Privacy policy

This policy applies to campaign.ge and the CampaignIt application (together, the “Service”). When you create an account, build workspaces, connect ad platforms, or browse the marketing site, we process personal data as described below.

We collect only what the product needs to work, store it in the EU, and do not sell it. If anything here is unclear, email support@campaign.ge.

Account & profile

When you sign up we store:

• Email address and authentication identifiers
• Username, display name, and profile preferences
• Workspaces you create or are invited to, and your role in them
• Whether you've agreed to our terms and have product access

Workspace content

Anything you build inside a workspace: businesses, dashboards, audiences, campaign drafts, notes, uploaded logos and banners. This content is private to the workspace and visible only to the members you invite.

Ad-platform integrations

When you connect Meta, Google, or TikTok via OAuth, we store the access and refresh tokens issued by that provider, the ad accounts you authorize, and the data we fetch on your behalf (campaign metadata, performance metrics, audience insights). We never request more scopes than the feature requires, and you can disconnect at any time from the workspace integrations page.

Usage analytics

With your consent, we capture pageviews, feature interactions, and a randomly-generated visitor id via PostHog. We ask every visitor for that consent up front and don't fire any analytics until you accept. See Cookies & analytics for the full picture.

Technical data

Server logs containing IP address, user-agent, and request metadata, retained briefly for security and abuse prevention. The IP address itself is not retained beyond that window.

Error reports

When the Service hits an unexpected error, we send a report to Sentry so we can fix it. Before you accept cookies, that report contains the technical context only: error message, stack trace, page URL, and browser version. We strip your user id, cookies, and request headers from the report before it leaves your browser. Note that the page URL itself may contain identifying path segments while you are signed in (your username and workspace name appear in paths under /workspace/). We treat capturing this as a legitimate interest under GDPR because the page URL is the smallest context we need to locate and fix the bug.

After you accept cookies, the report also includes your user id and email (so we can reach out if your specific account is hitting a problem), plus a short video-like recording of the seconds leading up to the error. We never record happy paths; the recording sits in a rolling buffer that only flushes when something breaks. Form input values are masked by default in the recording.

• Provide the Service. Authenticate you, render your workspaces, and fetch the ad-platform data you authorized.
• Communicate. Send transactional emails (sign-up confirmation, password reset, security notifications, workspace invites) from noreply@campaign.ge. That mailbox is unmonitored; for replies, contact support@campaign.ge.
• Improve the product. Review aggregated usage patterns to understand which features get used and where people get stuck.
• Diagnose errors.When something breaks, the error context (stack trace, page, optional user id once you've consented) goes to Sentry so we can reproduce and fix it.
• Security and compliance. Detect abuse, prevent unauthorized access, and meet our legal obligations.

We do not sell your personal data, and we do not use your workspace content to train machine-learning models.

We use a small number of cookies and similar technologies. They fall into two categories.

Strictly necessary

Required for the Service to function: your authentication session and the cookie that records your consent decision. These are set without a prompt because the Service cannot work without them.

Analytics (consent-gated)

PostHog (EU project, hosted at eu.i.posthog.com) captures pageviews and feature events to help us improve the product. We wait for your explicit consent before any analytics fire. Until you accept, we set no cookies, write nothing to local storage, and capture no events. This applies to every visitor regardless of region.

Error monitoring (two tiers)

Sentry (EU project, hosted at ingest.de.sentry.io) captures errors so we can diagnose and fix them. Error capture runs pre-consent on a narrow scope: the technical error context only, with cookies, request headers, and any user identifier stripped before the report leaves your browser. We treat this as legitimate interest under GDPR because no personal data is captured and the alternative is shipping a Service we can't debug.

After you accept cookies, two additional things switch on: the error report includes your user id and email (so we can contact you if your account hits a recurring issue), and Sentry's Session Replay records a short rolling buffer that flushes only when an error occurs. We never record happy paths. Form inputs are masked at the SDK layer. Withdraw consent at any time and replay stops immediately; future reports go back to the pre-consent scope.

Your choice, on every device

The decision is stored locally and re-prompted at least every 13 months, in line with CNIL and EDPB guidance. You can change it any time from the footer, from your workspace user menu, or here:

Privacy choices

We share personal data only with the providers we need to run the Service, each bound by a data-processing agreement and the appropriate transfer mechanism.

We may also disclose data when required by law, to protect the safety of our users, or in connection with a merger or acquisition (in which case we'll notify you in advance).

• Account data. Kept while your account is active. Deletion requests are honoured within 30 days, excluding records we are legally required to keep.
• Workspace content. Kept until you delete it or the workspace, then removed from production within 30 days and from backups within 90 days.
• Integration tokens. Revoked immediately when you disconnect a provider; cached data from that provider is purged on the next sync.
• Analytics events. Retained for up to 12 months in PostHog, then aggregated or deleted.
• Error reports. Retained for up to 90 days in Sentry.
• Session replays. Retained for up to 30 days in Sentry. Only created post-consent and only flushed when an error occurs.
• Server logs. Retained for up to 30 days for security and debugging.

Account and workspace data are stored in the European Union (Supabase EU region). Analytics events are stored in the EU (PostHog EU). Error reports and session replays are stored in the EU (Sentry, Frankfurt). Some sub-processors (notably Vercel's edge network and certain email providers) may process data in other regions; in those cases we rely on Standard Contractual Clauses or equivalent transfer mechanisms.

You can contact us to exercise rights over your data. Residents of the EU/EEA, UK, and Switzerland have the following rights under the GDPR:

• Access. Request a copy of the personal data we hold about you.
• Rectification. Correct anything inaccurate or incomplete.
• Erasure. Delete your account and personal data.
• Restriction. Pause certain processing while we resolve a dispute.
• Portability. Receive your data in a machine-readable format.
• Objection. Object to processing based on legitimate interest.
• Withdraw consent. Withdraw analytics consent at any time, with no effect on the Service.

Email support@campaign.ge from the address on your account and we will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

We protect your data with TLS in transit, encryption at rest on all managed databases, scoped database access via row-level security, encrypted OAuth tokens, and least-privilege access for the team. No system is fully secure. If you discover a vulnerability, please email support@campaign.ge with the details. We acknowledge security reports within two business days.

The Service is not directed to children under 16. We don't knowingly collect personal data from children. If you believe a child has provided us with data, contact us and we'll delete it.

We may update this policy from time to time. The date at the top of this page reflects the most recent change. For material changes we will notify you by email or via an in-app notice before they take effect.