Legal

Privacy Policy

LAST UPDATED · MAY 2026

Crewlog Inc. (“Crewlog”, “we”, “our”, or “us”) respects your privacy. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over your information. It applies to crewlog.io, our mobile applications, and any related services (the “Service”).

1. Information we collect

1.1 Information you provide

When you sign up or use Crewlog, you provide:

  • Account information: name, email address, phone number, password (hashed), and organization name.
  • Profile details: profile photo (optional), trade or job title, role within your organization.
  • Content: voice recordings, transcripts, photos, text notes, and any other content you create within the Service.
  • Payment information: collected and processed by our payment provider Stripe. We do not store credit card numbers.

1.2 Information collected automatically

  • Device information: model, operating system, app version, language preferences.
  • Usage data: feature usage, log activity, sync timestamps, error reports.
  • Location data: GPS coordinates attached to log entries when GPS is enabled. You can disable GPS in settings.
  • Network information: IP address, approximate location derived from IP, connection type.

2. How we use your information

  • To provide and operate the Service, including syncing data across your devices.
  • To process voice recordings into transcripts via OpenAI's Whisper API.
  • To process payments and manage subscriptions via Stripe.
  • To send transactional notifications (sealed log alerts, crew invites, billing receipts) via push, email, or SMS.
  • To respond to support requests.
  • To detect and prevent abuse, fraud, and security issues.
  • To improve the Service, with all analytics anonymized or aggregated.

We do not sell your personal information. We do not use your content (logs, voice recordings, photos) to train AI models. We do not share your data with advertisers.

3. Who we share information with

We share data only with vendors that perform services on our behalf, under written contracts that limit how they can use your data:

  • Stripe — payment processing
  • Cloudflare R2 — storage of audio recordings, photos, and PDF exports
  • Supabase — database hosting and authentication
  • OpenAI — voice-to-text transcription via the Whisper API (no model training, content not retained beyond processing)
  • Twilio — SMS delivery for invitations and account notifications
  • Railway — application hosting infrastructure

We will share information if required by law (subpoena, court order), to protect our rights, or to protect the safety of users or the public. If Crewlog is acquired or merged, your data may transfer to the successor entity.

4. Data retention

  • Active account data is retained while your subscription is active.
  • Sealed daily logs are retained for 7 years per construction industry compliance norms, even after account closure (encrypted, not accessible to you after closure).
  • If you cancel your subscription, you have 90 days to download your data before active records are deleted.
  • If you request account deletion, we delete personal information within 30 days, except where required to retain for legal/compliance reasons.

5. Your rights

Depending on your location (CCPA, GDPR, and similar laws may apply), you have the following rights:

  • Access — request a copy of the personal information we hold about you
  • Correction — request correction of inaccurate information
  • Deletion — request deletion of your account and personal information
  • Portability — request a machine-readable export of your data
  • Objection — object to certain types of processing

5.1 Self-service export and deletion (mobile app)

Signed-in account holders can use in-app controls (or the API) to exercise portability and deletion without waiting on support:

  • Data exportPOST /api/account/export queues a ZIP archive of your workspace profile, projects, logs, and related metadata. When ready, we email a signed download link valid for 7 days. Poll GET /api/account/export/:exportId for status.
  • Account deletionPOST /api/account/delete requires your current password (recent re-authentication). We anonymize personal fields on your account and revoke sessions. Sealed daily logs remain stored for 7-year compliance and keep their creator reference; they are no longer accessible through your account. Project managers with an active paid or trial subscription must cancel billing before deletion.

You may still email privacy@crewlog.io for assistance or if you cannot access the app. We will respond within 30 days.

6. Security

We use industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, SHA-256 cryptographic seal for sealed logs, hashed passwords (bcrypt), and Row-Level Security policies on our database. No system is perfectly secure, but we take this seriously.

7. Children

Crewlog is not intended for use by anyone under 18. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.

8. International users

Crewlog is operated from the United States. By using the Service, you consent to your information being processed in the U.S. We rely on Standard Contractual Clauses for transfers from the EEA/UK.

9. Changes to this policy

We may update this policy from time to time. We will post the updated version with a new “Last Updated” date. Material changes will be communicated via email or in-app notification.

10. Contact us

Crewlog Inc.
Email: privacy@crewlog.io