Privacy Policy

When CampKit is used by an organization (a “camp, school, or program”), that organization is the controller of the information it loads into the Service, and CampKit acts as its processor. For individual accounts that are not tied to an organization, CampKit is the controller.

Account information. When you create or are invited to an account, we collect your name, email address, role, and a hashed password. Administrators may associate you with an organization.

Trip and roster information. Trip organizers enter information about participants and guardians, which may include names, birth dates, ages, gender, parent/guardian contact details, dietary notes, medical notes, rooming preferences, and optional photos.

Content you submit. Schedules, announcements, packing lists, forms, questions, and images you add to a trip.

Device and usage information. We log technical data such as IP address, browser type, device identifiers, timestamps, and pages visited to operate, secure, and debug the Service. Web-push endpoints are stored for devices you enable notifications on.

Cookies and similar technologies. We use strictly necessary cookies (such as a session cookie and a CSRF token) to keep you logged in and protect the Service against cross-site attacks. We do not use cookies for advertising.

We use information to:

• operate, maintain, and secure the Service;
• authenticate you, including optional two-factor authentication;
• provide trip features (rosters, schedules, rooming, announcements, packing, forms);
• send transactional email and, where enabled, push notifications about your account and trips;
• prevent abuse, fraud, and unauthorized access, and enforce our Terms of Use; and
• comply with legal obligations.

We do not sell personal information, and we do not use participant information to train third-party advertising or AI models.

Within your organization. Information you submit to a trip is visible to organization staff assigned to that trip, to guardians linked to a participant, and to the participant themselves, as appropriate.

Service providers. We share information with vendors who help us operate the Service (for example, hosting, email delivery, and push notification infrastructure). These vendors are bound by contract to use information only to provide services to us.

Legal and safety. We may disclose information if we have a good-faith belief that disclosure is required by law, court order, or governmental request, or is necessary to protect the rights, property, or safety of CampKit, our users, or the public.

Business transfers. If CampKit is involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction; any acquirer will be bound by this policy or provide equivalent protection.

The Service is designed primarily for adults who administer youth programs and for older teen participants. We do not knowingly collect personal information directly from children under 13 without verifiable parental or guardian consent, which is obtained by the camp or organization operating the trip. Organizations using CampKit are responsible for obtaining any parental consents required by applicable laws such as COPPA, FERPA, and equivalent regulations in their jurisdiction.

Parents and guardians can request to review, correct, or delete a child’s information by contacting the organization that runs the trip, or by emailing us at hello@campkit.ca.

We use industry-standard safeguards including encryption in transit (TLS), hashed password storage, role-based access control, audited administrator actions, and automated blocks on outbound mail to demo/fixture domains. No system is perfectly secure; you are responsible for keeping your password and any two-factor codes confidential.

Trip information is retained while your organization maintains its account with us, and for a reasonable period afterward for backup, legal, or safety purposes. Account information is retained until you delete your account. You may request deletion of your personal data at any time; some data may be retained in backups or to comply with legal obligations.

Depending on where you live, you may have rights to access, correct, delete, or port your personal information, to object to or restrict certain processing, and to withdraw consent. You can exercise these rights by editing your profile, by contacting the organization that administers your trip, or by emailing us at hello@campkit.ca. We will not discriminate against you for exercising your rights.

CampKit may be hosted or processed in countries other than yours. When we transfer personal information internationally, we use safeguards appropriate to the applicable law, such as standard contractual clauses.

We may update this Privacy Policy from time to time. If a change is material we will notify you through the Service or by email before it takes effect. The “Effective” date above will always reflect the latest version.

For privacy questions or to exercise your rights, email hello@campkit.ca.