Where is data stored?
Customer data is stored in India using Supabase and Railway infrastructure configured for CrewCheck's India-first operating model.
Trust & Security
Plain answers for security, legal, and engineering review.
CrewCheck is designed to inspect AI traffic without turning customer prompts into training data, raw debug logs, or unauditable evidence.
Do we train on customer prompts?
No. Prompts are inspected in memory for policy enforcement and then discarded unless a customer explicitly enables retention for a configured workflow.
Are logs mutable?
No. CrewCheck audit logs are hash-chained and tamper-evident, so changes can be detected during verification.
Who can access logs?
Only authorised users inside the customer's organisation can access logs, and access is controlled by role-based permissions.
What happens during a breach?
CrewCheck follows a 72-hour DPDP notification workflow. A detailed incident response plan is available to enterprise customers.
Can legal export evidence?
Yes. Legal and compliance teams can export audit PDFs with hash-chain verification evidence.
Can engineering debug without seeing PII?
Yes. CrewCheck supports redacted views by role so engineering teams can debug policy outcomes without raw sensitive values.
Deployment options
Cloud deployment is available for startups. Private VPC and on-prem deployment are paid enterprise add-ons quoted on request.