Privacy Policy
Camp Card Mobile Application and Web Services
Published by Swipe Savvy, LLC
Effective Date: January 30, 2026 | Last Updated: January 30, 2026
Swipe Savvy, LLC ("Swipe Savvy," "Company," "we," "us," or "our") operates the Camp Card mobile application, website at https://www.campcardapp.org, and related services (collectively, the "Service"). This Privacy Policy explains in detail how we collect, use, process, store, disclose, and safeguard your information when you access or use our Service.
This Policy applies to all users of the Camp Card Service, including but not limited to Scouts, parents and guardians, troop leaders, council administrators, national administrators, participating merchants, and any other individuals who interact with the Service in any capacity. Your continued use of the Service following any updates or modifications to this Policy constitutes your binding acceptance of such changes.
We are committed to protecting the privacy and security of our users, with particular attention to the privacy of minors who participate in Scouting America fundraising programs through our platform.
Table of Contents
- Information We Collect
- How We Use Your Information
- Scout Data Usage Limitation
- Information Sharing and Disclosure
- Data Security
- Data Retention
- Your Privacy Rights
- Children's Privacy (COPPA)
- California Privacy Rights (CCPA/CPRA)
- International Users
- Third-Party Services
- Push Notifications
- Location Services
- Do Not Track Signals
- Cookies and Tracking Technologies
- Limitation of Liability
- Dispute Resolution and Arbitration
- Indemnification
- Changes to This Policy
- Governing Law
- Severability
- Entire Agreement
- Contact Us
1. Information We Collect
We collect information from multiple sources to provide, maintain, and improve the Service. The types of information we collect depend on how you interact with the Service and the role you hold within the Camp Card platform (e.g., Scout, parent, troop leader, council administrator, or merchant).
1.1 Information You Provide
We collect information you voluntarily provide when you register for an account, use the Service, make a purchase, communicate with us, or otherwise interact with the Camp Card platform.
Account Information:
- Full legal name (first name and last name)
- Email address
- Password (encrypted using BCrypt hashing and securely stored; we never store passwords in plaintext)
- Phone number (optional)
- Profile photograph (optional)
- User role designation (Scout, Parent, Troop Leader, Council Admin, or National Admin)
- Account preferences and settings
Payment Information:
- Credit or debit card details (processed securely through Authorize.net using Accept Hosted and Accept.js tokenization; we do not store, process, or retain full card numbers, CVV codes, or other sensitive cardholder data on our servers)
- Billing name and address
- Payment transaction history, including amounts, dates, and transaction identifiers
- Subscription plan details and renewal information
- Payment tokens issued by Authorize.net for recurring transactions
Scout and Troop Information:
- Scout registration number (if applicable)
- Troop or unit number and affiliation
- Council association and council identifier
- Scout referral code for fundraising and sales tracking
- Fundraising activity records and sales data
- Troop membership and roster information (for troop leaders)
User-Generated Content:
- Customer support inquiries, feedback, and correspondence
- Survey responses and reviews
- Content submitted through any forms or features within the Service
- Communication preferences and opt-in selections
1.2 Information Collected Automatically
When you access or use the Service, we automatically collect certain information through cookies, log files, web beacons, SDKs, and similar technologies. This information helps us understand how the Service is used and enables us to improve your experience.
Device Information:
- Device type, model, and manufacturer
- Operating system type and version (e.g., iOS 18, Android 15)
- Unique device identifiers (e.g., IDFA, IDFV, Android Advertising ID)
- Mobile carrier and network type (Wi-Fi, cellular)
- Screen resolution and display settings
- App version and build number
- Browser type and version (for web portal access)
- Device language and regional settings
Usage Information:
- App features accessed and frequency of use
- Time, date, and duration of each session
- Screens viewed and navigation paths taken within the Service
- Actions taken within the Service (e.g., offers viewed, QR codes scanned, subscriptions purchased)
- Search queries entered within the Service
- Referral source information (how you arrived at the Service)
- Crash reports and performance diagnostics
Location Information:
- Precise GPS coordinates (only with your explicit, affirmative permission through your device's operating system)
- Approximate location derived from your IP address
- Nearby merchant search queries and location-based results
- City, state, and zip code inferred from network data
Log Data:
- Internet Protocol (IP) address
- Date and time stamps of requests
- Pages and endpoints requested
- HTTP status codes and response sizes
- Referring URL or application
- Error logs and exception data
1.3 Information from Third Parties
We may receive information about you from the following third-party sources. You authorize us to collect, process, and use information from these third-party sources in accordance with this Policy.
Scouting America Organizations:
- Scouting America local councils may provide roster information, troop affiliations, and council membership data to facilitate the Camp Card fundraising program.
- Troop leaders may provide Scout roster information for the purpose of managing their troop's Camp Card participation.
Payment Processors:
- Authorize.net may provide us with transaction confirmation details, payment status updates, tokenized payment references, and fraud screening results. Authorize.net processes payments in compliance with PCI-DSS standards.
Analytics Providers:
- Firebase Analytics and other analytics tools provide aggregated and anonymized usage data, crash reports, performance metrics, and user engagement statistics to help us understand and improve the Service.
2. How We Use Your Information
We use the information we collect for legitimate business purposes directly related to the operation, improvement, and protection of the Camp Card Service. Below is a detailed description of how we use your information.
2.1 Service Provision
- Create, maintain, authenticate, and manage your Camp Card account
- Process subscription purchases, payments, renewals, and refunds through Authorize.net
- Provide access to participating merchant offers and discounts
- Enable QR code generation, display, and redemption functionality
- Display nearby merchants, offers, and location-based services
- Facilitate Scout referral tracking and fundraising attribution
- Enable troop leaders to manage their troop rosters and monitor fundraising progress
- Provide council administrators with fundraising reports and analytics dashboards
- Process and fulfill customer support requests
2.2 Communication
- Send account-related transactional notifications (e.g., account verification, password reset, payment confirmations, subscription renewal reminders)
- Deliver push notifications about new offers, nearby merchants, and Service updates (with your consent)
- Send email communications regarding important Service changes, security alerts, and policy updates
- Respond to your inquiries, feedback, and support requests
- Communicate fundraising updates and program information to troop leaders, parents, and council administrators
2.3 Improvement, Analytics, and Research
- Analyze usage patterns, trends, and user behavior to improve the Service's features, functionality, and user experience
- Conduct internal research and development to create new features and services
- Perform A/B testing and feature experimentation to optimize the Service
- Generate aggregated, de-identified, or anonymized analytics reports
- Monitor and measure the effectiveness of the Service and its features
- Diagnose technical problems, debug software, and improve performance and stability
2.4 Security, Compliance, and Legal
- Detect, prevent, investigate, and respond to fraud, unauthorized access, and other illegal or harmful activities
- Enforce our Terms of Service, this Privacy Policy, and other agreements
- Verify user identity and prevent unauthorized account access
- Comply with applicable federal, state, and local laws, regulations, and legal processes
- Respond to lawful requests from law enforcement, government agencies, courts, and regulatory authorities
- Protect the rights, property, safety, and security of Swipe Savvy, our users, and the public
2.5 Scout Program and Fundraising Support
- Track and report Camp Card sales and redemptions for Scouting America fundraising purposes
- Generate fundraising progress reports for troops, councils, and the national Scouting America organization
- Attribute sales to individual Scouts through referral codes for recognition and incentive programs
- Facilitate communication between troop leaders, parents, and council administrators regarding fundraising activities
- Provide aggregated fundraising analytics to participating Scouting America councils
2.6 Business Operations
- Maintain internal business records and accounting
- Conduct audits and ensure regulatory compliance
- Manage merchant relationships and offer verification
- Administer and improve our information technology infrastructure
- Perform capacity planning and resource allocation
You acknowledge and agree that we may use your information for any purpose described in this Policy without further notice or compensation to you, except as otherwise required by applicable law.
3. Scout Data Usage Limitation
IMPORTANT NOTICE REGARDING SCOUT DATA:
Scout information -- including Scout registration numbers, troop/unit affiliation, council association, and referral codes -- is collected and used solely for the purposes of fundraising reporting and sales tracking. This information is not used for marketing, advertising, behavioral profiling, or any purpose unrelated to Camp Card fundraising operations.
We do NOT use Scout data for behavioral advertising, profiling, or marketing purposes.
Swipe Savvy recognizes the sensitive nature of information relating to minors who participate in Scouting America programs. We are committed to the following principles regarding Scout data:
- Purpose Limitation: Scout-specific data (registration numbers, troop affiliation, council association, referral codes, and fundraising activity) is used exclusively for Camp Card fundraising reporting, sales tracking, and program administration. This data is never repurposed for unrelated activities.
- No Advertising Use: We do not use Scout data to serve advertisements, build marketing profiles, or engage in any form of behavioral advertising or targeted marketing directed at Scouts.
- No Behavioral Profiling: We do not create behavioral profiles of Scouts based on their usage of the Service. We do not track Scouts across third-party websites or applications.
- No Third-Party Marketing: We do not share, sell, rent, or license Scout data to third parties for their marketing, advertising, or promotional purposes.
- Data Minimization: We collect only the minimum amount of Scout information necessary to operate the Camp Card fundraising program and provide the Service.
- Access Controls: Access to Scout data within our organization is strictly limited to personnel who require such access to fulfill the fundraising and program administration purposes described in this Policy.
- Parental Oversight: Parents and legal guardians retain full rights to access, review, correct, and request deletion of their child's Scout data at any time. See Section 8 (Children's Privacy) for details.
4. Information Sharing and Disclosure
We understand that how we share your information is as important as how we collect it. This section describes the limited circumstances under which we may share or disclose your personal information.
4.1 Categories of Recipients
We may share your information with the following categories of recipients, solely for the purposes described in this Policy:
- Service Providers and Technology Partners: We engage trusted third-party companies and individuals to perform services on our behalf, including:
- Authorize.net -- Payment processing, transaction authorization, and fraud detection
- Firebase (Google) -- Push notification delivery, analytics, and crash reporting
- Amazon Web Services (AWS) -- Cloud infrastructure, hosting, data storage, and email delivery (via Amazon SES)
- Google Maps Platform -- Location services, merchant mapping, and geocoding
- Scouting America Organizations: We share relevant fundraising data, sales reports, and program participation information with:
- Local Scouting America councils associated with participating troops
- Troop leaders and unit leadership responsible for fundraising coordination
- National Scouting America organization for program-level reporting and oversight
- Participating Merchants: When you redeem an offer at a participating merchant, we share only the minimum information necessary to verify and process the redemption (e.g., QR code validation, redemption status). We do not share your full personal profile, contact information, or payment details with merchants.
- Legal and Regulatory: We may disclose your information to law enforcement agencies, courts, government authorities, or regulators when we believe in good faith that such disclosure is required or permitted by applicable law, legal process, or governmental request, or when necessary to protect our rights, your safety, or the safety of others.
4.2 Additional Disclosure Circumstances
In addition to the recipients listed above, we may disclose your information under the following circumstances:
- Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, dissolution, sale of all or substantially all of our assets, or similar corporate transaction, your personal information may be transferred as part of the transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy. We will use reasonable efforts to ensure the transferee agrees to handle your information consistent with this Policy.
- With Your Consent: We may share your information with third parties when you have given us your explicit, affirmative consent to do so.
- Aggregated or De-Identified Data: We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with third parties for research, analytics, business intelligence, or other purposes.
- Protection of Rights: We may disclose information when we reasonably believe it is necessary to investigate, prevent, or take action regarding suspected or actual illegal activities, fraud, threats to the physical safety of any person, or violations of our Terms of Service.
4.3 Data Processing by Third Parties
When we share your information with third-party service providers, we require them to:
- Use the information solely for the purposes for which it was shared
- Implement appropriate technical and organizational security measures
- Comply with applicable data protection laws and regulations
- Not further disclose or sell the information without our express written authorization
- Delete or return the information upon termination of the service relationship, as applicable
4.4 We Do NOT:
- Sell your personal information for monetary or other valuable consideration
- Share your personal data with third-party advertisers for behavioral advertising or ad targeting purposes
- Share children's data without appropriate parental or guardian consent as required by COPPA
- Share personal information with data brokers or data aggregation services
- Use or share your information for purposes materially different from those described in this Policy without providing you notice and, where required, obtaining your consent
- Rent, lease, or license your personal information to any third party
5. Data Security
We take the security of your personal information seriously and implement a comprehensive, multi-layered approach to protecting your data. We maintain administrative, technical, and physical safeguards designed to protect against unauthorized access, use, modification, destruction, or disclosure of your personal information.
5.1 Security Measures
Our security program includes, but is not limited to, the following measures:
- Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher (HTTPS). API communications are encrypted end-to-end.
- Encryption at Rest: Sensitive data stored on our servers is encrypted using AES-256-GCM encryption, including payment gateway credentials and other sensitive configuration data.
- Password Security: User passwords are hashed using BCrypt with a strength factor of 12 before storage. We never store passwords in plaintext and cannot retrieve your original password.
- PCI-DSS Compliant Payment Processing: All payment card processing is handled exclusively by Authorize.net, a PCI-DSS Level 1 certified payment processor. We use Accept Hosted and Accept.js tokenization to ensure that sensitive cardholder data never touches our servers.
- Role-Based Access Controls (RBAC): Access to user data is restricted based on user roles and the principle of least privilege. Our backend enforces RBAC at the application level with JWT-based authentication and row-level security (RLS) policies in our database.
- Database Security: We use a dedicated database schema with a restricted application user account. Database access is controlled through PostgreSQL row-level security policies and multi-tenant isolation via council-level tenant contexts.
- Infrastructure Security: Our infrastructure is hosted on Amazon Web Services (AWS), which provides physical security, network isolation, DDoS protection, and compliance with SOC 2, ISO 27001, and other security certifications.
- JWT Authentication: API access is secured using JSON Web Tokens (JWT) with claims-based authorization, short-lived access tokens, and automatic token refresh mechanisms.
- Secure Development Practices: We follow secure software development lifecycle (SDLC) practices, including code reviews, dependency vulnerability scanning, and regular security assessments.
- Access Logging and Monitoring: We maintain logs of access to sensitive systems and data, and we monitor for suspicious activity and unauthorized access attempts.
5.2 Your Security Responsibilities
You play an important role in protecting your information. We ask that you:
- Choose a strong, unique password for your Camp Card account and do not reuse passwords from other services
- Keep your login credentials confidential and do not share them with anyone
- Log out of your account after each session, especially on shared or public devices
- Keep your device's operating system and the Camp Card application updated to the latest version
- Notify us immediately at support@swipesavvy.com if you suspect any unauthorized access to your account
- Enable device-level security features such as screen lock, biometric authentication, or passcode protection
5.3 No Guarantee
WHILE WE IMPLEMENT COMMERCIALLY REASONABLE SECURITY MEASURES DESIGNED TO PROTECT YOUR PERSONAL INFORMATION, NO METHOD OF TRANSMISSION OVER THE INTERNET, METHOD OF ELECTRONIC STORAGE, OR OTHER SECURITY MEASURE IS COMPLETELY SECURE OR IMPENETRABLE. WE CANNOT AND DO NOT GUARANTEE THE ABSOLUTE SECURITY OF YOUR INFORMATION. ANY TRANSMISSION OF PERSONAL INFORMATION TO US IS AT YOUR OWN RISK, AND YOU SHOULD NOT EXPECT THAT YOUR PERSONAL INFORMATION OR OTHER COMMUNICATIONS WILL ALWAYS REMAIN SECURE.
5.4 Breach Notification
In the event of a data breach that compromises your personal information, we will:
- Promptly investigate the nature and scope of the breach
- Take reasonable steps to contain and remediate the breach
- Notify affected users without unreasonable delay and in compliance with applicable breach notification laws (including state-specific notification requirements)
- Notify relevant regulatory authorities as required by applicable law
- Provide information about what occurred, what data was affected, and steps you can take to protect yourself
6. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes described in this Policy, comply with our legal and regulatory obligations, resolve disputes, and enforce our agreements. The specific retention periods vary depending on the type of data and the purpose for which it was collected.
| Data Type | Retention Period | Basis |
|---|---|---|
| Account Information | Duration of active account + 5 years after account closure or deletion | Contractual obligation, legal compliance, and dispute resolution |
| Transaction Records | 7 years from date of transaction | Federal and state tax, financial reporting, and audit requirements |
| Usage Analytics | 3 years (anonymized or aggregated thereafter) | Service improvement and research purposes |
| Location Data | 90 days | Service functionality; deleted after short-term use |
| Support Communications | 5 years from date of last communication | Quality assurance, legal compliance, and dispute resolution |
| Marketing Preferences | Until consent is withdrawn or account is deleted | User consent |
| Log Data | 2 years | Security monitoring, debugging, and compliance auditing |
Account Deletion
You may request deletion of your account and associated personal data by contacting us at privacy@swipesavvy.com. Upon receiving a verified deletion request:
- We will delete or de-identify your personal information from our active systems within thirty (30) business days
- Certain information may be retained in our backup systems for a limited period as part of our normal backup and disaster recovery processes, but will be deleted in accordance with our backup rotation schedule
- We may retain limited information as necessary to comply with legal obligations, resolve disputes, prevent fraud, or enforce our agreements, as described in the retention periods above
- Aggregated or de-identified data that can no longer reasonably identify you may be retained indefinitely for analytical and statistical purposes
- We will confirm completion of the deletion process via the email address associated with your account
Survival
Notwithstanding any account deletion or termination, the provisions of this Privacy Policy that by their nature are intended to survive (including but not limited to Sections 5, 16, 17, 18, 20, 21, and 22) shall continue in full force and effect after termination or expiration of your use of the Service.
7. Your Privacy Rights
Depending on your jurisdiction, you may have certain rights regarding the personal information we hold about you. We are committed to respecting your privacy rights and will respond to all legitimate requests in accordance with applicable law.
7.1 General Rights
Subject to applicable law and certain exceptions, you may exercise the following rights:
- Right of Access: You have the right to request confirmation of whether we process your personal information and to obtain a copy of the specific personal data we hold about you, including the categories of data collected, the purposes of processing, the categories of recipients, and the retention periods applied.
- Right to Correction: You have the right to request that we correct or update any inaccurate, incomplete, or outdated personal information we maintain about you.
- Right to Deletion: You have the right to request the deletion of your personal information, subject to certain exceptions (such as data we are required to retain for legal or regulatory compliance). Also referred to as the "right to be forgotten."
- Right to Data Portability: You have the right to receive a copy of your personal data in a structured, commonly used, machine-readable format (such as CSV or JSON), and to request that we transmit that data to another service provider where technically feasible.
- Right to Opt-Out: You have the right to opt out of:
- Marketing and promotional communications at any time by using the unsubscribe link in any marketing email or by contacting us
- Push notifications through your device settings
- Location data collection by disabling location permissions on your device
- The sale or sharing of your personal information (see Section 9 for California-specific rights)
- Right to Withdraw Consent: Where we rely on your consent as the legal basis for processing your personal information, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing conducted prior to withdrawal.
7.2 How to Exercise Your Rights
To exercise any of your privacy rights, you may:
- Email us at privacy@swipesavvy.com with a detailed description of your request
- Use the account settings and privacy controls available within the Camp Card application
- Write to us at the mailing address provided in the Contact Us section below
When submitting a request, please include your full name, the email address associated with your Camp Card account, and a clear description of the right you wish to exercise. We may need to verify your identity before processing your request to protect your account security.
7.3 Verification and Limitations
- Identity Verification: To protect against unauthorized access, we will verify your identity before processing any privacy rights request. Verification may involve confirming your email address, providing additional identifying information, or answering security questions associated with your account.
- Response Time: We will acknowledge receipt of your request within ten (10) business days and will respond substantively within thirty (30) days of receiving a verified request. If we require additional time (up to an additional 60 days for complex requests), we will notify you of the extension and the reason for the delay.
- Limitations: In certain circumstances, we may deny or limit your request as permitted by applicable law, including when:
- We cannot verify your identity with reasonable certainty
- The request is manifestly unfounded, excessive, or repetitive
- Compliance would adversely affect the rights and freedoms of others
- We are legally required or permitted to retain the information
- The information is needed for ongoing legal proceedings or dispute resolution
- No Discrimination: We will not discriminate against you for exercising your privacy rights. We will not deny you services, charge different prices, provide a different quality of service, or retaliate against you in any way for exercising your rights under this Policy or applicable law.
8. Children's Privacy (COPPA Compliance)
Swipe Savvy is deeply committed to protecting the privacy of children. The Camp Card Service involves minors participating in Scouting America fundraising activities, and we take special care to comply with the Children's Online Privacy Protection Act (COPPA) and other applicable laws regarding children's privacy.
8.1 Age Requirements
- Users must be at least 13 years of age to create an account on the Camp Card Service
- Users between the ages of 13 and 17 ("minor users") are required to have verifiable parental or legal guardian consent before creating an account or using the Service
- We do not knowingly collect personal information from children under the age of 13 without verifiable parental consent
- If we discover that we have collected personal information from a child under 13 without verifiable parental consent, we will promptly delete that information from our systems
8.2 Parental Consent
For minor users (ages 13-17), we implement the following consent mechanisms:
- During the registration process, minor users are required to provide a parent or guardian's email address
- We send a consent verification email to the parent or guardian, who must affirmatively approve the minor's account creation
- A Scout account will not be fully activated until parental consent has been received and verified
- Parents and guardians may withdraw their consent at any time by contacting us at parents@swipesavvy.com
8.3 Information Collected from Minors
We apply strict data minimization principles when collecting information from minor users. We collect only the minimum information necessary to provide the Camp Card fundraising service:
- Name and email address (for account creation and communication)
- Scout registration number and troop affiliation (for fundraising attribution)
- Referral code activity (for sales tracking)
- Basic usage data necessary for Service functionality
We do not collect the following from minor users:
- Payment card information (all purchases for Scouts are processed through parent/guardian accounts or troop leader accounts)
- Precise geolocation data (without additional parental consent)
- Photographs, videos, or audio recordings
- Social media account information
- Any information beyond what is strictly necessary for Camp Card fundraising
8.4 Parental Controls
Parents and legal guardians of minor users have the following rights and controls:
- Access: Review all personal information collected from their child by contacting us at parents@swipesavvy.com
- Correction: Request correction of any inaccurate information about their child
- Deletion: Request deletion of their child's account and all associated personal information at any time
- Consent Withdrawal: Withdraw consent for further collection or use of their child's information, which will result in account deactivation
- Restrict Sharing: Request that we restrict the sharing of their child's information with Scouting America organizations or other third parties
We will process all parental requests within thirty (30) days of receiving a verified request.
8.5 Contact for Parents
Parents and guardians with questions or concerns about their child's privacy, or who wish to exercise any parental control rights, should contact us at:
Email: parents@swipesavvy.com
We prioritize responses from parents and guardians regarding children's privacy matters and aim to respond within five (5) business days.
9. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA/CPRA"). This section supplements the rest of this Privacy Policy and applies solely to California residents.
9.1 Your California Privacy Rights
As a California resident, you have the following rights:
- Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which your information was collected, the business or commercial purposes for collecting your information, and the categories of third parties with whom we share your information.
- Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions provided by law.
- Right to Correct: You have the right to request that we correct any inaccurate personal information we maintain about you.
- Right to Opt-Out of Sale/Sharing: You have the right to opt out of the "sale" or "sharing" of your personal information, as those terms are defined under the CCPA/CPRA.
- Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of your sensitive personal information to uses that are necessary to provide the Service.
- Right to Non-Discrimination: You have the right to not be discriminated against for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you different prices, or provide a different level or quality of service because you exercise your privacy rights.
9.2 Notice Regarding Sale and Sharing
We do NOT sell your personal information as defined by the CCPA/CPRA. We do NOT share your personal information for cross-context behavioral advertising purposes. We have not sold or shared personal information in the preceding twelve (12) months.
9.3 Categories of Personal Information Collected
The following table describes the categories of personal information we have collected from California consumers in the preceding twelve (12) months, as categorized under the CCPA/CPRA:
| CCPA Category | Examples of Data Collected | Business Purpose | Sold or Shared? |
|---|---|---|---|
| A. Identifiers | Name, email address, phone number, unique account ID | Account management, communication, service provision | No |
| B. Personal Information (Cal. Civ. Code 1798.80(e)) | Name, address, phone number | Account management, legal compliance | No |
| D. Commercial Information | Transaction history, subscription records, purchase details | Service provision, billing, fundraising reporting | No |
| F. Internet/Electronic Activity | App usage data, browsing history within the Service, device information | Service improvement, analytics, security | No |
| G. Geolocation Data | Precise and approximate location (with consent) | Nearby merchant display, location-based offers | No |
| K. Inferences | User preferences, usage patterns (derived from collected data) | Service personalization and improvement | No |
9.4 Exercising Your California Privacy Rights
To exercise your CCPA/CPRA rights, you may submit a verifiable consumer request by:
- Emailing us at ccpa@swipesavvy.com
- Writing to us at the mailing address provided in the Contact Us section
You may submit a request to know or delete up to twice in a twelve (12) month period. We will respond to your verified request within forty-five (45) days of receipt. If we require additional time (up to an additional 45 days), we will inform you of the reason and the expected response date in writing.
9.5 Authorized Agents
You may designate an authorized agent to submit a CCPA/CPRA request on your behalf. To do so, you must:
- Provide the authorized agent with written, signed permission to act on your behalf
- Verify your own identity directly with us (unless the agent has a valid power of attorney under California Probate Code sections 4000-4465)
- Have the authorized agent submit proof of their authorization along with the request
We may deny a request from an agent that does not submit proof of authorization to act on your behalf.
10. International Users
10.1 United States Service
Camp Card is designed, operated, and intended for use within the United States of America. Our servers, databases, and primary data processing facilities are located in the United States. If you access the Service from outside the United States, please be aware that your information will be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your country of residence.
By accessing or using the Service from outside the United States, you expressly and unambiguously consent to the transfer, storage, and processing of your information in the United States in accordance with this Privacy Policy. If you do not consent to such transfer, you should not access or use the Service.
10.2 European Economic Area (EEA) and GDPR Notice
While Camp Card is primarily a United States service, if you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, the following additional information applies to you under the General Data Protection Regulation (GDPR):
- Data Controller: Swipe Savvy, LLC is the data controller responsible for your personal data.
- Legal Basis for Processing: We process your personal data based on:
- Contractual necessity -- to provide the Camp Card Service you have requested
- Legitimate interests -- for fraud prevention, security, service improvement, and business operations, where those interests are not overridden by your data protection rights
- Legal compliance -- to comply with applicable laws and regulations
- Consent -- where you have given your affirmative consent (e.g., for marketing communications, location services, push notifications)
- Data Transfer Mechanisms: Your personal data is transferred to the United States. We rely on appropriate transfer mechanisms, including Standard Contractual Clauses (SCCs) as adopted by the European Commission, to ensure adequate protection for your data.
- Additional Rights: In addition to the rights described in Section 7, EEA/UK residents have the right to:
- Object to the processing of your personal data based on legitimate interests
- Restrict the processing of your personal data under certain circumstances
- Lodge a complaint with your local data protection supervisory authority
To exercise your GDPR rights, contact us at privacy@swipesavvy.com.
11. Third-Party Services
The Camp Card Service integrates with and relies upon certain third-party services for key functionality. These third parties operate independently and have their own privacy policies governing how they collect, use, and protect your information. We encourage you to review the privacy policies of these third-party services.
| Service | Purpose | Privacy Policy |
|---|---|---|
| Authorize.net (Visa) | Payment processing, card tokenization, transaction authorization, and fraud detection | https://www.authorize.net/about-us/privacy/ |
| Firebase (Google) | Push notifications, analytics, crash reporting, and performance monitoring | https://firebase.google.com/support/privacy |
| Amazon Web Services (AWS) | Cloud infrastructure, hosting, data storage, email delivery (SES), and content delivery | https://aws.amazon.com/privacy/ |
| Google Maps Platform | Location services, merchant mapping, geocoding, and directions | https://policies.google.com/privacy |
WE ARE NOT RESPONSIBLE FOR THE PRIVACY PRACTICES, DATA COLLECTION, OR SECURITY MEASURES OF THIRD-PARTY SERVICES. YOUR USE OF SUCH SERVICES IS GOVERNED BY THEIR RESPECTIVE PRIVACY POLICIES AND TERMS OF SERVICE, AND IS AT YOUR OWN RISK. WE ENCOURAGE YOU TO READ THE PRIVACY POLICIES OF ALL THIRD-PARTY SERVICES BEFORE PROVIDING THEM WITH YOUR INFORMATION.
12. Push Notifications
The Camp Card Service uses push notifications to communicate important information to you. Push notifications are delivered through Firebase Cloud Messaging (FCM) on Android devices and Apple Push Notification service (APNs) on iOS devices.
Types of Push Notifications
We may send the following categories of push notifications:
- Transactional Notifications: Payment confirmations, subscription renewals, account verification, and password reset alerts
- Offer Notifications: New merchant offers, expiring deals, and nearby offers (if location services are enabled)
- Fundraising Updates: Sales milestones, troop progress, and fundraising activity summaries
- Account Notifications: Profile updates, security alerts, and important account status changes
- Service Announcements: New features, maintenance notifications, and policy updates
Managing Push Notifications
You have full control over push notifications:
- iOS: Go to Settings > Notifications > Camp Card to enable, disable, or customize notification preferences
- Android: Go to Settings > Apps > Camp Card > Notifications to manage notification channels and preferences
- In-App: Adjust notification preferences within the Camp Card app's Settings or Profile section
Essential Notifications
Certain notifications related to account security, legal requirements, and critical Service changes may be sent regardless of your notification preferences. These essential notifications include security alerts (such as unauthorized access attempts), required legal notices, and critical service disruption notifications.
13. Location Services
Camp Card may request access to your device's location services to provide location-based features. Location access is entirely optional, but disabling it may limit certain functionality within the Service.
How We Use Location Data
- Display nearby participating merchants and their current offers
- Show your position on the merchant map within the app
- Provide distance information to participating merchant locations
- Improve the relevance of offers displayed to you based on geographic proximity
We only collect location data while you are actively using the app (foreground location). We do NOT collect background location data when the app is closed or running in the background.
Managing Location Permissions
- iOS: Go to Settings > Privacy & Security > Location Services > Camp Card. You can choose "Never," "Ask Next Time Or When I Share," or "While Using the App."
- Android: Go to Settings > Location > App Permissions > Camp Card. You can choose "Allow only while using the app," "Ask every time," or "Don't allow."
If you deny location access, you can still use the Camp Card Service, but features such as the nearby merchant map and location-based offer sorting will not be available. You can change your location permission at any time through your device settings.
14. Do Not Track Signals
Some web browsers transmit "Do Not Track" (DNT) signals to websites and online services. There is currently no universally accepted standard for how companies should respond to DNT signals. At this time, the Camp Card Service does not respond to or alter its practices when it receives a DNT signal from a user's browser. However, we do not engage in cross-site tracking of our users.
California law requires us to disclose how we respond to web browser DNT signals. Because there is no industry or legal standard for recognizing or honoring DNT signals, we do not currently respond to them. If a standard for online tracking is adopted that we are required to follow, we will inform you of that practice in a revised version of this Privacy Policy.
15. Cookies and Tracking Technologies
The Camp Card web portal (accessible at https://www.campcardapp.org and https://admin.campcardapp.org) and the mobile application may use cookies, local storage, and similar tracking technologies to enhance your experience and collect usage data.
Types of technologies we use:
- Session Cookies: Temporary cookies that are deleted when you close your browser. These are essential for maintaining your authenticated session and ensuring the Service functions properly.
- Authentication Tokens: We use JSON Web Tokens (JWT) stored securely on your device to maintain your login session. These tokens have a defined expiration period and are refreshed automatically during active use.
- Local Storage: We may store certain preferences and non-sensitive application state data in your browser's local storage or the mobile app's secure storage to improve performance and user experience.
- Analytics Tools: We use Firebase Analytics and similar tools that may use cookies or device identifiers to collect aggregated usage data. This data helps us understand how the Service is used and identify areas for improvement.
Managing Cookies and Tracking:
- You can control cookies through your browser settings. Most browsers allow you to block or delete cookies, although doing so may affect the functionality of the Service.
- On mobile devices, you can limit ad tracking through your device's privacy settings (iOS: Settings > Privacy & Security > Tracking; Android: Settings > Privacy > Ads).
- Disabling cookies or tracking technologies may prevent you from accessing certain features of the Service, including the web admin portal.
16. Limitation of Liability
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL SWIPE SAVVY, LLC, ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, LICENSORS, OR SERVICE PROVIDERS (COLLECTIVELY, THE "SWIPE SAVVY PARTIES") BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS OF PROFITS, GOODWILL, DATA, USE, OR OTHER INTANGIBLE LOSSES, ARISING OUT OF OR RELATING TO:
- YOUR ACCESS TO, USE OF, OR INABILITY TO ACCESS OR USE THE SERVICE;
- ANY UNAUTHORIZED ACCESS TO, USE OF, OR ALTERATION OF YOUR PERSONAL INFORMATION OR DATA;
- ANY CONDUCT OR CONTENT OF ANY THIRD PARTY ON OR RELATED TO THE SERVICE;
- ANY DATA BREACH, SECURITY INCIDENT, OR UNAUTHORIZED DISCLOSURE OF YOUR INFORMATION;
- ANY INTERRUPTION, SUSPENSION, OR TERMINATION OF THE SERVICE;
- ANY BUGS, VIRUSES, TROJAN HORSES, OR THE LIKE THAT MAY BE TRANSMITTED TO OR THROUGH THE SERVICE BY ANY THIRD PARTY;
WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR ANY OTHER LEGAL THEORY, AND WHETHER OR NOT THE SWIPE SAVVY PARTIES HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE.
IN NO EVENT SHALL THE AGGREGATE LIABILITY OF THE SWIPE SAVVY PARTIES EXCEED THE GREATER OF: (A) THE TOTAL AMOUNTS YOU HAVE ACTUALLY PAID TO SWIPE SAVVY IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM, OR (B) ONE HUNDRED UNITED STATES DOLLARS (USD $100.00).
Some jurisdictions do not allow the exclusion or limitation of incidental or consequential damages, or do not allow limitations on implied warranties. In such jurisdictions, the limitations and exclusions set forth above shall apply to the fullest extent permitted by the laws of such jurisdictions. Nothing in this Privacy Policy shall limit or exclude liability for death or personal injury caused by negligence, fraud, or any other liability that cannot be excluded or limited by applicable law.
17. Dispute Resolution and Arbitration
This section governs the resolution of any disputes, claims, or controversies ("Disputes") arising out of or relating to this Privacy Policy, the collection, use, storage, or disclosure of your personal information, or your use of the Camp Card Service. Please read this section carefully, as it affects your legal rights.
Informal Resolution
Before initiating any formal dispute resolution proceeding, you agree to first attempt to resolve any Dispute informally by contacting us at legal@swipesavvy.com with a detailed written description of the Dispute, including your name, contact information, the nature of the Dispute, and the specific relief you are seeking. We will attempt to resolve the Dispute informally within sixty (60) days from the date of your notice. If the Dispute is not resolved within this period, either party may proceed with formal dispute resolution as described below.
Binding Arbitration
ANY DISPUTE THAT IS NOT RESOLVED INFORMALLY SHALL BE FINALLY AND EXCLUSIVELY RESOLVED BY BINDING ARBITRATION ADMINISTERED BY THE AMERICAN ARBITRATION ASSOCIATION ("AAA") IN ACCORDANCE WITH ITS CONSUMER ARBITRATION RULES THEN IN EFFECT. THE ARBITRATION SHALL BE CONDUCTED IN THE STATE OF TEXAS. THE ARBITRATOR'S DECISION SHALL BE FINAL AND BINDING AND MAY BE ENTERED AS A JUDGMENT IN ANY COURT OF COMPETENT JURISDICTION.
The arbitration shall be conducted by a single, neutral arbitrator selected in accordance with the AAA Consumer Arbitration Rules. The arbitrator shall have the authority to award the same damages and relief that a court could award. The arbitrator's award shall include a written statement of the arbitrator's essential findings of fact and conclusions of law.
Payment of all filing, administration, and arbitrator fees will be governed by the AAA's Consumer Arbitration Rules. If the arbitrator finds that your claim was brought in good faith and is not frivolous, Swipe Savvy will reimburse your filing fee if it exceeds $200.
Class Action Waiver
YOU AND SWIPE SAVVY AGREE THAT EACH PARTY MAY BRING DISPUTES AGAINST THE OTHER ONLY IN YOUR OR ITS INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS, CONSOLIDATED, OR REPRESENTATIVE ACTION OR PROCEEDING. THE ARBITRATOR MAY NOT CONSOLIDATE MORE THAN ONE PERSON'S CLAIMS AND MAY NOT OTHERWISE PRESIDE OVER ANY FORM OF A CLASS, CONSOLIDATED, OR REPRESENTATIVE PROCEEDING. IF THIS CLASS ACTION WAIVER IS FOUND TO BE UNENFORCEABLE, THEN THE ENTIRETY OF THIS ARBITRATION PROVISION SHALL BE NULL AND VOID.
Opt-Out of Arbitration
You may opt out of the arbitration and class action waiver provisions of this Privacy Policy by sending written notice of your decision to opt out within thirty (30) days of first accepting this Privacy Policy (or within 30 days of any material revision to this section). To opt out, send a signed, written notice that includes your full legal name, email address associated with your Camp Card account, and a clear statement that you wish to opt out of the arbitration provision to:
- Email: legal@swipesavvy.com with the subject line "Arbitration Opt-Out"
- Mail: Swipe Savvy, LLC, Attn: Legal -- Arbitration Opt-Out, 250 N. Orange Ave. Suite 1250, Orlando, FL 32801, United States
If you validly opt out, neither you nor Swipe Savvy will be bound by the arbitration provisions, and any Dispute will be resolved in the state or federal courts located in the State of Texas.
Exceptions to Arbitration
Notwithstanding the foregoing, the following Disputes are excluded from the arbitration agreement:
- Claims that may be brought in small claims court, provided the claim remains in small claims court and is advanced only on an individual basis
- Any claim for injunctive or equitable relief related to intellectual property rights, unauthorized access to the Service, or unauthorized use of the Service
- Any Dispute where applicable law prohibits mandatory arbitration
18. Indemnification
You agree to indemnify, defend, and hold harmless Swipe Savvy, LLC, its affiliates, subsidiaries, officers, directors, employees, agents, licensors, service providers, contractors, and their respective successors and assigns (collectively, the "Indemnified Parties") from and against any and all claims, demands, actions, damages, losses, liabilities, costs, and expenses (including but not limited to reasonable attorneys' fees, court costs, and settlement amounts) arising out of or relating to:
- Your access to, use of, or misuse of the Camp Card Service
- Your violation of any provision of this Privacy Policy or our Terms of Service
- Your violation of any applicable federal, state, local, or international law, rule, or regulation
- Your violation of any third party's rights, including but not limited to intellectual property rights, privacy rights, or publicity rights
- Any information, content, or data you provide to the Service that is inaccurate, misleading, or fraudulent
- Any unauthorized access to or use of the Service through your account, whether or not authorized by you
This indemnification obligation shall survive the termination or expiration of your use of the Service, the deletion of your account, and any changes to this Privacy Policy. Swipe Savvy reserves the right, at your expense, to assume the exclusive defense and control of any matter for which you are required to indemnify us, and you agree to cooperate with our defense of such claims.
19. Changes to This Policy
Updates
We reserve the right to modify, amend, or update this Privacy Policy at any time and at our sole discretion. When we make changes, we will update the "Last Updated" date at the top of this Policy. Changes will be effective immediately upon posting the revised Privacy Policy to the Service, unless otherwise stated.
Notification Methods
For material changes to this Privacy Policy that substantively alter our data collection, use, or sharing practices, we will use reasonable efforts to notify you through one or more of the following methods:
- A prominent notice within the Camp Card application
- An email notification sent to the email address associated with your account
- A push notification (if you have enabled push notifications)
- A banner or notice on the Camp Card website
Acceptance
Your continued use of the Camp Card Service after any modifications to this Privacy Policy constitutes your binding acceptance of the revised Policy. If you do not agree to the revised Privacy Policy, you must discontinue your use of the Service, delete the application from your device, and contact us to request deletion of your account. We recommend that you review this Privacy Policy periodically to stay informed about how we protect your information.
20. Governing Law
This Privacy Policy and any Disputes arising out of or relating to this Privacy Policy or your use of the Camp Card Service shall be governed by, construed, and enforced in accordance with the laws of the State of Texas, United States of America, without regard to its conflict of law principles. To the extent that arbitration is not applicable or is validly opted out of, you agree to submit to the exclusive personal jurisdiction of the state and federal courts located in the State of Texas for the resolution of any Disputes.
21. Severability
If any provision of this Privacy Policy is held by a court of competent jurisdiction or arbitrator to be invalid, illegal, void, or unenforceable for any reason, such provision shall be modified to the minimum extent necessary to make it valid, legal, and enforceable while preserving the original intent of the provision. If such modification is not possible, the invalid provision shall be severed from this Privacy Policy, and the remaining provisions shall continue in full force and effect. The invalidity or unenforceability of any provision in one jurisdiction shall not affect the validity or enforceability of that provision or any other provision in any other jurisdiction.
22. Entire Agreement
This Privacy Policy, together with our Terms of Service and any other legal notices, agreements, or policies published by Swipe Savvy on the Camp Card Service, constitutes the entire agreement between you and Swipe Savvy, LLC with respect to the subject matter hereof and supersedes all prior or contemporaneous communications, proposals, representations, understandings, and agreements, whether oral or written, between the parties regarding the subject matter of this Privacy Policy. No waiver of any provision of this Privacy Policy shall be deemed a further or continuing waiver of such provision or any other provision, and Swipe Savvy's failure to assert any right or provision under this Privacy Policy shall not constitute a waiver of such right or provision.
23. Contact Us
If you have any questions, concerns, comments, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us through any of the following channels:
| Purpose | Contact Email |
|---|---|
| General Support and Questions | support@swipesavvy.com |
| Privacy Inquiries and Data Rights Requests | privacy@swipesavvy.com |
| Legal Inquiries and Dispute Resolution | legal@swipesavvy.com |
| Parental Controls and Children's Privacy | parents@swipesavvy.com |
| California Privacy Rights (CCPA/CPRA) | ccpa@swipesavvy.com |
Mailing Address:
Swipe Savvy, LLC
Attn: Privacy Team
250 N. Orange Ave. Suite 1250
Orlando, FL 32801
United States
Website: https://www.campcardapp.org
Response Time: We strive to respond to all privacy inquiries and data rights requests within ten (10) business days of receipt. Complex requests may require additional time, in which case we will notify you of the expected timeline. Requests from parents regarding children's privacy are prioritized and will receive an initial response within five (5) business days.
BY USING CAMP CARD, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THIS PRIVACY POLICY IN ITS ENTIRETY.
This Privacy Policy complies with COPPA, CCPA/CPRA, Apple App Store, and Google Play Store requirements.
Copyright 2026 Swipe Savvy, LLC. All rights reserved.