Legal

Privacy Policy

How we collect, use, store, and share data when you use Campaign Atlas Pro.

Last updated · May 2, 2026

This Privacy Policy describes how Campaign Atlas Inc. (“Campaign Atlas,” “we,” “our,” or “us”) collects, uses, stores, and shares information when you use Campaign Atlas Pro — including our iOS app, Android app, web application at campaignatlaspro.com, and any related services (collectively, the “Service”).

If you do not agree with this Policy, do not use the Service. We’ll do our best to explain things in plain English, but defined terms apply throughout.

1. Information we collect

1.1 Account information

When you create an account, we collect your name, email address, and a password hash (we never store your raw password). We use Supabase Auth for authentication. The Service does not currently support social sign-on providers; if and when we add Sign in with Apple or other providers, this Policy will be updated before launch.

1.2 Customer Data you upload

You upload information about your contacts — names, contact details, addresses, donation amounts, tags, notes, relationship metadata, and similar information you choose to track. We refer to this collectively as “Customer Data.” You are the controller of Customer Data. We are the processor.

1.3 Donations and financial information

We log donation records you create. We do not directly process donor payments through the Service. If you sell paid subscriptions to Campaign Atlas Pro itself, payment is handled by Stripe; we receive a customer ID, subscription status, and the last four digits of the card. We never see or store full card numbers.

1.4 Push notification tokens

If you enable push notifications, your device sends us an Expo / FCM / APNs push token. We store this token associated with your user account so we can deliver notifications you’ve opted into. You can revoke notification permission at any time from your device settings.

1.5 Event data and RSVPs

RSVPs submitted to your public event pages are stored in your organization’s workspace. If a respondent provides their name, email, or phone, that data is stored under your control as Customer Data.

1.6 Device and usage data

We log standard server access information (IP address, user agent, request paths, response codes) and product usage events (e.g., feature usage, errors) for security, debugging, and product improvement. We retain server logs for 30 days, then aggregate or delete.

1.7 In-app messaging

Direct and group message threads inside the Service are stored in your organization’s workspace. Message contents are accessible only to participants and to organization administrators acting in their administrative capacity. Deleted messages are removed from active storage immediately and from backups within 30 days.

1.8 Activity and audit logs

We record an audit log of changes made within your organization (who created or modified contacts, donations, events, tasks, RSVPs, tags, and similar records, and when). The log is visible to organization administrators and is retained for the life of the organization. It is essential for FEC reporting, internal accountability, and incident review.

1.9 Location data

The map view geocodes addresses you store as Customer Data using Mapbox. We do not collect device GPS location unless you explicitly use a feature that requests it (e.g., “canvass starting from my location”), and only for the duration of that session.

1.10 Cookies and tracking on the marketing site

The marketing site at campaignatlaspro.com uses no cookies, no third-party trackers, no advertising pixels, and no analytics SDKs. The application itself uses a single first-party cookie (and equivalent local storage) for authenticated session management; this is strictly necessary for the Service to function and you will not be presented with a cookie consent banner because no non-essential cookies are set.

2. How we use information

We do not sell personal information. We do not use Customer Data to train machine-learning models. We do not show you third-party advertising.

3. Sharing and third parties

We share information only with these categories of recipients:

We require all third-party processors to implement appropriate security measures and to use information only to provide services to us. Customer Data is never sold to brokers or shared with advertising networks.

4. Your choices and rights

4.1 Access and export

You can export all Customer Data at any time as CSV from in-app settings. Account-level data (your profile, billing) is exportable on request to privacy@campaignatlaspro.com.

4.2 Correction

You can edit or correct any data you have entered directly in the app.

4.3 Deletion

You can delete your account at any time from Settings → Delete account in the app, or by emailing privacy@campaignatlaspro.com from the address on the account. Deletion wipes:

For workspaces with co-administrators, you must transfer or relinquish ownership before deletion completes; we will guide you through this in the deletion flow. Deletion is finished within 24 hours of confirmation. Backups containing deleted data are purged within 30 days. We retain a minimal record of the deletion event itself (account ID and timestamp) for security and abuse-prevention purposes.

5. Privacy rights for residents of California, Virginia, Colorado, Connecticut, and Utah (and similar U.S. state laws)

Depending on your state, you may have rights to: know what personal information we have about you; access and obtain a copy; correct inaccurate information; delete personal information; opt out of “sale” or “sharing” (we do neither); and not be discriminated against for exercising these rights. To exercise any of these rights, email privacy@campaignatlaspro.com. We’ll verify your identity and respond within 45 days.

6. Privacy rights under the GDPR (EU/UK)

If you are in the EU or UK, you have rights under the GDPR including access, rectification, erasure, restriction of processing, data portability, and objection to processing. Our legal basis for processing is the contract with you (operating the Service) and our legitimate interests (security, fraud prevention). Customer Data is processed on behalf of your organization, which is the controller. To exercise GDPR rights, email privacy@campaignatlaspro.com.

7. Data retention

Active account data is retained while your account is active. Server logs are retained for 30 days. Backups are retained for 30 days, then purged. Stripe payment records are retained for 7 years to comply with U.S. tax and accounting requirements. Aggregated, de-identified analytics may be retained indefinitely.

8. Security

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Production database access requires multi-factor authentication and is restricted to a small number of authorized engineers. Row-level security policies enforce that data is only accessible to members of the organization that owns it. No system is perfectly secure; if you discover a vulnerability, please report it to security@campaignatlaspro.com and we’ll respond within two business days.

9. Children

The Service is not directed to children under 13, and we do not knowingly collect information from them. If you believe a child has provided us information, contact us and we will delete it.

10. International transfers

The Service is operated from the United States. If you access it from outside the U.S., your information will be transferred to and processed in the U.S. We rely on Standard Contractual Clauses for transfers from the EU/UK to the U.S.

11. Changes to this Policy

We’ll post any updates here and revise the “Last updated” date above. For material changes, we’ll send a notice in-app or by email at least 7 days before they take effect.

12. Contact

Privacy questions, complaints, or requests:
Campaign Atlas Inc.
privacy@campaignatlaspro.com
Mailing address available on request.