Privacy Policy

Last updated: 11 January 2025

1. Introduction

This Privacy Policy explains how Kampunity collects, uses, shares and safeguards personal data when you use our platform. We comply with the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA) and other applicable privacy laws. Kampunity acts as the data controller for personal data we collect from Users and Creators. We use trusted third‑party service providers—Supabase (database and authentication), Resend (email), Stripe (payment processing), PostHog (analytics, EU-hosted, GDPR-compliant), Vercel (hosting) and Cloudflare (CDN & firewall)—to process data on our behalf.

2. Information We Collect

  1. Account information. When you register, we collect your name, email address, password, username and other details you choose to provide. Supabase stores this data in our database.
  2. Payment information. Stripe processes payments for subscriptions and purchases. We do not store payment card numbers; Stripe collects card details and handles recurring payments.
  3. Usage data. We collect information about how you use our services, such as IP address, browser type, device information, pages visited, actions taken, and session duration. PostHog Analytics, hosted in the EU and GDPR-compliant, collects usage statistics for web and product analytics. It records page views, events, browser and device information while ensuring privacy compliance.
  4. Cookies and authentication tokens. We use cookies and similar technologies for authentication, security and performance. Supabase uses local storage to store access and refresh tokens for non‑SSR environments; for server‑side rendering (SSR) the tokens are stored in secure cookies so they can be shared between client and server. Cloudflare sets necessary cookies (e.g., _cf_bm, cf_clearance) to detect bots and provide security, while Vercel may set cookies to authenticate users and store preferences. Stripe uses cookies to detect fraud and ensure the proper functioning of its services.
  5. Communications. If you contact us or participate in chat channels, Trails or support tickets, we collect messages, comments, and other communications. These may be stored in Supabase and processed by Resend to send emails.
  6. Third‑party data. If you choose to authenticate via third‑party services (e.g., GitHub, Google), we may receive information such as your profile ID, avatar and email. The data received will depend on your privacy settings with the third party.

3. Legal Basis for Processing

We process personal data under the following legal bases:

  • Performance of a contract: to provide and manage your account, process payments, deliver content and support services.
  • Legitimate interests: to improve our services, maintain security, detect fraud, analyse usage, and market Kampunity's offerings (where not overridden by your interests or rights).
  • Consent: for optional activities like marketing communications or cookies beyond those strictly necessary. You may withdraw consent at any time.
  • Compliance with legal obligations: to satisfy tax, accounting and regulatory requirements, or respond to lawful requests from authorities.

4. How We Use Your Data

We use the collected data to:

  1. Provide, maintain and improve our services, including authentication, personalised content, payments, and customer support;
  2. Communicate with you about account updates, security alerts, policy changes and promotional offers; you may opt out of marketing communications at any time;
  3. Process transactions, manage subscriptions, facilitate payouts to creators, and prevent fraudulent activity;
  4. Analyse usage patterns via PostHog Analytics (EU-hosted, GDPR-compliant) to understand and improve platform performance;
  5. Enforce our Terms of Service, Community Guidelines and other policies;
  6. Comply with legal obligations and respond to law enforcement requests.

5. Sharing and Disclosure

We may share your data with:

  1. Service providers. Third‑party processors such as Supabase, Resend, Stripe, PostHog, Vercel and Cloudflare support our operations and only process data under our instructions. Stripe receives payment information; PostHog receives analytics data (EU-hosted and GDPR-compliant); Resend sends emails; Cloudflare and Vercel host and secure the platform; Supabase stores and authenticates data.
  2. Creators. When you purchase membership or content, we share necessary data (e.g., name, email, subscription status) with the relevant Creator to fulfil the transaction and provide support.
  3. Compliance and legal requests. We may disclose your data to law enforcement or regulatory authorities when required by law.
  4. Business transfers. If Kampunity is involved in a merger, acquisition or asset sale, your data may be transferred; you will be notified before your data becomes subject to a different privacy policy.
  5. Consent. We may share data with other parties when you consent to the sharing.

We do not sell personal data.

6. International Transfers

Our service providers may store and process data in countries outside of your jurisdiction (e.g., the United States). We ensure that appropriate safeguards, such as standard contractual clauses or other lawful transfer mechanisms, are in place to protect your information in accordance with GDPR and other laws.

7. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy, to comply with legal obligations, resolve disputes and enforce agreements. Usage data is retained for shorter periods unless needed to improve security or functionality. Communications and account data may be retained for as long as you maintain an account and for a reasonable period thereafter to comply with legal obligations.

8. Your Rights

GDPR Data Subject Rights

Under the GDPR, individuals in the EU/EEA have the right to:

  1. Access. Obtain confirmation of whether we process personal data about you and receive a copy.
  2. Rectification. Correct inaccurate or incomplete data.
  3. Erasure. Request deletion of your personal data (subject to legal exceptions).
  4. Restriction. Request restriction of processing under certain circumstances.
  5. Portability. Receive your data in a structured, machine‑readable format.
  6. Object. Object to processing based on legitimate interests or direct marketing.
  7. Withdraw consent. Withdraw consent at any time.
  8. Lodge a complaint. File a complaint with a supervisory authority.

You can exercise your rights by contacting us at hello@kampunity.com. We may request proof of identity before fulfilling requests.

CCPA/CPRA Rights

California residents have the right to:

  1. Know and access categories and specific pieces of personal information collected, the sources, purposes and third parties with whom data is shared.
  2. Delete personal information.
  3. Opt out of sale. Kampunity does not sell personal data, but you can opt out of sharing by contacting us.
  4. Non‑discrimination. We will not discriminate against you for exercising privacy rights.

9. Security

We implement reasonable technical and organisational measures (encryption, access controls, secure coding practices) to protect your data. However, no method of transmission or storage is entirely secure; we cannot guarantee absolute security. If a data breach occurs, we will notify affected users as required by law.

10. Children's Privacy

Our services are not directed to children under 13. We do not knowingly collect personal data from children. If we learn that we have collected data from a child without parental consent, we will delete it. Parents or guardians can contact us to request deletion of child data.

11. Changes to this Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will post the updated policy on our website and update the "Last updated" date. Significant changes will be communicated via email or platform notifications. Continued use after the changes constitutes acceptance of the updated policy.

12. Contact

For questions or concerns regarding this Privacy Policy or your personal data, please contact us at hello@kampunity.com.

Privacy Policy - Kampunity