Security & Privacy Center

Your data security and privacy are our top priorities. We're committed to transparency, compliance, and protecting your information.

Privacy-First Platform

Built with Privacy & Security in Mind

We've designed every aspect of CampaignKit to respect your privacy and protect your data.

GDPR Compliant

Full compliance with EU General Data Protection Regulation. Your data rights are protected.

EU Data Residency

Analytics data stored exclusively in the European Union via PostHog EU hosting.

Encryption Everywhere

All data encrypted in transit (TLS 1.2+) and at rest (AES-256) with industry-standard protocols.

Data Processing Agreement

GDPR Article 28 compliant DPA available for all business customers with Standard Contractual Clauses.

Privacy by Design

Data minimization, purpose limitation, and storage limitation built into every feature.

Transparent Operations

Clear data retention policies, comprehensive privacy notices, and detailed sub-processor disclosure.

Security Measures

Comprehensive security controls to protect your data

Access Control

Multi-factor authentication (MFA) for all administrative access
Role-based access control (RBAC) with least-privilege principles
Regular access reviews and permission audits
Automatic session timeout and secure credential storage

Data Protection

AES-256 encryption for data at rest
TLS 1.2+ encryption for data in transit
Pseudonymization of personal data where feasible
Secure deletion protocols for expired data

Network Security

Web Application Firewall (WAF) protection
DDoS mitigation and rate limiting
Intrusion detection and prevention systems
Regular vulnerability scanning and penetration testing

Operational Security

Incident response plan with 72-hour breach notification
Regular security training for all team members
Secure software development lifecycle (SDLC)
Third-party security audits and assessments

Regulatory Compliance

We comply with international data protection regulations

GDPR

General Data Protection Regulation

Compliant

Full compliance with EU data protection requirements including privacy by design, data minimization, and user rights.

ePrivacy Directive

Cookie Law

Compliant

Consent-based cookie management with granular controls for analytics and chat tracking.

CCPA

California Consumer Privacy Act

Compliant

California residents can exercise rights to know, delete, and opt-out of data sales (we don't sell data).

UK DPA 2018

UK Data Protection Act

Compliant

Aligned with UK data protection standards post-Brexit.

How We Handle Your Data

Transparency is core to our approach. Here's exactly what we do with your information.

Data Collection

We only collect data necessary for providing our services. Email addresses for validation, account information for billing, and analytics for improving the platform.

Data Storage

Validation logs retained for 90 days. Analytics data stored in EU. Account data retained during service period plus legal retention requirements.

Data Deletion

You can request deletion at any time. We'll delete your data within 30 days, except where legal retention is required.

Your Data, Your Rights

Under GDPR, you have the right to access, rectify, delete, port, restrict, and object to processing of your personal data.

Sub-Processors & Partners

We work with trusted partners who meet our security and privacy standards

Service Provider	Purpose	Data Location	Safeguards
AWS	Cloud infrastructure and data storage	EU / Global	SCCs, ISO 27001, SOC 2
Hetzner	Dedicated server hosting	EU (Germany)	EU-based, ISO 27001
Cloudflare	CDN, DDoS protection, DNS	Global	EU Data Localization, ISO 27001
Brevo	Email delivery and newsletters	European Union	EU hosting, GDPR compliant
PostHog	Website analytics	European Union	EU hosting, GDPR compliant
Crisp	Live chat support	European Union	EU hosting, GDPR compliant

Questions About Security or Privacy?

Our team is here to help. Contact us for any security or privacy inquiries.

Contact Security Team