Privacy Policy

Last updated: March 26, 2026

CrewForged ("CrewForged," "we," "us," or "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the CrewForged platform, website (crewforged.com), mobile applications, and related services (collectively, the "Service").

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Company name, address, phone number, and trade type
• Your name, email address, phone number, and role
• Authentication credentials (passwords are hashed and never stored in plain text)
• Two-factor authentication (TOTP) configuration

1.2 Business Data

When you use the Service, you may input business data including but not limited to:

• Customer names, contact information, and service addresses
• Job details, work orders, estimates, and invoices
• Equipment records, parts inventory, and pricing data
• Employee/technician information and schedules
• Payment information (processed through Stripe — we do not store credit card numbers)
• Photos, signatures, and form responses captured during service
• Communication logs (SMS, email content sent through the platform)

1.3 Location Data

With permission, we collect GPS location data from technician devices for:

• Real-time technician tracking on the dispatch board
• Route optimization between job sites
• Clock-in/clock-out verification

Location tracking is active only when the technician is clocked in and using the CrewForged mobile app. It can be disabled by the account administrator at any time.

1.4 Automatically Collected Information

• Device type, operating system, and browser information
• IP address and approximate location (for security purposes)
• Usage patterns and feature interactions (to improve the Service)

2. How We Use Your Information

We use collected information to:

• Provide, maintain, and improve the CrewForged platform
• Process transactions and send related notifications
• Send appointment reminders, technician alerts, and invoice notifications on your behalf
• Power AI-assisted features (estimates, scheduling optimization) using Gemini AI — your data is processed server-side and is never used to train AI models
• Provide customer support and respond to inquiries
• Monitor for security threats and prevent unauthorized access
• Generate aggregated, anonymized analytics to improve the Service

3. How We Share Your Information

We do not sell your personal information. We share data only in these limited circumstances:

• Service Providers: We use third-party services to operate CrewForged, including Supabase (database hosting), Stripe (payment processing), Twilio (SMS), Resend (email), Google Maps (routing), and Google Gemini (AI features). Each provider receives only the data necessary for their function.
• At Your Direction: When you send an invoice via email, a text notification to a customer, or share a booking link — that information is transmitted to the intended recipient.
• Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of that transaction.

4. Data Isolation (Multi-Tenancy)

CrewForged is a multi-tenant platform. Your business data is isolated from other customers through Row Level Security (RLS) policies enforced at the database level. No customer can access, view, or modify another customer's data — this is enforced by the database, not just the application.

5. AI and Your Data

CrewForged uses Google Gemini AI to power features like estimate suggestions, scheduling optimization, and the onboarding assistant. When AI features are used:

• Your data is processed server-side — it never leaves our infrastructure except to reach the Gemini API
• Your business data is never used to train AI models
• AI responses are generated in real-time and are not stored by Google beyond the immediate request
• You can use CrewForged without AI features — they enhance the experience but are not required

6. Data Security

• All data is encrypted in transit (TLS/SSL) and at rest
• Two-factor authentication (TOTP) is available for all user accounts
• Payment data is processed through Stripe and is PCI DSS compliant — we never store credit card numbers
• Database backups are performed automatically
• Access to production systems is restricted to authorized personnel

7. Data Retention

We retain your data for as long as your account is active. If you cancel your account:

• Your data remains available for 90 days for reactivation
• After 90 days, all business data is permanently deleted from our systems
• Aggregated, anonymized data may be retained for analytics purposes
• You may request immediate deletion at any time by contacting us

8. Your Rights

You have the right to:

• Access your data — export your business data at any time from within the platform
• Correct inaccurate information in your account
• Delete your account and associated data
• Opt out of non-essential communications
• Restrict AI processing of your data
• Disable GPS tracking for your technicians

9. Cookies and Tracking

CrewForged uses essential cookies to maintain your session and preferences. We do not use third-party advertising trackers. Analytics data is collected in aggregate form and cannot be used to identify individual users.

10. Children's Privacy

CrewForged is not intended for use by individuals under 18 years of age. We do not knowingly collect information from minors.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice in the platform or sending an email. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact