Privacy Policy

1. Information We Collect

Information you provide directly

We collect information you provide directly to us, including: name, email address, phone number, institutional .edu email (used solely for student verification), profile photo, date of birth, and payment information.

Information collected automatically

We automatically collect certain information when you use our services: IP address, browser type, device identifiers, pages visited, time spent, referring URLs, and location data (only when you choose to share it for task or ticket listings).

Information from third-party services

We receive information from third-party services including Stripe (payment processing), Google Analytics GA4 (analytics, property ID G-7E7JJDEMSB), Google Maps API (location services), Checkr (background checks), Twilio (SMS), and Resend (email delivery).

2. How We Use Your Information

• To provide, operate, and improve Campaid services.
• To process payments and facilitate transactions between Hirers and Taskers via Stripe Connect.
• To verify your identity and student status.
• To send transactional emails via Resend and SMS notifications via Twilio related to your account and tasks.
• To detect and prevent fraud, abuse, and security threats.
• Automated message scanning: All in-platform messages (listing messages, offer-thread messages, and direct conversations in /messages) are scanned in real time for off-platform payment patterns including Venmo, CashApp, Zelle, PayPal handles, and US phone-number formats. Detection triggers an inline warning to both parties, an admin alert, and may flag or suspend accounts. Message content is not used for advertising or sold to third parties.
• Automated listing risk scoring: Every new ticket and marketplace listing receives an automatically computed risk score at creation time, derived from account age, prior listing and dispute history, listing price relative to category norms, and known-fraud signal patterns. Listings exceeding the high-risk threshold may be suppressed or removed pending review. Sellers may appeal a suppression via support@campaid.net.
• To comply with legal obligations.
• For analytics and platform improvement using aggregated, anonymized data via Google Analytics GA4.

3. How We Share Your Information

• With other users: Your public profile, name, and task/listing details are visible to other Campaid users as necessary to facilitate transactions.
• With service providers: Stripe (payments), Google Analytics (analytics), Google Maps (location), Checkr (background checks), Twilio (SMS), Resend (email), Vercel (hosting), Supabase (database, auth, storage, realtime), Sentry (error monitoring).
• For legal compliance: We may disclose information if required by law, court order, or governmental authority.
• Business transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred.
• We do not sell your personal information to third parties.

4. Data Storage and Infrastructure

Your data is stored and processed using the following infrastructure providers, all hosted in the United States:

• Supabase (PostgreSQL): All account data, user profiles, task records, transaction history, and platform content are stored in a managed Supabase PostgreSQL database. Supabase provides encryption at rest and in transit, row-level security policies, and automated backups.
• Supabase Auth: User authentication, session management, and credential storage are handled by Supabase Auth using industry-standard security practices including bcrypt password hashing.
• Supabase Storage: User-uploaded files such as profile photos and listing images are stored in Supabase Storage with access controls and signed URLs.
• Supabase Realtime: Real-time features such as messaging and notifications use Supabase Realtime channels with authenticated subscriptions.
• Vercel:The Campaid web application is hosted on Vercel's edge network, which processes HTTP requests including IP addresses, user agent strings, and request metadata. Vercel provides SSL/TLS encryption for all connections.
• Resend: Transactional and notification emails are sent through Resend. Resend processes recipient email addresses, email content, and delivery metadata (opens, bounces, delivery status).
• Stripe Connect: Payment card data is collected and processed directly by Stripe. Campaid does not store credit card numbers on its own servers.

5. Data Retention

• We retain your account information for as long as your account is active or as needed to provide services.
• Transaction records are retained for a minimum of 7 years for tax and legal compliance.
• You may request deletion of your account by contacting support@campaid.net. Certain data may be retained for legal or regulatory purposes.

6. Your Rights and Choices

• Access and correction: You may access and update your account information at any time through your profile settings.
• Email communications: You may unsubscribe from marketing and notification emails using the unsubscribe link in any email we send via Resend.
• California residents (CCPA): You have the right to know what personal information we collect, request deletion, and opt out of sale (we do not sell data).
• EU/EEA residents (GDPR): You have rights to access, rectify, erase, restrict processing, data portability, and object to processing. Contact us at support@campaid.net to exercise these rights.

7. Cookies and Tracking

• We use cookies and similar tracking technologies to operate and improve our services. These include session cookies (required for login via Supabase Auth), analytics cookies (Google Analytics GA4), and third-party service cookies (Stripe, Sentry).
• You can control cookie preferences through our Cookie Consent banner or your browser settings. Disabling certain cookies may affect platform functionality.
• See our full Cookie Policy for details.

8. Security

• We implement industry-standard security measures including HTTPS/TLS encryption (enforced by Vercel), hashed passwords (bcrypt via Supabase Auth), row-level security policies (Supabase), and access controls.
• We monitor for suspicious activity and unauthorized access attempts.
• No method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to protecting your data.

9. Children's Privacy

• Campaid is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors.
• If we become aware that a minor has provided us with personal information, we will delete it promptly. Contact support@campaid.net if you believe this has occurred.

10. Changes to This Policy

• We may update this Privacy Policy periodically. We will notify you of material changes via email (through Resend) or a prominent notice on our platform.
• Your continued use of Campaid after changes take effect constitutes acceptance of the updated policy.

11. Contact Us

© 2026 Ugig LLC doing business as Campaid. All rights reserved.