Legal · Privacy
Privacy Policy
Last updated: May 23, 2026
PingMyCamp is an independent campsite-monitoring service. This Privacy Policy explains what personal data we collect when you use the service, how we use it, who we share it with, and the rights you have over your information. We try to keep this readable — no dark patterns, no surprises.
1. Who we are
PingMyCamp ("we", "us", "our") is an independent service that monitors publicly listed campsite availability on platforms such as Recreation.gov and Parks Canada and notifies subscribers when a matching spot opens. We are not affiliated with, endorsed by, or sponsored by any reservation platform. We are the data controller for the personal data described below.
2. Information we collect
We only collect data we actually need to run alerts and your account.
- Email address (required) — used to sign you in via a magic link and to send email alerts.
- Phone number (optional) — only when you turn on SMS notifications.
- Alert criteria — the campground(s), travel dates, site preferences, minimum stay, and notification channels you save.
- Account activity — sign-in timestamps, alert creation and modification events, subscription state.
- Technical data — IP address, browser user-agent, and approximate device type, captured by our hosting layer for security, abuse prevention, and basic operational logging.
- Browser storage — a draft of any in-progress alert is saved in your browser's localStorage so you don't lose it on reload.
We do not collect precise geolocation, payment card numbers, biometric data, or content from other websites. We do not track you across the internet.
3. How we use your information
Your data is used exclusively to:
- Send alerts about campsite availability matching your saved criteria.
- Sign you in and keep your account secure.
- Process payments, manage subscriptions, and issue receipts (via a payment processor).
- Operate, debug, and improve the service.
- Detect and prevent abuse (e.g., scraping, fraudulent signups).
- Comply with legal obligations and respond to lawful requests.
We do not sell your data, share it for advertising, or use it to train AI models. No mobile information — including phone numbers and SMS opt-in/consent data — is shared with, sold to, or rented to any third parties or affiliates for marketing or promotional purposes; this text-messaging opt-in and consent information will not be shared with any third parties. We share SMS data only with the messaging provider that delivers your texts (Twilio), and only to send the alerts you requested. SMS alerts are recurring; message frequency may vary, message and data rates may apply, and you can reply STOP to opt out or HELP for help at any time.
4. Service providers we use
We use the following sub-processors to run the service. Each is bound by data protection terms with us.
- Supabase Inc. — managed Postgres database and authentication. Your account and alert data is stored in the United States (us-west-1).
- Brevo (Sendinblue SAS) — delivery of email notifications.
- Twilio Inc. — delivery of SMS notifications. SMS opt-in and consent data is shared with Twilio solely to send the texts you request, never for marketing, and never with any other third party.
- Vercel Inc. — application hosting, content delivery, and edge logs.
- A third-party payment processor — handles checkout, recurring billing, and refunds when paid plans launch. We do not store raw card numbers ourselves.
We send read-only queries to Recreation.gov and Parks Canada to check public campsite availability. These are public APIs; we do not share your personal data with them.
5. International transfers
Our application and database run on infrastructure located in the United States. If you are accessing the service from the European Economic Area, the United Kingdom, Switzerland, or other regions with cross-border data transfer rules, your personal data is transferred to and processed in the United States. We rely on standard contractual safeguards published by our processors to support these transfers.
6. How long we keep your data
We keep your personal data only as long as we need it.
- Active accounts — for the duration of your account.
- Deleted accounts — personal data is removed from production systems within 30 days of deletion.
- Backups — encrypted backup snapshots that may contain your data are retained for up to 30 additional days, then purged.
- Operational logs — application and security logs are retained for up to 90 days.
- Billing records — required to be kept for tax and accounting purposes, typically 5–10 years depending on jurisdiction.
7. Your rights
Depending on where you live, you may have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — correct or update inaccurate or incomplete data.
- Erasure — request deletion of your account and associated personal data.
- Restriction — limit how we process your data in specific situations.
- Objection — object to processing where we rely on legitimate interests.
- Portability — receive a copy of your data in a machine-readable format.
- Withdraw consent — where processing is based on consent, withdraw it at any time.
- Opt out of sale/sharing of personal information — we do not sell or share for advertising, so this is already the default.
- Complain to a supervisory authority — for example, your local data protection regulator in the EU/UK.
Email [email protected] to exercise any right. We will verify your identity and respond within 30 days.
8. Security
We use industry-standard safeguards including HTTPS in transit, encryption at rest at our database provider, scoped service-role keys held only by server processes, and row-level security policies that restrict access to your data to you and to operations staff with a legitimate business need. No system is perfectly secure, and you are responsible for keeping your sign-in email safe.
9. Cookies and browser storage
We use a small number of strictly necessary cookies and a localStorage entry to keep you signed in and to preserve any draft alert you are setting up. See our Cookie Policy for the full list and how to control them.
10. Children
PingMyCamp is not directed to children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us data, email [email protected] and we will delete it.
11. Changes to this policy
We may update this Privacy Policy from time to time. If a change is material — for example, a new processor or a new way we use your data — we will notify you by email at least 14 days before it takes effect. Continued use of the service after the effective date constitutes acceptance of the updated policy.
Questions?
Email [email protected] for data requests or privacy questions. Include the email address tied to your account so we can locate your data.