Privacy Policy
Effective May 19, 2026 · Last updated May 19, 2026
This Privacy Policy explains how ZIYON SAS (“we”, “us”), the operator of Campzone, collects, uses, shares, and protects personal data. It applies to the Campzone iOS app, Android app, and website (collectively, the “Service”), which share one secure backend so your data stays consistent across devices.
Campzone is built for Seventh-day Adventist church camping communities. We are the data controller. We process personal data in accordance with the EU General Data Protection Regulation (GDPR).
1. Summary
- You sign in with Apple or Google. We store the profile and camp information you and your camp organizers provide.
- We use your data to run camp events - registration, schedules, teams, check-in, transportation, lodging, communication, and payments - not to sell it. We do not sell personal data or use it for third-party advertising.
- Some data is sensitive: your church (religious affiliation) and information about children you register. We handle these with extra care and only with an appropriate legal basis (see sections 4–6).
- You can request account deletion from within the app or submit a web-based deletion request at any time (a 30-day grace period applies before permanent erasure).
2. Who this applies to
Participants and guests; adults who register family members (including children) they are responsible for; and camp leadership (organizers, pastors, youth directors, leaders, game masters, photographers, admins) who manage events.
3. Data we collect
3.1 Account & identity
- Authentication via Apple or Google (Firebase Authentication): a user identifier, the sign-in provider, and the email/name the provider returns. With Sign in with Apple you may use a private relay email.
- Display name and, optionally, a profile photo.
3.2 Profile
- Age and derived age group; gender; preferred language and languages spoken; phone number; profession; education; skills; Pathfinder rank.
- Church (your congregation / religious affiliation). This reveals religious beliefs and is a special category of data (see section 5).
3.3 Family / children you register
If you are an adult registering family members, you may create child participant profiles containing the child’s name, age, gender, church, preferred language, medical notes, emergency-contact details, and a guardian-consent confirmation and timestamp. You confirm you are the parent or legal guardian, or are otherwise authorized, and that you consent to this processing on the child’s behalf.
3.4 Camp activity
- Camp registrations and their approval/waitlist status; attendance and QR check-in records; transportation bookings, boarding status, and tickets; lodging/tent assignment.
- Teams, roles, points, penalties and scores; games and point activity; poll questions and your votes; achievements/badges.
- Messages you send in camp or team chat; post-camp feedback (which you may submit anonymously); content you report and moderation records.
3.5 Media you upload
Photos, videos, audio, and PDF attachments you add (e.g. profile/team photos, album media, announcement attachments, song audio) are stored with our media processor, Cloudinary.
3.6 Payments
When a camp charges a fee, payments are processed by Stripe. We receive and store the payment amount, currency, status, a Stripe customer/payment identifier, and an audit record tied to the registration, transportation booking, or price item. We never receive or store full card numbers; card data is handled directly by Stripe.
3.7 Device & usage
- A push-notification (Firebase Cloud Messaging) device token, platform, app version, and locale, used to deliver notifications you have enabled.
- Aggregate engagement events via Firebase Analytics (e.g. screens viewed, sign-in/out, register/cancel) used to understand and improve the Service.
- Standard technical data (e.g. IP address, request logs) processed by our hosting/backend providers for security and reliability.
4. How and why we use data (legal bases)
| Purpose | Legal basis (GDPR) |
|---|---|
| Provide and run the Service: accounts, camp registration and approval, schedules, teams, check-in, transportation, lodging, communication, payments. | Performance of a contract; legitimate interests. |
| Process your religious affiliation (church) to organize faith-community camps. | Explicit consent, and/or processing by a not-for-profit religious body relating to its members (Art. 9(2)(a)/(d)). |
| Process children’s data for family registration. | Consent given/authorized by the holder of parental responsibility; contract. |
| Send push/in-app notifications you enable. | Consent (you control this in settings). |
| Security, abuse prevention, content moderation, debugging, analytics to improve the Service. | Legitimate interests; legal obligation where applicable. |
| Process payments and keep financial/audit records. | Contract; legal obligation. |
5. Special-category data (religious affiliation)
Your church/congregation reveals religious beliefs. We process it only to operate camps for the Seventh-day Adventist community, on the basis of your explicit consent and/or the religious-community provision of the EU General Data Protection Regulation (GDPR). You may withdraw consent by editing your profile or contacting us; this will not affect processing carried out before withdrawal.
6. Children’s data
Campzone is intended to be used by adults, including parents, guardians, and camp leadership. Where an adult registers a child, the child’s data is provided and managed by that adult under their guardian consent. If you believe a child’s data has been provided without proper authorization, contact privacy@campzone.app and we will delete it.
7. Who can see your data
- You - your own profile and the camps you join.
- Camp leadership - organizers and leaders see participant data needed to run their camp, scoped by role and (for non-admins) by their church. Access is enforced server-side.
- Other participants - in shared camp contexts (e.g. attendee lists for registered participants, teams, chat), limited profile data such as name, church, language, and photo is visible to other approved participants of that camp.
- Service providers (processors) - listed in section 8. They act on our instructions.
- Legal - where required by law, or to protect rights, safety, and the integrity of the Service.
We do not sell personal data and do not use it for ad targeting.
8. Sub-processors
| Provider | Purpose |
|---|---|
| Google (Firebase) | Authentication, Firestore database, Cloud Messaging (push), Analytics. |
| Cloudinary | Storage and delivery of images, video, audio, and PDFs. |
| Stripe | Payment processing (card / Apple Pay / Google Pay). |
| Vercel | Website hosting and the notification/payments backend. |
| Apple, Google | Sign-in providers and app distribution. |
9. International transfers
Some providers process data outside your country, including in the United States. Where required, transfers rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses and the providers’ data-processing terms.
10. Retention and deletion
- We keep personal data while your account is active and as needed to run camps you participate in, then for the period required for legal, accounting, audit, and safety purposes.
- You can request account deletion inside the app via Profile → Account Settings.
- Alternatively, you can execute a web-based account and data deletion request at any time by emailing privacy@campzone.app with the subject 'Account Deletion Request'. Your request will trigger the same 30-day grace period before permanent erasure. Residual copies may persist briefly in encrypted backups before rotation.
- Some records (e.g. payment/audit records, or content needed to handle a safety report) may be retained where we have a legal obligation or overriding legitimate interest.
11. Your rights
Subject to applicable law, you may request: access to your data; correction; erasure; restriction; portability; and you may object to or withdraw consent for certain processing. You can exercise most rights directly in the app (edit profile, manage notifications, request deletion) or by contacting privacy@campzone.app. You also have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL, France) or your local EU data-protection authority.
12. Security
Data is encrypted in transit (TLS). Access is enforced server-side by role-based security rules following least-privilege; privileged operations (payments, media signing, notification dispatch) run on a trusted backend and never expose secrets to client apps. No method is 100% secure, but we work to protect your data and to notify affected users and authorities of qualifying breaches as required by law.
13. User content and safety
Campzone includes user-generated content (profiles, chat, album media, feedback). We do not tolerate objectionable content or abusive behavior. You can report content and block other users in the app; we act on reports of objectionable content and may remove content or suspend accounts. See Support and the Terms for details.
14. Cookies & local storage
The website uses strictly necessary local/session storage to keep you signed in and to cache content for offline use. We do not use third-party advertising or cross-site tracking cookies.
15. Changes
We may update this Policy. We will revise the “Last updated” date and, for material changes, provide a more prominent notice. Continued use after an update means you accept the revised Policy.
16. Contact
Privacy enquiries: privacy@campzone.app.
ZIYON SASZIYON SAS, France