Privacy Policy

CrewFlow ("we", "us", "our") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights regarding your information.

By using the Service, you agree to the collection and use of data as described in this policy.

Account information: Company name, email address, and hashed password when you register.

Business data you enter: Employee names, contact details, home addresses, availability, and skills. Client names, addresses, scheduling preferences, and contact information. This data is entered by you and belongs to you.

Billing information: We do not store payment card details. Billing is handled by Stripe, who stores payment data on our behalf under their own privacy policy.

Usage data: How you interact with the Service (pages visited, features used, schedule generation requests). Used to improve the product.

• To provide and operate the Service, including AI-powered schedule generation
• To send transactional emails (account confirmation, password resets, billing receipts)
• To enforce our Terms of Service and prevent abuse
• To improve the Service based on usage patterns

We do not sell your data. We do not use your employee or client data for any purpose other than providing the Service to you.

We share data with the following third parties only as necessary to provide the Service:

• Stripe — payment processing. Employee/client data is never shared with Stripe.
• Anthropic (Claude AI) — AI schedule generation. We send anonymized scheduling constraints (availability, skills, preferences) to generate schedules. No personally identifiable employee or client information is included beyond what is necessary for scheduling.
• Google Maps — drive time calculations between job sites. Addresses are transmitted to Google's API for this purpose.
• Resend — transactional email delivery (account and password emails only).
• Supabase — secure cloud database hosting for your account and business data.

We implement industry-standard security measures including encrypted connections (HTTPS), hashed passwords (bcrypt), and access controls. Your data is stored on Supabase's secure PostgreSQL infrastructure hosted on AWS.

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security, but we take reasonable steps to protect your data.

We retain your account and business data for as long as your account is active. If you cancel and do not reactivate within 30 days, your data will be permanently deleted.

You may request deletion of your account and all associated data at any time by contacting us.

You have the right to:

• Access — request a copy of the data we hold about you
• Correction — update inaccurate data directly in the app or by contacting us
• Deletion — request deletion of your account and all associated data
• Export — export your schedule and employee data using the CSV export features in the app

To exercise any of these rights, contact us at support@crewflow.app.

We use a single session cookie (crewflow_session) to keep you logged in. This cookie is strictly necessary for the Service to function and expires after 7 days. We do not use advertising or tracking cookies.

The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children.

We may update this policy from time to time. We will notify you of material changes by email or in-app notice at least 14 days in advance. Continued use of the Service after changes constitutes acceptance of the updated policy.

Questions or concerns about your privacy? Contact us at support@crewflow.app.