1. Who we are
Crewnyx is a product of Sparky Venture Labs LLC ("we," "us," "Crewnyx"), a company based in North Carolina, USA. If you have privacy questions, email [email protected].
2. What data we collect
We collect only what we need to provide the service.
2.1 Account data
- Your name and email address
- Your company's name and address
- Your role within the company (admin or employee)
- Password (stored hashed with bcrypt, never in plaintext)
2.2 Operational data (what your company puts into Crewnyx)
- Time entries, jobsites, receipts, messages, and any other data you or your team create in the app
- Location data (when you or a teammate uses the clock-in feature with location capture — optional, disabled by default)
- Uploaded files (receipts, documents)
2.3 Billing data
Handled entirely by Stripe. We store only your Stripe customer ID, subscription ID, and the last 4 digits + brand of the card. Full card numbers never touch our servers.
2.4 Technical data
- IP address, browser/device type, and timestamps of requests (kept 30 days for security auditing)
- Basic error logs (no PII in error messages)
2.5 What we do NOT collect
- Third-party tracking pixels (Meta, Google Ads, etc.) — we don't use them
- Session recordings (Hotjar, FullStory, etc.) — we don't use them
- Cross-site cookies for advertising — we don't set them
3. How we use your data
- To operate the Crewnyx service (obviously)
- To send transactional emails (verify email, password reset, receipts, plan changes)
- To send occasional product updates — you can unsubscribe at any time
- To detect and prevent fraud, abuse, and security incidents
- To comply with legal obligations (tax, subpoenas, etc.)
4. Who we share data with
We share data only with the specific vendors required to operate the service. Each is listed below with what they see.
- Supabase (Postgres database): All your operational data, encrypted at rest. Sub-processor for hosting.
- Stripe (payments): Your billing name, email, card details. Never sees operational data.
- Cloudflare (edge + CDN): Web traffic metadata (IP addresses, request paths). Blocks attacks. Doesn't see request bodies.
- Vercel (application hosting): Serves the app. Doesn't retain user data.
- Resend or similar (transactional email): The email address and content of transactional messages we send you.
We do not sell your data. We do not share your data with advertisers.
5. Tenant isolation
Your company's data is isolated from every other company's data at the PostgreSQL layer using Row-Level Security. Full details on our security page.
6. How long we keep your data
- Active accounts: as long as your subscription is active
- Cancelled accounts: 30 days after cancellation, then permanently deleted
- Backups: encrypted, retained up to 12 months, then deleted
- Audit logs: 1 year
7. Your rights
Regardless of where you live:
- Access — download all your data from Settings → Data → Export
- Correct — edit your data any time in the app
- Delete — Settings → Account → Delete. Your data is permanently removed within 30 days.
- Object / restrict processing — email [email protected]
- Portability — the export in Settings → Data is machine-readable CSV
GDPR (EU/UK) and CCPA (California) residents have additional rights — we honor all of them. Email us to exercise them.
8. Children
Crewnyx is a business tool. We don't knowingly collect data from anyone under 16.
9. International transfers
Our servers are in the United States. If you're in the EU/UK, your data is transferred there under standard contractual clauses.
10. Cookies
We use strictly-necessary cookies only (authentication, CSRF tokens, session persistence). No tracking cookies. No third-party ad cookies.
11. Changes
We'll email account admins at least 30 days before any material change to this policy.
12. Contact
[email protected]
Sparky Venture Labs LLC · North Carolina, USA · Last updated July 11, 2026