Privacy Policy

Effective Date: 10/10/2025
Last Updated: NA

---

Who We Are

Our website address is: https://campaigninabox.com.
Campaign In A Box (“we,” “us,” or “our”) provides a comprehensive cloud-based software-as-a-service (SaaS) platform offering marketing automation, CRM management, communication tools, scheduling, and integrations with third-party applications.

This Privacy Policy explains how we collect, use, share, and protect your personal information across our website, platform, and connected applications. By using our services, you consent to this policy.

---

1. Information We Collect

1.1. Information You Provide

We collect information directly from you when you use our services, including:

• Account Details: Name, email address, company name, phone number, and password.
• Billing Information: Payment data processed through secure third-party gateways (e.g., Stripe).
• Uploaded Content: Files, contact lists, and materials you upload to campaigns.
• Communications: Messages sent through email, chat, or support channels.

1.2. Information Collected Automatically

We automatically collect:

• Usage Data: IP address, browser type, operating system, and device identifiers.
• Log Data: Feature interactions, timestamps, and error logs.
• Cookies: Used to manage login sessions, preferences, and analytics.

1.3. Information From Third Parties

When you connect external integrations (e.g., Google, Zoom, Facebook, Twilio), we collect only the limited data necessary to authenticate your account or perform requested operations.

---

2. How We Use Your Information

We use collected information to:

• Provide and maintain the Campaign In A Box platform.
• Manage accounts, authentication, and billing.
• Enable integrations and third-party functionalities.
• Improve platform performance and user experience.
• Send service notifications, invoices, and support responses.
• Comply with legal obligations and enforce our Terms of Service.

We do not sell or rent personal information to any third parties.

---

3. Cookies and Tracking

Cookies and similar technologies are used to:

• Keep users logged in and remember preferences.
• Monitor system performance and analytics.
• Support marketing attribution and security.

Users may disable cookies in their browser settings, but doing so may affect functionality.

---

4. Third-Party Integrations

Campaign In A Box integrates with trusted third-party services to enhance functionality and deliver a seamless experience. These integrations are optional and can be disconnected at any time through your account settings.

Zoom Integration

When connecting your Zoom account, we access only data required to create and manage meetings (e.g., your Zoom user ID and meeting URLs).
We do not store your Zoom password or sensitive credentials. Data is used solely to enable meeting scheduling and management features.

Zoom’s Privacy Policy is available at: https://explore.zoom.us/en/privacy/

---

5. Google Data Access Disclosures

Campaign In A Box integrates with Google services to improve scheduling, meeting creation, and synchronization features.

Data Accessed

• Google Calendar Events: To sync meetings between your Campaign In A Box account and Google Calendar.
• Google Meet Links: To automatically generate meeting links for scheduled events.
• Email Address: To associate your Google identity for authentication and functionality.

Data Use

We use Google user data to:

• Synchronize meeting events and availability.
• Generate Google Meet links for scheduled events.
• Send email reminders and notifications.
• Display your availability and prevent scheduling conflicts.

Data Sharing

We do not sell, rent, or trade your Google user data.
We only share data as required:

• By law or legal requests.
• With trusted third-party vendors bound by confidentiality agreements.
• To provide requested integration functionality.

Users can disconnect their Google integrations at any time via their account settings.

---

6. Data Sharing and Disclosure

We may share limited information with:

• Service Providers: For hosting, maintenance, analytics, payments, and customer support.
• Authorized Integrations: When you connect external services (e.g., Google or Zoom).
• Legal or Regulatory Bodies: When required by applicable law or valid legal process.
• Corporate Events: In the event of a merger, acquisition, or asset sale.

All partners adhere to strict confidentiality and data protection agreements.

---

7. Where Your Data Is Sent

• Visitor comments and interactions may be checked through automated spam detection.
• Data submitted through forms or during sign-up is processed internally to ensure operational functionality.
• Information may be securely transmitted to third-party services required to operate features such as meeting scheduling or CRM automation.

We do not sell your information to advertisers or data brokers.

---

8. Data Retention

• Account Data: Retained as long as your account is active or as required to provide services.
• Billing Records: Kept per financial and legal requirements (typically 7 years).
• Deleted Accounts: Removed from live servers within 60 days and from backups within 90 days.

---

9. Your Rights

Depending on your jurisdiction, you may have rights to:

• Access and receive a copy of your personal data.
• Correct inaccurate information.
• Request deletion of your personal data.
• Restrict or object to data processing.
• Withdraw consent for communications.

Requests can be sent to support@campaigninabox.com.

---

10. Data Security

We maintain strong security measures, including:

• Encryption: SSL/TLS for data in transit and AES-256 for data at rest.
• Authentication: Secure password hashing and role-based access.
• Monitoring: Continuous system auditing and intrusion detection.

No system is completely immune to breaches, but we employ best practices to protect your information.

---

11. International Data Transfers

Your information may be processed in the United States or other jurisdictions. We use appropriate safeguards, including Standard Contractual Clauses, to ensure adequate data protection during transfers.

---

12. Children’s Privacy

Our services are not directed to children under 16 years old. We do not knowingly collect information from minors. If such data is discovered, it will be deleted promptly.

---

13. Changes to This Policy

We may update this Privacy Policy periodically. Updates will appear on this page with a new effective date. Continued use of our services after updates indicates your acceptance of the revised policy.

---

14. Compliance Frameworks

Campaign In A Box complies with the following frameworks and standards:

• GDPR (EU/UK): We act as a Data Controller for website data and Data Processor for customer-managed data.
• CCPA (California): We do not sell or trade user data and only share information for legitimate business purposes.
• CAN-SPAM: Marketing emails include an unsubscribe option.
• PCI DSS: Payment processors used by our platform meet PCI compliance standards.

---

15. Google API Services User Data Policy

Campaign In A Box’s use and transfer of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use Requirements.
For details, visit: https://developers.google.com/terms/api-services-user-data-policy

15.1. Overview

Our Google integrations (e.g., Calendar, Gmail, Meet) use OAuth 2.0 for secure authorization.
We only request minimal scopes necessary to:

• Sync events and availability.
• Generate meeting links.
• Authenticate accounts securely.

15.2. Limited Use and Data Handling

We:

• Use Google user data only for user-facing features.
• Do not sell, rent, or use it for advertising.
• Restrict human access unless legally required, explicitly consented to, or necessary for security.
• Never use Google data for unrelated marketing or analytics.

15.3. Data Storage and Retention

• Google tokens and cached data are encrypted and stored only as long as required for functionality.
• Once a user disconnects their Google account, all related data is permanently deleted within 48 hours.

15.4. OAuth 2.0 Security

• Tokens are encrypted using AES-256.
• Access is restricted to authorized systems only.
• Tokens expire automatically and cannot be reused after revocation.

15.5. User Control

You can revoke access at any time by visiting:
https://myaccount.google.com/permissions.

15.7. Security and Compliance

We maintain strict administrative, technical, and physical safeguards for all Google data.
All API use aligns with Google’s Limited Use Policy, GDPR, and CCPA.

---

16. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us at:
hello@proamerica360.com
support@campaigninabox.com