Campday
FeaturesOpen app

Privacy Policy

Effective May 3, 2026 · Version 2026-04-25

This Privacy Policy explains how Cedar South Dev LLC dba Campday (“Campday”) collects and uses information.

1. Role of Camps

Camps control the personal data of campers, parents, and staff.

Campday acts as a service provider processing data on behalf of Camps.

2. Information Collected

We collect:

Account Information

  • Names, email, roles

Camper Data

  • Names, ages, assignments
  • Parent relationships and family/household structure
  • Grade, group, and session assignments

Registration and Application Data

  • Publication selections, enrollment groups, and enrollment options chosen by parents
  • Multi-step application responses, including waivers, consents, photo and media releases, signatures, and uploaded supporting documents
  • Audience targeting attributes (such as grade or returning-camper status) used to determine which publications a family is eligible to view
  • Draft, in-progress, and submitted enrollment requests, including waitlist position and skip-step decisions
  • Coupon and discount codes applied to a registration

Health Information

  • Allergies, dietary restrictions, and food preferences
  • Medical history, conditions, medications, dosing schedules, and administration logs
  • Immunization records and provider/insurance information
  • Incident, injury, and medication-administration notes

Payment Data

  • Processed via Stripe; Campday does not store full card numbers
  • Limited card metadata stored (last four, brand, expiration)
  • Registration deposits, installment schedules, and autopay authorizations
  • Coupon redemptions, refunds, store credit, donations, and arbitrary adjustments
  • Prepaid balance top-ups and point-of-sale transactions

Communication Data

  • Email, SMS, and push notification preferences, opt-ins, and opt-outs
  • Records of transactional messages (registration receipts, payment reminders, application status, balance alerts) and bulk messages sent by Camps
  • Message bodies and delivery metadata (timestamps, status, bounces, opt-out events) needed to operate communications and demonstrate consent
  • Web push subscription tokens for users who enable browser notifications

Usage Data

  • Device, logs, actions, timestamps

Audit Logs

  • Logins, refunds, permissions, policy acceptance, application submissions, message dispatch, and PHI access

Third-Party Data

  • Stripe (payments)
  • Open Food Facts (food/allergen data)

Uploaded Documents

  • Files attached to forms (registration, medical, consent, waivers) are encrypted at rest. Sensitive documents are stored in AWS S3 under a HIPAA Business Associate Agreement with SSE-KMS encryption and, where enabled, Object Lock retention. Non-sensitive media (logos, item photos, marketing images) is stored in Cloudflare R2.

3. Use of Data

We use data to:

  • Provide and secure the Services
  • Operate registration and application workflows, including eligibility checks, capacity management, waitlists, and submission of forms, waivers, consents, and required documents
  • Process payments, registration deposits, installment plans, autopay, refunds, coupons, and point-of-sale transactions
  • Send transactional and Camp-directed communications by email, SMS, and web push, where the recipient has provided the consent required for that channel
  • Detect fraud and enforce policies
  • Improve the platform

4. Data Sharing

We may share data with:

  • Camps (who control the data)
  • Service providers (hosting, messaging, payments)
  • Stripe (payments)
  • Legal authorities if required

We do not sell personal data.

5. Children

Data about minors is provided by parents or Camps.

We do not knowingly collect data directly from children.

6. Security

We use safeguards including encryption, access controls, and logging.

No system is completely secure.

6a. Protected Health Information (PHI) and HIPAA

Some camps operate as HIPAA Covered Entities or treat camper health records as Protected Health Information (PHI). For those Camps, Campday acts as a Business Associate and processes PHI only on the Camp’s instructions and as permitted by a Business Associate Agreement (BAA) with the Camp.

Data classes that Campday treats as PHI when collected through the Services include health profiles, allergy and dietary information, medications and administration logs, immunization records, provider and insurance information, incident and injury reports, and any free-text medical notes attached to forms or applications.

PHI is stored in components covered by Campday’s BAA with Amazon Web Services: document storage in S3 (SSE-KMS encrypted, with Object Lock where enabled), key management in AWS KMS, and transactional email through Amazon SES. Database storage and application servers used to process PHI are likewise restricted to BAA-covered providers.

Campday does not send PHI to subprocessors that are not covered by a BAA. In particular, payment processors, SMS providers, non-AWS email relays, and analytics providers receive only the minimum data necessary for their function and never receive medical records or free-text health notes.

Camps that require a BAA with Campday should contact privacy@campday.app.

7. Retention and Deletion

We retain data as needed to provide Services and comply with legal obligations.

Camps may request deletion of their data.

Parents, staff, and other individuals may request erasure of personal data tied to their account or their child’s account by contacting their Camp or emailing privacy@campday.app.

When a verified erasure request is executed:

  • Authentication artifacts (sessions, passwords, 2FA, push subscriptions) are hard-deleted.
  • Identifying fields on the account and camper records (name, email, phone, addresses) are redacted in place. A minimal record is retained to preserve financial and safety audit trails required by law.
  • Medical records (health profile, medications, immunizations, incident notes) are redacted: identifying detail is removed while aggregate counts required for camp operations remain.
  • Message bodies (email/SMS) are redacted. Delivery metadata needed for compliance (timestamps, status) is retained.
  • Saved payment methods are detached from Stripe and marked deleted in our records.
  • Uploaded documents are cryptographically shredded: the wrapped data encryption key is destroyed, rendering the ciphertext unrecoverable even where Object Lock prevents immediate deletion of the file.

A two-person approval rule and a 24-hour grace period apply to every erasure request before execution, except where legally required to skip (documented on the request).

8. Subprocessors and External Providers

Campday uses the following providers to deliver the Services. Each provider has its own retention practices. When you exercise erasure rights, Campday passes the request to applicable providers, but some logs or backups may persist for a limited window under the provider’s own policies.

  • Amazon Web Services (us-east-2): document storage (S3, SSE-KMS, optional Object Lock), key management (KMS), and transactional email (SES). Covered by a HIPAA Business Associate Agreement. PHI in transit and at rest is handled within these BAA-covered services.
  • Cloudflare R2: non-sensitive media (logos, item images, marketing assets). Not used for PHI.
  • Neon(us-east-1): managed Postgres database used for application data (including PHI). Point-in-time backups are retained per Neon’s policy and purged afterward.
  • Stripe: payment processing. Receives identifiers, contact details, and transaction amounts needed to charge a card or run autopay; not BAA-covered, and not used to transmit PHI. On erasure, the Stripe customer is deleted; Stripe retains minimal transactional records as required by financial regulations.
  • Resend: transactional email relay used for non-PHI messages such as receipts and account notices. Delivery logs age out per Resend’s retention policy. PHI-bearing email is routed through Amazon SES under our AWS BAA instead.
  • Twilio: SMS delivery (where enabled). Receives phone numbers and message bodies necessary to deliver the SMS; not BAA-covered, so PHI is excluded from SMS content and Camps are instructed not to place medical detail in SMS templates. Delivery logs age out per Twilio’s retention policy.
  • Open Food Facts: allergen and ingredient taxonomy (reference data, no personal information sent).

9. Third-Party Data Sources

Food and allergen data may come from Open Food Facts and similar sources.

Such data may be inaccurate or incomplete.

10. International Transfers

Data may be processed outside your jurisdiction with appropriate safeguards.

11. Your Rights

You may have rights to access, correct, or delete data.

Requests should generally be directed to your Camp.

12. Changes

We may update this Policy.

13. Contact

privacy@campday.app

info@campday.app

Cedar South Dev LLC dba Campday

Privacy PolicyTerms of Serviceinfo@campday.app