Legal

Privacy Controls

Use this page to withdraw consent, reject non-essential website storage, or grant consent again. These controls are designed to make withdrawing consent as easy as giving it.

Privacy controls

Withdraw consent or update your website preference.

CrewCheck stores only essential website state unless you accept optional storage. You can withdraw consent, reject non-essential processing, or grant consent again from this page at any time.

Current status

No preference saved yet

We will save your next choice instantly.

Purposes of data processing

CrewCheck processes personal data only for specific stated purposes: account creation and login, organization administration, product delivery, scanner report generation, customer support, invoice and payment handling, security monitoring, fraud prevention, audit logging, and legal or regulatory compliance.

Examples of purpose-limited processing include using work email and organization details to create and manage an account, using support correspondence to resolve support requests, using IP address and device metadata to secure sessions and investigate abuse, using billing contact details to issue invoices and reconcile payments, and using rule outcomes or audit evidence to generate compliance reports requested by the customer.

Third-party processors and sharing

CrewCheck uses third-party service providers only where necessary to operate the service. This includes Supabase for authentication and managed database services, Railway and Vercel for hosting and delivery, Razorpay or Stripe for payment processing, and model providers such as OpenAI or Anthropic only when a customer configures or invokes those services through CrewCheck.

Third-party data sharing is purpose-bound and limited to the minimum data needed for each processor. Payment processors receive billing and transaction details needed to complete payments, hosting providers may process encrypted application or log data to run the service, support tooling may receive support-request context, and configured model providers may receive only the prompts, metadata, or redacted content required to complete a customer-requested AI workflow.

Named processor list: Supabase receives account identifiers, work email, and organization metadata for authentication and managed database operations. Railway and Vercel may process request metadata, IP address, encrypted application data, and operational logs for hosting and delivery. Razorpay or Stripe receive billing contact details, invoice references, and transaction metadata for payment processing. OpenAI or Anthropic may receive prompts, redacted content, and model request metadata only when a customer chooses those providers for a customer-requested AI workflow.

Need a formal privacy request?

For access, correction, erasure, portability, grievance, or breach questions, email privacy@crewcheck.ai or visit the Privacy Policy.