CampaignsLive Δες στα Ελληνικά

Privacy Policy

Last updated: April 28, 2026

1. Who We Are

The CampaignsLive.com platform is operated by North Fjord LLC, a Delaware limited liability company with offices at 7120 W. 127th St., Palos Heights, IL 60463, United States, doing business as "CampaignsLive.com" (referred to in this policy as "CampaignsLive," "we," "us," or "our"). For Personal Data we Process about you, North Fjord LLC is the data controller, except where we Process Personal Data on behalf of a business customer, in which case we act as a Processor under the Business Customer Addendum (Schedule A of the Terms of Service).

Contact us at support@campaignslive.com for any privacy question or to exercise your rights.

2. Scope

This Privacy Policy describes how we collect, use, share, and protect Personal Data when you use the CampaignsLive.com platform at app.campaignslive.com, the marketing site at campaignslive.com, and related services (the "Service"). It does not cover third-party websites or services we link to.

3. Personal Data We Collect

3.1 Information You Provide

  • Account data: name, email address, hashed password, profile picture (uploaded or from Google OAuth).
  • Profile data: domain extracted from your email (used for team-based sharing), role, language preference, settings.
  • Content: briefs, prompts, files, images, audio, and other materials you submit; AI-generated outputs; project and asset metadata.
  • Communications: messages you send to support, feedback, bug reports.
  • Billing data: Stripe customer ID, subscription plan and status, credit balances, invoice history. Card numbers and bank details are handled by Stripe and are not stored on our systems.

3.2 Information Collected Automatically

  • Login events: IP address, user-agent string, parsed device and browser information, session ID, timestamps of login and logout.
  • Usage data: features used, mini-app activity, credit consumption.
  • LLM call records: the prompt sent and the response received, model and provider used, token counts, duration, and status. These records are kept for debugging, abuse prevention, billing accuracy, and improving the Service.

3.3 Third-Party Authentication

If you sign in with Google, we receive your name, email address, and profile picture from Google. We do not receive your Google password.

4. Sources of Data

We collect Personal Data directly from you, automatically from your device when you use the Service, and from Google (if you use Google sign-in). We do not buy Personal Data from data brokers.

5. How We Use Personal Data and Legal Bases (GDPR)

We Process Personal Data for the following purposes. Where the GDPR or UK GDPR applies, the legal basis for each purpose is shown in italics.

  • Provide, operate, and maintain the Service — performance of a contract.
  • Process payments, manage subscriptions and credits, prevent payment fraud — performance of a contract and legitimate interests in fraud prevention.
  • Authenticate you, secure your account, detect and prevent abuse — legitimate interests in keeping the Service safe.
  • Send transactional and account-related emails (verification, password reset, billing notices, service notices) — performance of a contract.
  • Send product updates, marketing emails, and feedback requests — legitimate interests, with an unsubscribe option in every message.
  • Analyze usage in aggregate to improve the Service — legitimate interests.
  • Comply with legal obligations, respond to lawful requests, defend legal claims — legal obligation and legitimate interests.

6. AI Processing

The Service depends on third-party AI providers to generate outputs. When you submit a task, we transmit the relevant inputs (prompts, files, images, audio) to the appropriate provider for processing.

  • We do not use your content to train our own AI models.
  • Where a provider offers a "do not train" or "zero retention" option, we make commercially reasonable efforts to use it.
  • Providers may temporarily store inputs and outputs for safety, abuse-prevention, and operational reasons in line with their own privacy policies. We list each provider on our Subprocessors page.
  • Outputs are retained in your account for your access and may be reviewed in aggregate to debug failures and improve quality.

7. Sharing & Subprocessors

We do not sell Personal Data and we do not share Personal Data for cross-context behavioural advertising. We share Personal Data with:

  • Subprocessors who help us run the Service (AI providers, hosting, analytics, email, payment processing). The current list is published at /pages/subprocessors.html.
  • Authorities, regulators, or other parties when we believe in good faith that disclosure is required by law, court order, or governmental request, or necessary to protect our rights or those of others.
  • Successors in connection with a merger, acquisition, or sale of assets, subject to standard confidentiality and data-protection commitments.
  • Other parties with your consent or at your direction (for example, when you share an asset publicly or with a domain).

8. International Data Transfers

We are based in the United States and use cloud infrastructure operated primarily in Google Cloud, with data stored in the EU and other regions where supported. Personal Data may be transferred to and processed in the United States and other countries that may not have data-protection laws considered equivalent to those of your country. For transfers from the European Economic Area, the United Kingdom, or Switzerland to a country without an adequacy decision, we rely on the European Commission's Standard Contractual Clauses (Module Two for Controller-to-Processor transfers, Module One for Controller-to-Controller transfers, where applicable) and, for UK transfers, the UK International Data Transfer Addendum, supplemented by appropriate technical and organizational measures.

9. Cookies & Analytics

9.1 Essential Cookies

We use a single essential cookie, campaignslive.sid, to keep you signed in. It is HttpOnly, scoped to our domain, and required for the Service to function. We do not use advertising cookies or third-party tracking cookies.

9.2 Analytics

We use Umami, a privacy-friendly, cookieless analytics tool, to understand aggregate usage of the Service. Umami does not set cookies, does not collect personally identifiable information, and does not track users across other websites. All analytics data is aggregated.

Because we currently use only essential cookies and a cookieless analytics tool, no cookie consent banner is required under the GDPR or the ePrivacy Directive.

Future change: if and when we introduce a third-party analytics tool that sets non-essential cookies (for example, Google Analytics 4), we will update this section and present a cookie consent banner to users in the EU, UK, and other regions where consent is required, before any such tool is enabled.

10. Retention

We retain Personal Data while your account is active and for as long as we need it to provide the Service or comply with our legal obligations.

  • Account deletion: you can request deletion of your account by emailing support@campaignslive.com. We will complete deletion within 30 days of verifying your request.
  • Billing records: retained for up to 7 years to comply with US and EU tax and accounting law.
  • Backups: deleted Personal Data may persist in encrypted backups for up to 90 days before being purged on a rolling cycle.
  • Logs and security data: kept for a limited period sufficient for security investigations and abuse prevention.

11. Your Rights

11.1 EEA / UK / Switzerland (GDPR)

If the GDPR or UK GDPR applies to you, you have the right to:

  • Access the Personal Data we hold about you;
  • Rectify inaccurate or incomplete Personal Data;
  • Erase Personal Data, subject to limited legal exceptions;
  • Restrict or object to certain processing, including direct marketing;
  • Receive your Personal Data in a portable format;
  • Withdraw consent where Processing is based on consent;
  • Lodge a complaint with your local Supervisory Authority.

11.2 California (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what Personal Information we collect, use, and disclose;
  • Request deletion of your Personal Information;
  • Correct inaccurate Personal Information;
  • Opt out of the "sale" or "sharing" of Personal Information — note that we do not sell and do not share Personal Information for cross-context behavioural advertising;
  • Limit use of sensitive Personal Information;
  • Be free from discrimination for exercising these rights.

11.3 Other Jurisdictions

If you are in Brazil (LGPD), Canada (PIPEDA), or another jurisdiction with similar rights, we honour equivalent rights upon verified request.

11.4 How to Exercise Your Rights

Email us at support@campaignslive.com from the email address associated with your account, or with information sufficient to verify your identity. We will respond within 30 days. There is no fee unless your request is manifestly unfounded or excessive.

12. Security

We use appropriate technical and organizational measures to protect Personal Data, including:

  • TLS encryption of data in transit;
  • Encryption at rest of object storage in Google Cloud Storage;
  • Hashed passwords using industry-standard algorithms;
  • Least-privilege database access; separation of application and migration credentials;
  • Session management with revocation; logging of authentication events;
  • Secret management via Google Secret Manager; restricted infrastructure access.

No system is perfectly secure; we cannot guarantee absolute security.

13. Children

The Service is for users aged 18 or older. We do not knowingly collect Personal Data from anyone under 18. If you believe a minor has given us Personal Data, please contact us so we can delete it.

14. Personal Data Breach Notification

We will notify affected users and competent Supervisory Authorities of a Personal Data breach as required by applicable law, including within 72 hours where Article 33 GDPR applies, with the information available at the time and updates as the investigation proceeds.

15. Automated Decision-Making

We do not make decisions producing legal or similarly significant effects about you based solely on automated processing. AI Outputs generated by the Service are advisory; you decide how (and whether) to use them.

16. EU Representative

Where required by Article 27 of the GDPR, we will appoint an EU representative and publish their contact details in this section. Until that appointment is published, EU data subjects may contact us directly at support@campaignslive.com.

17. Changes to this Policy

We may update this Privacy Policy from time to time. For material changes, we will give at least 30 days' notice by email or in-product notice. The "Last updated" date at the top of this page will reflect the most recent revision.

18. Contact Us

← Back to CampaignsLive.com