← Back to Camply

Privacy Policy

Last updated: March 22, 2026

Camply ("we," "us," or "our") operates the camply.tech website and platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully.

1. Information We Collect

1.1 Account Information

When you register for an account, we collect:

  • Full name
  • Email address
  • Password (stored as a salted, one-way hash — we never store plaintext passwords)

1.2 Facebook Data

When you connect your Facebook account via OAuth, we receive and store the following data from Meta:

  • Facebook access tokens — encrypted with AES-256-GCM encryption before storage. Tokens are stored server-side only and are never exposed to the browser or frontend application.
  • Ad account information — account IDs, account names, currency, timezone, and account status.
  • Facebook Pixel data — pixel IDs and names associated with your ad accounts.
  • Page information — page IDs and names for pages you authorize for ad creation.

1.3 Campaign Data

We store campaign configurations and data you create within the Service, including:

  • Campaign structures (campaigns, ad sets, ads)
  • Campaign templates and saved configurations
  • Targeting parameters and audience settings
  • Ad creative content (text, headlines, descriptions)
  • Budget and scheduling settings

1.4 Team and Organization Data

If you create or join a team workspace, we store:

  • Team name and description
  • Team membership and roles
  • Project structures and member assignments
  • Invite links and their usage

1.5 Automatically Collected Information

When you access the Service, we may automatically collect:

  • IP address
  • Browser type and version
  • Operating system
  • Access timestamps
  • Pages viewed and actions taken within the Service

2. How We Use Your Information

We use the collected information to:

  • Provide the Service — authenticate your identity, connect to Facebook Marketing API, create and manage campaigns on your behalf.
  • Manage your account — maintain your user profile, team memberships, and access permissions.
  • Improve the Service — analyze usage patterns to improve features, performance, and user experience.
  • Communicate with you — send service-related notifications, security alerts, and support responses.
  • Ensure security — detect and prevent fraud, abuse, and unauthorized access.
  • Comply with legal obligations — meet regulatory requirements and respond to lawful requests.

3. Facebook Data Usage

We access Facebook data exclusively through the official Facebook Marketing API and only with your explicit authorization via OAuth. Specifically:

  • We read your ad accounts, pixels, and pages to display them within the Service and enable campaign creation.
  • We create campaigns, ad sets, and ads on your connected ad accounts via the Marketing API based on your instructions.
  • We do not access your personal Facebook profile, friends list, posts, messages, or any social data unrelated to advertising.
  • We do not sell, rent, or share your Facebook data with third parties for their marketing purposes.
  • We do not use Facebook data for any purpose other than providing the Service as described in these terms.

Facebook access tokens are encrypted with AES-256-GCM before being stored in our database. Tokens are only decrypted server-side when making API calls to Facebook on your behalf and are never transmitted to the browser or any client-side code.

You can revoke Camply's access to your Facebook data at any time by disconnecting your account within the Service or by removing the app from your Facebook Business Integrations settings.

4. Data Storage and Security

We implement industry-standard security measures to protect your data:

  • Encryption at rest — sensitive data, including Facebook access tokens, is encrypted using AES-256-GCM before database storage.
  • Encryption in transit — all data transmitted between your browser and our servers is encrypted via TLS (HTTPS).
  • Authentication security — session tokens are stored in httpOnly cookies (not accessible to JavaScript), with CSRF protection on all requests.
  • Rate limiting — login and registration endpoints are rate-limited to prevent brute-force attacks.
  • Access control — role-based access control (RBAC) ensures users can only access data within their authorized team and project scope.
  • Audit logging — security-relevant actions are logged for monitoring and incident response.

While we use commercially reasonable measures to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information only in the following circumstances:

  • With Meta/Facebook — we transmit campaign data and use your access tokens to interact with the Facebook Marketing API as instructed by you.
  • Within your team — team members with appropriate roles can see shared campaign data, project information, and member details within the team workspace.
  • Service providers — we may use third-party services for hosting, analytics, and infrastructure that process data on our behalf under strict data processing agreements.
  • Legal requirements — we may disclose information if required by law, regulation, legal process, or governmental request.
  • Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction, with prior notice to you.

6. Data Retention

We retain your data as follows:

  • Account data — retained for as long as your account is active. Upon account deletion, personal data is removed within 30 days.
  • Facebook tokens — stored only while your Facebook account is connected. Tokens are deleted immediately upon disconnection.
  • Campaign data — retained while your account is active and for 90 days after account deletion to allow for recovery.
  • Audit logs — retained for up to 12 months for security and compliance purposes.
  • Backup data — database backups containing your data are automatically purged within 30 days of data deletion.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right to access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate or incomplete data.
  • Right to erasure — request deletion of your account and all associated personal data.
  • Right to data portability — request an export of your data in a machine-readable format.
  • Right to restrict processing — request limitation of how we process your data.
  • Right to object — object to processing of your data for certain purposes.
  • Right to withdraw consent — withdraw consent for data processing at any time by disconnecting your Facebook account or deleting your Camply account.

To exercise any of these rights, contact us at support@camply.tech. We will respond to your request within 30 days.

8. Cookies and Tracking

We use the following cookies:

  • Session cookie (fb_auto_token) — an httpOnly, secure cookie used for authentication. This cookie is essential for the Service to function and cannot be disabled.
  • Language preference — stored in your browser to remember your selected interface language (Russian or English).

We do not use third-party tracking cookies, advertising cookies, or analytics cookies that track you across other websites.

9. International Data Transfers

Your data may be processed in countries other than your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place in compliance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at support@camply.tech and we will promptly delete such information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the revised policy on this page with an updated effective date. Your continued use of the Service after changes become effective constitutes your acceptance of the revised policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

support@camply.tech

For data protection inquiries, please include "Privacy Request" in your email subject line. We will respond within 30 days.

This Privacy Policy should be read in conjunction with our Terms of Service.