Privacy Policy
Last updated: May 28, 2026
Who we are
CampClaim is operated by Square Post Labs (SPL), based in London, Ontario, Canada. This policy covers the CampClaim website (campclaim.com), API, and browser extension for Chrome, Firefox, and Edge.
Contact: [email protected]
What we collect
Account information
When you sign up, we store your email address. If you subscribe to a paid plan, Stripe processes your payment. We store your Stripe customer ID and subscription ID but never your credit card number.
If you opt into SMS alerts, we store your phone number.
Watch targets
We store the parks, campgrounds, dates, and site preferences you configure. This data drives the availability monitor and is deleted if you remove your targets.
Availability alerts
We log when alerts are sent (email, SMS, or push) including the target, site, and timestamp. This powers your alert history in the dashboard.
Analytics
We use PostHog for product analytics. When you're signed in, we send your email address, account ID, subscription plan, and account creation date along with usage events such as page views, signups, logins, target creation, alert availability, billing events, and errors. We do not send the campsite data you're searching for or alert content. No cross-site tracking is performed. PostHog Inc. processes analytics data in the United States.
Browser extension
The CampClaim browser extension (available for Chrome, Firefox, and Edge) has specific data handling practices:
What the extension accesses
- Ontario Parks session cookies - Read from reservations.ontarioparks.ca to place bookings on your behalf via the Ontario Parks cart API. Cookies are only used locally within your browser to make requests to Ontario Parks. They are never transmitted to CampClaim servers.
- CampClaim session token - Stored locally in browser extension storage (chrome.storage.local) to authenticate the WebSocket connection to CampClaim. The token is sent only to campclaim.com.
- Booking statistics - Alert count, booking count, and last activity timestamp are stored locally in extension storage for display in the popup.
What the extension does NOT access
- Your Ontario Parks username or password
- Your browsing history, tabs, or activity on other websites
- Any data from websites other than reservations.ontarioparks.ca and campclaim.com
How auto-booking works
When CampClaim detects an available campsite, a signal is sent to the extension over an encrypted WebSocket connection. The extension then uses your existing Ontario Parks browser session to add the site to your cart via the Ontario Parks API. Your Ontario Parks credentials stay in your browser at all times.
Server-side session keep-alive (optional)
You can opt in to 24/7 session keep-alive from the extension popup. When enabled:
- What's stored: Your Ontario Parks session token (not your username or password) is encrypted with AES-256-GCM and stored on Cloudflare KV.
- Why: CampClaim pings Ontario Parks every 10 minutes to prevent your session from expiring due to inactivity, so auto-booking works even when your computer is off.
- How long: Session data auto-deletes after 30 days or immediately when you disable the feature.
- Your control: You can disable keep-alive anytime from the extension popup. Disabling immediately deletes the stored session data.
- If your session expires: CampClaim sends you a single SMS notification asking you to log back in. No repeated messages.
Extension permissions
| cookies | Read Ontario Parks session cookies to authenticate cart API requests |
| notifications | Alert you when a site is available or booking succeeds/fails |
| storage | Store your CampClaim session token and booking stats locally |
| alarms | Schedule periodic session health checks every 5 minutes |
| webNavigation | Detect checkout completion for booking confirmation capture (ontarioparks.ca only) |
| host access | reservations.ontarioparks.ca (booking API) and campclaim.com (WebSocket + status) |
What we do NOT do
- We do not store your Ontario Parks credentials. All authenticated Ontario Parks requests originate from your browser.
- We do not sell or transfer your data to third parties.
- We do not use your data for advertising, profiling, or creditworthiness assessments.
- We do not perform cross-site tracking.
Data retention
Account data is retained while your account is active. Watch targets and alert history are retained for the duration of your subscription. You can delete targets at any time from the dashboard. If you cancel your subscription, your data is retained for 30 days in case you re-subscribe, then permanently deleted.
Data security
All data is stored on Cloudflare's edge network (D1 database, KV cache) with encryption at rest. All connections use HTTPS/WSS. Stripe handles payment data under PCI DSS compliance. Session tokens are stored in Cloudflare KV with automatic expiration.
Third-party services
| Stripe | Payment processing |
| Resend | Transactional email delivery |
| VoIP.ms | SMS alert delivery |
| PostHog | Product analytics (account-linked) |
| Cloudflare | Hosting, database, CDN, WebSocket infrastructure |
| Google Places | Park photos, nearby places, street view imagery |
Your rights
You can request a copy of your data, request deletion, or ask questions about this policy by emailing [email protected].
Changes
We may update this policy as CampClaim evolves. Material changes will be communicated via email to active subscribers.