Privacy Policy

Last updated: April 9, 2026

This Privacy Policy describes how Crewly ("Crewly," "we," "us," or "our") collects, uses, and shares information when you use the Crewly web application, mobile application, and related services (the "Service").

Crewly is a multi-tenant software-as-a-service platform for service businesses. Each customer organization ("Tenant") uses Crewly to manage its own clients, quotes, invoices, schedules, employees, payroll, and field operations.

1. Who Is the Data Controller

When you use Crewly as an employee or administrator of a Tenant, the Tenant is the data controller of the information you and your coworkers enter into Crewly. Crewly acts as a data processor on the Tenant's behalf, handling data only as instructed by the Tenant and in accordance with this Policy.

If you are an end-client of a Tenant (for example, someone receiving a quote or paying an invoice), the Tenant is the controller of the information about you that the Tenant enters into Crewly.

2. Information We Collect

2.1 Account information

When a Tenant is created or an employee is invited, we collect: name, email address, role (admin, employee, portal), password (stored hashed), tenant assignment, and language preference.

2.2 Business information

Tenants provide business data such as: company name, address, phone number, tax region and tax rates, branding assets (logo, colors), service catalog, pricing, client records, quotes, invoices, agenda events, payroll contracts, punch records, and payments.

2.3 Location information

Crewly offers an opt-in live location tracking feature for employees in the field. Here is exactly how it works:

Opt-in and control. Location tracking is off by default. An employee must explicitly toggle "Live location" on within the employee portal. The first time you enable it, your device's operating system will also ask you to grant location permission to Crewly; you may decline, and you may revoke this permission at any time in your device settings.
What is collected. When active, Crewly records your device's latitude, longitude, horizontal accuracy, and a timestamp.
How often. While the toggle is on, Crewly writes your current position to our servers at most once every 15 seconds. This is a single row per employee — we overwrite your previous location each time rather than keeping a historical trail.
Who can see it. Your Tenant's administrators can see your current location while you are actively sharing. Location data is strictly isolated between Tenants; no one outside your organization can see it.
When it stops. Location capture stops as soon as you toggle the feature off, close the portal, revoke OS permission, or sign out. Turning the toggle off immediately halts writes.
Admin preview mode. When a Tenant administrator previews another user's portal, live location capture is disabled on the preview.

We do not use location data for advertising, resale, or any purpose unrelated to helping your employer coordinate field work.

2.4 Content you upload

Images attached to quotes, branding assets, signatures on public quote and payment pages, and any files uploaded through the Service.

2.5 Payment information

If your Tenant subscribes to a paid plan, payment is processed by Stripe, Inc. Crewly does not store full credit card numbers. Stripe provides us with limited billing metadata (customer ID, plan, subscription status, receipt references) which we store to reconcile subscriptions.

2.6 Technical information

When you use the Service, we and our infrastructure providers automatically collect standard technical information: IP address, device type, operating system, browser type and version, pages visited, timestamps, and diagnostic error reports.

2.7 Cookies and local storage

Crewly uses cookies and browser local storage to keep you signed in, remember preferences (language, agenda view, live-location toggle state), and operate the service worker cache. We do not use third-party advertising cookies.

3. How We Use Information

We use information to provide, operate, and maintain the Service; authenticate users and enforce tenant isolation; enable features you or your Tenant have enabled (scheduling, invoicing, payroll calculations, route planning, live location sharing); process subscription payments through Stripe; detect, prevent, and respond to security incidents, abuse, and technical problems; communicate with Tenant administrators about service, billing, and security matters; and comply with legal obligations.

We do not sell personal information. We do not use personal information for cross-context behavioral advertising.

4. Legal Bases (GDPR / UK GDPR)

Where the GDPR or UK GDPR applies, we rely on the following legal bases: contract (to provide the Service to you or your Tenant); legitimate interests (to secure the Service, prevent fraud, and improve reliability); consent (for live location tracking, which is strictly opt-in); and legal obligation (to comply with applicable laws).

You may withdraw consent for location tracking at any time by toggling the feature off; this will not affect the lawfulness of prior processing.

5. How We Share Information

We share information only as follows:

Within your Tenant. Information you enter is visible to other users of your Tenant according to their role and permissions.
Subprocessors. We use a small number of service providers to operate the Service: Supabase, Inc. (database, authentication, file storage, and realtime infrastructure); Vercel, Inc. (application hosting and content delivery); Stripe, Inc. (subscription billing and payment processing); and Sentry (error tracking and diagnostics, when enabled).
Legal requirements. We may disclose information if required by law, subpoena, or other valid legal process, or to protect the rights, property, or safety of Crewly, our users, or the public.
Business transfers. If Crewly is involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction, subject to the commitments in this Policy.

We do not sell personal information to third parties.

6. International Data Transfers

Crewly is operated from Canada and uses subprocessors located in the United States and elsewhere. Where required, we rely on standard contractual clauses or equivalent safeguards for international transfers of personal information.

7. Data Retention

Tenant business data (clients, quotes, invoices, agenda events, punches, payroll records) is retained for as long as the Tenant's account is active, and for a reasonable period thereafter to allow export or as required by law.
Location data is stored as a single current-position row per employee and is overwritten with every update. Individual location records are not retained beyond 30 days.
Billing records are retained as required by tax and accounting law, typically six years.
Diagnostic logs and error reports are retained for up to 90 days.
Account deletion. You may delete your Crewly account from within the app. Upon deletion, we remove your personal profile information, revoke your access, and delete associated authentication records. Tenant-owned business records created by you may be retained by your Tenant as permitted by law.

8. Security

We use industry-standard measures to protect your information, including encryption in transit (HTTPS/TLS), encryption at rest for database and file storage, row-level security to enforce tenant isolation at the database layer, and access controls on administrative systems. No system is perfectly secure; we encourage you to use a strong, unique password and to report suspected security issues to us promptly.

9. Your Rights

Depending on where you live, you may have rights to access the personal information we hold about you; correct inaccurate information; delete your information; object to or restrict certain processing; port your information to another service; withdraw consent where processing is based on consent (including for location tracking); and lodge a complaint with a supervisory authority.

If you are an employee of a Tenant, please contact your Tenant's administrator first; we will assist the Tenant in responding to your request. You can also contact Crewly directly.

10. Children

Crewly is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and, for material changes, notify Tenant administrators by email or in-app notice. Continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

12. Contact

For privacy-related questions or data requests, contact us at privacy@crewly.website or support@crewly.ca.

This document should be reviewed by a lawyer familiar with privacy law in the jurisdictions where Crewly operates (Canada's PIPEDA and Quebec's Law 25, US state laws including CCPA/CPRA, GDPR in the EU/UK, and Apple/Google store requirements for apps that collect location data) before final publication.