Who this policy applies to
This policy applies to:
- Camp customers (administrators and staff) who use Campfront to manage operations; and
- Parents and families who submit camper or staff information through a camp’s Campfront account.
Campfront acts primarily as a service provider to camps. Camps are responsible for the personal data they collect and manage through Campfront.
Campfront itself only receives de-identified or aggregated information that does not identify individual campers, parents, or staff.
In limited cases—such as account management, billing, marketing to camp staff, or analytics for our own website—Campfront may act as a data controller. When acting as a controller, we handle only minimal business contact information and apply the same security and privacy safeguards described in this Policy.
Information we collect
Information you provide
Camps and their authorized users may upload data into Campfront to manage registration, forms, or payments. This data may include camper, parent, or staff details such as names, contact information, or health and travel information.
However, this identifiable data remains controlled by the camp and is not visible to Campfront staff except in de-identified or aggregated form.
Information collected automatically
We collect limited technical information about how our Service is used—such as log data, device type, IP address, and performance metrics.
We also use cookies and similar technologies to support site functionality, analytics, and—where users have given consent—marketing measurement through tools such as Google Tag Manager. These technologies help us understand how our website and platform are used, improve performance, and manage tag-based integrations.
The specific cookies and tags in use, their purposes, and your choices for managing them are described in our separate Cookie Policy.
Cookies and tracking technologies
Campfront uses:
- Essential cookies to enable core features such as login, session management, and security.
- Analytics cookies to collect aggregated usage information that helps improve our Service.
- Marketing or measurement cookies, which may be deployed through Google Tag Manager to support marketing performance analysis and similar activities, only after users provide consent through our cookie-preferences tool.
Users can manage or withdraw consent at any time using the cookie settings available on our website or by following the instructions in our Cookie Policy.
How we use information
We use information to:
- Operate, maintain, and improve the Service;
- Support camps in managing their systems and usage;
- Monitor performance, reliability, and security;
- Communicate with customers and respond to requests; and
- Comply with legal or contractual requirements.
When acting as a service provider, we do not use, view, or share identifiable personal data—only anonymized or aggregated information necessary to run the platform.
Legal basis for processing
We process information only where we have a valid legal basis to do so, such as:
- To perform our agreement with a camp or account holder;
- To comply with legal obligations; or
- To pursue legitimate business interests, such as improving and securing our Service.
Where required by law, we rely on your consent for the use of non-essential cookies or marketing scripts.
How we share information
We may share information in limited ways to help us operate, secure, and improve the Service.
Specifically, we share information with:
- Payment processor (Stripe): We use Stripe to process payments securely. Stripe collects and processes payment details directly, and its use of personal data is governed by the Stripe Privacy Policy. Campfront does not store or have access to complete payment-card information.
- Service providers: We engage trusted service providers for hosting, infrastructure, analytics, customer support, email delivery, and communication tools. These providers may use data only to perform services on our behalf and must protect it in accordance with this Policy and applicable laws.
- Camps and account administrators: Information submitted through a camp’s Campfront account (such as registration forms or communications) is shared with that camp and its authorized users.
- Affiliates and parent company: We may share aggregated or de-identified analytics with our parent company and affiliated entities to improve products, support operations, and understand usage trends. This information does not identify individual users or camps, and we do not attempt to re-identify it.
- Legal and compliance purposes: We may disclose information when required by law or legal process or to protect the rights, property, or safety of Campfront, our users, or others.
We do not sell or rent personal information to any third party, and we do not allow our service providers or affiliates to use data for their own marketing or advertising.
Payments
All payments are processed by Stripe, a PCI-DSS-compliant provider. Campfront never stores or accesses full payment-card details. See Stripe’s Privacy Policy.
Data retention and hosting
We retain de-identified operational data only as long as needed to provide the Service, monitor usage, or meet legal requirements.
Camps control their own identifiable data and may export or delete it at any time.
All data is stored and processed on secure servers located in the United States, hosted by trusted cloud providers that maintain industry-standard security certifications (such as ISO 27001 and SOC 2).
Children’s information
Campfront supports the protection of children’s privacy and complies with the Children’s Online Privacy Protection Act (COPPA).
Campfront may process information about campers, including children under 13, only on behalf of the camp and only in a de-identified or anonymized form.
We do not knowingly collect personal information directly from children under 13 or allow them to create Campfront accounts. If we ever receive identifiable information from a child directly, we will delete it promptly.
Your rights and choices
Depending on your location, you may have rights to access, correct, or delete personal information.
Requests relating to camper or staff data should be directed to the camp that collected it. Campfront assists camps in fulfilling valid requests.
California residents may contact privacy@campfront.com to exercise rights under the California Consumer Privacy Act (CCPA/CPRA). Campfront does not sell personal data.
We aim to respond to all privacy-related inquiries within 30 days, and we may verify your identity before fulfilling certain requests.
Security
We use administrative, technical, and physical safeguards to protect data and ensure that any information we handle remains de-identified.
If a security incident occurs involving data we host, we will notify affected camps promptly and cooperate with investigations as required by law.
International users
Campfront’s services are operated and hosted in the United States.
If you access the Service from outside the U.S., you consent to the transfer and processing of your information in the United States, which may have different data-protection laws than your country.
Changes to this policy
We may update this Privacy Policy from time to time.
We will post the updated version on our website with a new “Last updated” date and, when required, notify account owners by email.
Previous versions of this Privacy Policy are available upon request.
