๐Ÿ‘ฅ Crew Manager

Note: This policy is a placeholder pending legal review and a formal GDPR data protection impact assessment before commercial launch.

Privacy Policy

Last updated: April 2026 ยท Applying to EU/EEA users under GDPR

1. Who We Are

Crew Manager ("we", "us", "our") is the operator of the Crew Manager platform, a workforce management service. We act as a data controller for the personal data of account holders, and as a data processor for employee data you manage within the platform.

Contact for data protection matters: privacy@crewmanager.eu

2. What Data We Collect

Account holders (Operations Managers)

  • Name, email address, company name, phone number
  • Login credentials (password stored as a one-way hash)
  • Billing information (processed by our payment provider โ€” we do not store card details)
  • Usage data and audit logs for security purposes

Employee data (processed on your behalf)

  • Names, email addresses, phone numbers, addresses
  • Licence and certification records
  • Shift history, clock-in/out times
  • Payroll reference numbers (no bank account data is stored)

3. Legal Basis for Processing

  • Contract performance โ€” to deliver the service you signed up for
  • Legitimate interests โ€” security, fraud prevention, service improvement
  • Legal obligation โ€” where required by Irish or EU law
  • Consent โ€” for optional marketing communications (you may withdraw at any time)

4. How We Use Your Data

  • To operate and improve the Crew Manager platform
  • To send transactional emails (account verification, billing notices, password resets)
  • To send product updates and news, if you consented at signup
  • To investigate security incidents or breaches
  • To comply with legal or regulatory obligations

4a. Anonymous Usage Statistics (Optional)

With your consent, we may use anonymised, aggregated data from your account to generate industry benchmarks and operational insights โ€” for example, average shift fill rates, licence expiry patterns, or equipment utilisation trends across similar businesses.

This data is fully anonymised before any aggregation. It cannot be used to identify your company, your employees, or any individual. We do not share anonymised data with third parties in a form that could be re-identified.

This is entirely optional. You may opt in during registration and withdraw consent at any time by emailing privacy@crewmanager.eu. Withdrawing consent has no effect on your access to the service.

5. Data Sharing

We do not sell your data. We share data only with sub-processors necessary to deliver the service:

  • Neon (database hosting) โ€” PostgreSQL hosting, EU region
  • Vercel (application hosting) โ€” serverless compute
  • Amazon Web Services SES โ€” transactional email delivery

All sub-processors are bound by data processing agreements compatible with GDPR.

6. Data Retention

Active account data is retained for as long as your subscription is active. Upon account closure, we delete your data within 90 days. Where legal obligations require longer retention (e.g., billing records under Irish tax law), we retain only the minimum necessary data for the required period.

7. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access โ€” request a copy of your personal data
  • Rectification โ€” correct inaccurate data
  • Erasure โ€” request deletion ("right to be forgotten")
  • Restriction โ€” limit how we process your data
  • Portability โ€” receive your data in a machine-readable format
  • Object โ€” object to processing based on legitimate interests
  • Withdraw consent โ€” for any consent-based processing (e.g., marketing)

To exercise any right, email privacy@crewmanager.eu. We will respond within 30 days. You also have the right to lodge a complaint with the Data Protection Commission (DPC) at dataprotection.ie.

8. Cookies

We use only essential cookies required for the service to function (authentication session cookies). We do not use advertising or tracking cookies. No cookie consent banner is required for strictly necessary cookies under ePrivacy regulations.

9. Security

We implement appropriate technical and organisational measures including encrypted connections (TLS), hashed passwords, access controls, and regular security reviews. In the event of a data breach affecting your rights, we will notify you within 72 hours as required by GDPR.

10. Changes to This Policy

We will notify you by email of material changes to this policy at least 30 days before they take effect.

ยฉ 2026 Crew Manager. All rights reserved. ยท Terms ยท Privacy