Our approach to security

Campfront is trusted by camps to manage sensitive information, including camper medical records and payment details. We take that responsibility seriously. This page outlines how we protect your data and the steps we take to keep it secure.

Written By Ross Beale

Last updated 4 days ago

Where your data lives

All Campfront data is stored in secure data centers in Virginia, USA. Our databases are backed up automatically, encrypted, and managed by professional infrastructure providers. Documents, photos, and other file uploads are stored separately in secure, access-controlled storage.

Encryption

  • In transit: all connections to Campfront are encrypted using TLS/SSL (HTTPS). We enforce HTTPS on every request, so there's no way to access Campfront over an unencrypted connection.

  • At rest: your database is encrypted at the infrastructure level. Sensitive fields like API keys and authentication tokens get an additional layer of encryption at the application level.

  • Passwords are never stored in plain text. They're hashed with a high work factor, making them essentially impossible to reverse.

Multi-tenancy and data isolation

Each camp on Campfront is stored as a completely separate tenant. It's not possible for one camp to access another camp's data, even accidentally. Your camper records, staff information, medical data, forms, payments, and communications are fully isolated from every other camp on the platform.

Authentication and access control

Multi-factor authentication (MFA)

All Campfront users (admins, parents, and staff) are required to verify their identity with a 6-digit code sent to their phone via SMS. Trusted devices are remembered for 7 days, so users won't be prompted on every login. Accounts are temporarily locked after repeated failed login attempts.

Single sign-on (SSO)

Admins and staff can sign in using their Google or Microsoft accounts. Camp administrators can restrict SSO to specific email domains (e.g., only @yourcamp.com addresses) and set default roles for new SSO users.

Role-based permissions

Camp administrators control exactly what each staff member can see and do. Sensitive data like medical records and financial information can be restricted so staff only see what's relevant to their role.

Session management

User sessions expire after a period of inactivity, which is especially useful at camps where staff share computers.

Payment security

Campfront uses Stripe for all payment processing. No credit card numbers, CVVs, or bank account details ever touch our servers. All payment data is handled entirely by Stripe's PCI Level 1 certified infrastructure, the highest level of payment security certification available.

Medical and sensitive data

We know camps collect health forms, allergy information, and other protected health information (PHI). Campfront is built with HIPAA-aligned practices to safeguard this data:

  • Access controls: medical data is permission-gated. Only staff with explicit medical permissions can view or edit health records

  • Audit trails: all access to and changes of medical information are logged

  • Encryption: medical data is encrypted in transit and at rest alongside all other camp data

Children's data and COPPA

Campfront handles data about minors as a core part of what we do, and we take that seriously. We're mindful of our obligations under the Children's Online Privacy Protection Act (COPPA):

  • All camper data is provided by a parent or legal guardian during enrollment. Children do not create accounts or submit data directly

  • Parents can review, update, or request deletion of their child's information at any time

  • Camper data is only used for camp administration and is never sold or shared for marketing purposes

Data partners and minimizing data sharing

We're selective about the third-party services we work with and limit what data is shared with each. Where a service may handle protected health information (PHI) or sensitive personal data, we maintain Business Associate Agreements (BAAs) where appropriate.

When camps choose to export data to services like Google Sheets, OneDrive, Airtable, or Notion, that export is always initiated by the camp administrator. Campfront never pushes data to these services on its own. Access is granted per user and can be revoked at any time. Each partner only receives the data it needs to do its job, nothing more.

Artificial intelligence

Campfront offers optional AI-powered features, such as natural language data queries, powered by a mix of AI model providers.

  • Your data is not used to train AI models. Our providers' data processing agreements prohibit it.

  • AI features are scoped to your camp. Queries only access your camp's data, with the same isolation and permission boundaries as the rest of the platform.

  • AI responses are not stored by our providers beyond the duration of the request.

Facial recognition and biometric data

Campfront offers an optional facial recognition feature in the media library to help camps identify and tag campers in photos. This is opt-in at the camp level and is not enabled by default.

When enabled, facial data is processed securely and used only for matching campers to photos within your camp. No biometric data is shared across camps or used for any other purpose.

Compliance

Campfront is in compliance with security best practices, including HIPAA alignment for the handling of protected health information. We have implemented and are monitoring comprehensive controls, and maintain policies to outline our security procedures.

For a detailed and up-to-date view of our security controls, policies, and compliance status, visit our Campfront Trust Center.

Audit logging

Every meaningful action in Campfront is logged: enrollment changes, form submissions, note additions, payment activity, permission changes, and more. Each entry records who made the change, what changed, and when.

These audit trails are visible to camp administrators and can't be tampered with or deleted.

Security testing

We take a layered approach to finding and fixing vulnerabilities:

  • Code scanning: we run automated security tools against our codebase to catch common issues before they reach production

  • Penetration testing: we periodically bring in third-party security testers to try to break in from the outside

  • Dependency monitoring: we keep an eye on the software libraries we depend on and patch known vulnerabilities promptly

Backups and disaster recovery

Database backups happen automatically and continuously. If something goes wrong, point-in-time recovery means your data can be restored quickly.

Availability

We target 99.9% uptime for all Campfront services. If there's planned maintenance or an unexpected outage, we'll let affected customers know as soon as we can.

Internal access controls

Only our principal engineers have access to production systems, and all of them have passed background checks. All production access is fully audited. Team members only have access to the systems they need to do their jobs.

Data deletion and portability

If you need your data deleted, get in touch and we'll take care of it. Camps can export their data at any time using built-in export features, or by contacting our support team for a full data export.

Incident response

We work hard to make sure security incidents don't happen, but if one does, we'll be upfront about it. We will notify affected customers as soon as possible, in accordance with applicable state law. We'll tell you what happened, what data was affected, and what we're doing to fix it.

Bot and spam protection

Campfront uses invisible CAPTCHA technology to protect public-facing forms from automated abuse, without adding friction for real users.

Responsible disclosure

If you think you've found a security vulnerability in Campfront, please reach out to us at security@campfront.com. We take all reports seriously and will respond promptly.