Privacy Policy

1. Introduction and Scope

CrewCheck ("we", "our", "us") operates the crewcheck.io website and SaaS platform that enables businesses to manage internal messaging, feedback collection, and notifications. This Privacy Policy explains how we handle personal data that we process on behalf of our customers, as well as data we collect directly from site visitors, employees, and other users. Our commitment is to protect privacy and comply with applicable data‑protection laws, including the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Telephone Consumer Protection Act (TCPA).

2. Data Controller and Contact Information

For the purposes of data‑protection legislation, our customers are the Data Controllers of the personal data they upload to CrewCheck. CrewCheck acts as a Data Processor on their behalf. Privacy‑related inquiries, data‑subject requests, or complaints may be directed to:

• Email: [email protected]
• Mailing address: CrewCheck, 30 North Gould Street, STE R, Sheridan, WY 82801, USA

3. Information We Collect

We collect several categories of information:

• Account information such as name, email address, phone number, and employer details that customers provide when creating an account.
• Device and usage data including IP addresses, browser type, operating system, and interaction logs with the platform.
• Communication content such as messages, delivery logs, and any attachments transmitted through the service.
• Payment and billing data required for invoicing, including credit‑card details processed by our payment provider.
• Cookies and analytics data collected through web‑site cookies, web beacons, and third‑party analytics services.

4. How We Use Information

We process the collected data for the following purposes:

• To provision, authenticate, and maintain customer accounts.
• To deliver messages to recipients via carrier networks on behalf of our customers.
• To improve the product, develop new features, and perform analytics.
• To comply with legal obligations, ensure security, and prevent fraud or abuse.

5. Legal Basis for Processing (GDPR)

When processing personal data of individuals located in the European Economic Area, we rely on the following lawful grounds:

• Performance of a contract – necessary for providing the SaaS service.
• Consent – where the customer has obtained explicit consent from the data subject.
• Legitimate interests – for fraud prevention, security, and product improvement, provided such interests do not override the data subject's rights.
• Legal obligation – to comply with regulatory requirements.

6. How We Share Information

We may disclose personal data to the following categories of recipients:

• Service providers such as Twilio (messaging), Stripe (payment processing), and cloud hosting providers. These providers act as subprocessors under strict contractual safeguards.
• Legal or regulatory authorities when required by law, subpoena, or to protect our rights.
• Customers – when we act as a processor, we share data with the relevant customer who is the controller of that data.
• Affiliates and subprocessors that assist in delivering the service, subject to equivalent data‑protection obligations.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described herein. Retention periods are determined by contractual obligations, legal requirements, and the activity status of the account. Inactive or terminated accounts may be anonymised after a reasonable period, typically twelve months of inactivity.

8. Data‑Subject Rights

Individuals have the following rights under applicable law:

• Right of access to their personal data.
• Right to rectify inaccurate data.
• Right to erasure (the "right to be forgotten").
• Right to data portability.
• Right to restriction of processing.
• Right to object to processing based on legitimate interests or direct marketing.

Requests may be submitted to [email protected]. We will respond within the statutory timeframes.

9. Cookies and Tracking

Our website uses essential cookies for session management and security, as well as analytical cookies to understand usage patterns. Users may manage cookie preferences through their browser settings or via the cookie consent banner on our site.

10. International Transfers

CrewCheck may transfer personal data outside the European Economic Area, including to the United States. Such transfers are protected by standard contractual clauses (SCCs) or other approved mechanisms that ensure an adequate level of protection.

11. Security Measures

We implement technical and organisational safeguards, including encryption of data in transit and at rest, role‑based access controls, regular security monitoring, and incident‑response procedures. In the unlikely event of a data breach, we will notify affected individuals and regulators in accordance with applicable law.

12. Children's Data

Our services are not directed to children under the age of sixteen (16). We do not knowingly collect personal data from minors. If we become aware of such collection, we will promptly delete the information.

13. Customer Responsibilities

Customers must obtain valid, documented opt‑in consent from any individual whose contact data they upload to CrewCheck. They remain responsible for ensuring that their data handling complies with all applicable privacy and communications regulations.

14. Changes to This Policy

We review this Privacy Policy at least annually and may update it to reflect changes in law, technology, or business practices. The version number and effective date will be indicated at the top of the document. Significant revisions will be communicated via email and a notice on the website.

15. Contact Information

For any privacy‑related questions, concerns, or complaints, please contact us at:

• Email: [email protected]
• Mailing address: CrewCheck, 30 North Gould Street, STE R, Sheridan, WY 82801, USA