Privacy & Data Security

Your privacy and data security are our top priorities. We are committed to protecting your personal information with industry-leading security measures.

Fully Secured & Compliant

Our platform implements comprehensive security measures and follows all known industry guidelines and best practices to ensure your data is protected at all times.

GDPR Compliant

Fully compliant with General Data Protection Regulation (GDPR) requirements

Industry Standards

Follows OWASP security guidelines and best practices

Encrypted Communications

All data transmission uses TLS/SSL encryption

Secure Authentication

JWT tokens with secure password hashing (bcrypt)

Data Encryption

All sensitive data is encrypted both in transit and at rest using industry-standard encryption algorithms.

  • TLS/SSL encryption for all connections
  • Encrypted database storage
  • Secure password hashing with bcrypt

Access Control

Strict access controls ensure that only authorized personnel can access sensitive information.

  • Role-based access control (RBAC)
  • JWT token-based authentication
  • Automatic token expiration and refresh

Secure Infrastructure

Our infrastructure is built on secure, reliable cloud platforms with regular security updates.

  • Regular security audits and updates
  • Automated backup and recovery systems
  • DDoS protection and monitoring

Data Protection

We implement comprehensive data protection measures to safeguard your personal information.

  • Minimal data collection principle
  • Data retention policies
  • Right to data deletion

Privacy by Design

Privacy considerations are built into every aspect of our platform from the ground up.

  • No unnecessary data collection
  • Transparent data usage policies
  • User control over personal data

Compliance & Standards

We adhere to international security standards and best practices.

  • OWASP Top 10 compliance
  • ISO 27001 security principles
  • Regular security assessments

Data Collection & Usage

We collect only the information necessary to provide our services and manage camp registrations.

Information We Collect

  • Personal identification information (name, email, phone number) for camp registration and communication
  • Camp-related information (preferences, skills, dietary requirements) to organize camp activities
  • Payment information processed securely through encrypted payment systems
  • Usage data to improve our services and user experience

How We Use Your Data

  • To process and manage camp registrations
  • To communicate with you about camp-related matters
  • To organize camp activities and coordinate volunteers
  • To process payments and manage camp finances
  • To comply with legal obligations and ensure camp safety

Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances:

  • With camp organizers and volunteers who need access to coordinate activities (with appropriate access controls)
  • When required by law or to protect our rights and safety
  • With service providers who assist in operating our platform (under strict confidentiality agreements)

Your Privacy Rights

You have the right to control your personal information. We respect and support these rights.

Right to Access

You can request a copy of all personal data we hold about you.

Right to Rectification

You can update or correct your personal information at any time.

Right to Erasure

You can request deletion of your personal data (subject to legal requirements).

Right to Data Portability

You can request your data in a machine-readable format.

Right to Object

You can object to certain processing of your personal data.

Right to Withdraw Consent

You can withdraw consent for data processing at any time.

Security Measures & Best Practices

We implement comprehensive security measures following industry best practices and guidelines.

Technical Security

  • • TLS/SSL encryption for all data transmission
  • • Secure password storage using bcrypt hashing algorithm
  • • JWT tokens with automatic expiration and refresh mechanisms
  • • Input validation and sanitization to prevent injection attacks
  • • Regular security updates and patches
  • • Secure API endpoints with authentication and authorization

Operational Security

  • • Limited access to personal data on a need-to-know basis
  • • Regular security audits and vulnerability assessments
  • • Incident response procedures for security breaches
  • • Employee training on data protection and privacy
  • • Secure backup and disaster recovery procedures

Compliance & Standards

  • • GDPR (General Data Protection Regulation) compliance
  • • OWASP (Open Web Application Security Project) guidelines
  • • ISO 27001 security management principles
  • • Industry best practices for web application security
  • • Regular compliance reviews and updates

Questions About Privacy?

If you have any questions about our privacy practices or wish to exercise your rights, please contact us.

We are committed to transparency and are happy to answer any questions you may have about how we protect your data.

Contact UsEmail: camp@babazan.org

Last updated: November 17, 2025

This privacy policy may be updated periodically. Please check back for the latest version.