CampaignSwift Privacy Policy
Quick Navigation
Introduction
CampaignSwift provides a social media campaign management platform for digital marketing agencies and their clients. This privacy policy explains how we collect, use, and protect your information.
By using CampaignSwift, you agree to this policy.
Information We Collect
Information You Provide
- Account details (name, email, password)
- Payment information (processed securely via third-party processors)
- Content you create (posts, images, videos, campaigns)
- Support messages
Automatic Collection
- Usage data (features used, pages visited)
- Device information (browser, IP address, operating system)
- Session cookies for authentication and functionality
Third-Party Integrations
When you connect external services (Google Drive, YouTube, social media platforms), we access specific data with your permission. See detailed disclosures below.
Data Access Disclosures ⭐
Google Drive Integration
Permission Required: https://www.googleapis.com/auth/drive.file
What We Access:
- Only files you explicitly select to import through Social Media → Post Creation
- File metadata (name, size, type, modification date)
- No automatic scanning of your entire Drive
What We DON’T Access:
- Files you haven’t selected
- Emails, contacts, or documents
- Any content without your direct action
How to Connect: Navigate to Integration → Apps → Add Integration and select Google Drive
YouTube Integration
Permissions Required:
https://www.googleapis.com/auth/youtube– Manage YouTube accounthttps://www.googleapis.com/auth/youtube.upload– Upload videoshttps://www.googleapis.com/auth/youtube.readonly– View account information
What We Access:
- Channel information (name, ID, profile picture)
- Videos you upload through CampaignSwift
- Analytics for your videos
- Comments for moderation
What We DON’T Access:
- Videos not uploaded through our platform
- Your watch history or subscriptions
- Other channels’ content
How to Connect: Navigate to Integration → Apps → Add Integration and select YouTube
Social Media Platforms
Facebook & Instagram:
- Business pages and accounts you manage
- Posts you create through CampaignSwift (Social Media → Post Creation)
- Engagement metrics (likes, comments, shares)
- Page insights and analytics
LinkedIn:
- Profile data or company pages you manage
- Posts you create through our platform
- Engagement metrics
Twitter (X) & TikTok:
- Account information
- Content you create through CampaignSwift
- Engagement data and analytics
How to Connect: Navigate to Integration → Apps → Add Integration and select the desired platform
Data Use Disclosures ⭐
How We Use Google Drive Data
Limited to These Purposes Only:
- Import selected files into your CampaignSwift media library when you create posts via Social Media → Post Creation
- Enable use of Drive files in social media posts without downloading/re-uploading
- Maintain organization of your brand assets
We Do NOT:
- ❌ Sell your Google Drive data
- ❌ Use it for advertising
- ❌ Train AI models on your content
- ❌ Share it with third parties
- ❌ Use it beyond your direct actions
Compliance: We adhere to the Google API Services User Data Policy, including Limited Use requirements.
How We Use YouTube Data
- Upload and schedule videos to your channel
- Track performance metrics
- Manage comments on your videos
- Enable video publishing through Social Media → Post Creation
Limited Use Compliance: CampaignSwift’s use of YouTube API data adheres to YouTube’s API Services Terms and Limited Use requirements.
How We Use Social Media Data
- Create, schedule, and publish posts
- Provide analytics and reporting
- Manage engagement (comments, messages)
- Enable team collaboration
- Generate client reports
How We Use Your Account Data
- Provide and maintain our services
- Process transactions
- Send service-related notifications
- Improve our platform
- Ensure security and prevent fraud
- Comply with legal obligations
Data Sharing Disclosures ⭐
We Do NOT Sell Your Data
We do not sell, rent, or trade your personal information, Google Drive data, YouTube data, or social media data to anyone.
When We Share Data
1. Within Your Team
- Authorized team members in your workspace can access campaigns and content
- Clients can view (not edit) content created for them
- You control access through role-based permissions
2. Service Providers
We share limited data with trusted providers who help operate our platform:
- Cloud Hosting: AWS, Google Cloud (encrypted data storage)
- Payment Processing: Stripe (billing only)
- Email Service: Transactional emails
- Customer Support: Support tickets
All providers are bound by data protection agreements.
3. Social Media Platforms
- Content you publish through Social Media → Post Creation is sent to selected platforms (this is the service function)
4. Legal Requirements
- Law enforcement requests or court orders
- Protecting our rights and preventing fraud
- Complying with legal obligations
What We DON’T Share
- ❌ Google Drive files
- ❌ YouTube data
- ❌ Social media authentication tokens
- ❌ Your data for marketing purposes
- ❌ Individual user data to advertisers
Data Protection Disclosures ⭐
Security Measures
Encryption:
- TLS 1.3 encryption for all data in transit
- AES-256 encryption for sensitive data at rest
- Passwords hashed using bcrypt (never stored as plain text)
- All OAuth tokens encrypted
Access Control:
- Role-based access permissions
- Multi-factor authentication available
- Automatic session expiration
- Principle of least privilege for employees
Infrastructure:
- Secure hosting on SOC 2 compliant infrastructure
- Firewall protection and intrusion detection
- Daily encrypted backups
- 24/7 security monitoring
Application Security:
- Regular security audits and vulnerability testing
- Code reviews for all changes
- Protection against common attacks (XSS, CSRF, SQL injection)
- Rate limiting to prevent abuse
Google Data Protection:
- OAuth tokens encrypted with AES-256
- Tokens automatically expire and refresh per Google guidelines
- Immediate token invalidation upon disconnection (via Integration → Apps → Manage)
- Never shared with third parties
Data Breach Protocol
If a breach occurs:
- Immediate containment and investigation
- Affected users notified within 72 hours
- Authorities notified per legal requirements
- Full transparency about the incident
Your Rights and Control
Access and Manage Your Data
- View all personal data we hold: Email [email protected]
- Update your profile and settings anytime
- Export your data in portable format
- Delete your account and data
Control Integrations
Google Drive:
- Disconnect: Integration → Apps → Manage → Find Google Drive → Click Disconnect
- Or revoke at: Google Account Permissions
- Effect: Immediate token removal, cached data cleared within 24 hours
YouTube:
- Disconnect: Integration → Apps → Manage → Find YouTube → Click Disconnect
- Or revoke at: Google Account Permissions
Social Media Platforms:
- Disconnect: Integration → Apps → Manage → Select platform → Click Disconnect
Privacy Rights
All Users:
- Right to access your data
- Right to correct inaccurate data
- Right to delete your data
- Right to export your data
California Residents (CCPA):
- Right to know what information is collected
- Right to opt out of data sales (we don’t sell data)
- Right to non-discrimination
EU/UK Residents (GDPR):
- Right to access, rectification, and erasure
- Right to restrict processing
- Right to data portability
- Right to object
Exercise Rights: Email [email protected]
Data Retention
Active Accounts: Data retained while account is active
Disconnected Integrations:
- OAuth tokens: Deleted immediately
- Cached data: Cleared within 24 hours
- Imported content: Remains in your media library until you delete it
Deleted Accounts:
- 30-day grace period (recoverable)
- After 30 days: Permanent deletion
- Removed from all backups within 60 days
Cookies
- Essential Cookies: Required for login and platform functionality
- Session Cookies: Last until you close your browser
- Login Cookies: Last for 2 days (or 2 weeks if “Remember Me” selected)
- Analytics: We use cookies to improve our service (anonymized data)
You can disable cookies in your browser settings, but this may affect functionality.
Media Uploads
If You Upload Media:
- When uploading through Social Media → Post Creation, avoid uploading images with location data (EXIF GPS)
- Visitors to published social media posts may be able to extract location data from images
Children’s Privacy
CampaignSwift is not for users under 16. We do not knowingly collect data from children under 16.
If we discover we have collected such data, we will delete it immediately. Contact us at [email protected].
International Data Transfers
If you access CampaignSwift from outside India, your data may be transferred to and processed in India or countries where our service providers operate.
We use Standard Contractual Clauses and legal mechanisms to ensure adequate data protection.
Changes to This Policy
We may update this policy periodically. When we make material changes:
- Update the “Last Updated” date
- Notify you via email
- Display an in-app notification
Continued use after changes indicates acceptance.
Google API Services – Limited Use Disclosure
CampaignSwift’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
We only request minimum necessary scopes and do not:
- Use Google data for advertising
- Allow humans to read data without your consent
- Share data with third parties
Contact Us
For All Inquiries:
Email: [email protected]
Response Time: Within 48 hours