Privacy Policy

1. Introduction

CrewDeck, Inc. ("CrewDeck," "we," "us," or "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our roofing operations platform, website at crewdeck.net, mobile applications, and related services (collectively, the "Service").

By accessing or using our Service, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service. We encourage you to read this policy carefully and contact us with any questions.

2. Information We Collect

2.1 Personal Information

When you create an account, subscribe to a plan, or interact with our Service, we may collect the following personal information:

• Full name, email address, phone number, and job title
• Company name, address, and business information
• Billing and payment information (processed securely through our payment provider, Stripe)
• Profile photographs and user preferences
• Communication records including support tickets and in-app messages

2.2 Usage Data

We automatically collect information about how you interact with our Service, including:

• Pages and features accessed, actions performed, and time spent on the Service
• Search queries, filters applied, and workflow configurations
• Error logs, crash reports, and performance metrics
• Referral sources and navigation patterns

2.3 Device Information

When you access our Service, we collect information about your device, including:

• Device type, operating system, and browser version
• IP address and approximate geographic location
• Unique device identifiers and mobile advertising identifiers
• Screen resolution and language preferences

2.4 Cookies and Similar Technologies

We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities. These technologies help us maintain your session, remember your preferences, understand usage patterns, and deliver relevant content. For more details, see Section 8 below.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Improving the Service

• Operating, maintaining, and delivering the features of our platform
• Processing transactions, managing subscriptions, and sending billing notifications
• Personalizing your experience and providing tailored recommendations
• Analyzing usage patterns to improve functionality, performance, and user experience
• Developing new features and services based on aggregated usage data

3.2 Communication

• Sending service-related announcements, updates, and technical notices
• Responding to support requests, comments, and questions
• Delivering product tips, training resources, and best-practice guidance
• Sending marketing communications (with your consent, where required by law)

3.3 Security and Fraud Prevention

• Detecting, investigating, and preventing fraudulent or unauthorized activities
• Monitoring for security threats and vulnerabilities
• Enforcing our Terms of Service and other agreements
• Complying with legal obligations and responding to lawful requests

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following limited circumstances:

4.1 Service Providers

We engage trusted third-party companies and individuals to perform services on our behalf, such as payment processing (Stripe), cloud hosting (Amazon Web Services), email delivery, analytics, and customer support tools. These service providers are contractually obligated to use your information only as necessary to provide services to us and are bound by confidentiality requirements.

4.2 Legal Obligations

We may disclose your information if required to do so by law or in response to valid legal processes, such as a subpoena, court order, or government investigation. We may also disclose information when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, or to investigate fraud.

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information.

4.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so, such as when you authorize an integration with a third-party application.

5. Data Security

We take the security of your information seriously and implement industry-standard technical and organizational measures to protect it, including:

• Encryption: All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.3
• Access Controls: Role-based access controls ensure only authorized personnel can access sensitive data
• Infrastructure: Our platform is hosted on SOC 2 Type II compliant cloud infrastructure with multi-tenant data isolation
• Monitoring: Continuous security monitoring, intrusion detection, and real-time alerting
• Audits: Regular security assessments, penetration testing, and third-party audits
• Backups: Automatic daily backups with encrypted offsite storage and tested recovery procedures

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining the highest practical standards.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our Service. If you cancel your subscription or request deletion of your account, we will delete or anonymize your personal information within 30 days, except where retention is necessary to comply with legal obligations, resolve disputes, or enforce our agreements. Aggregated, anonymized data that cannot be used to identify you may be retained indefinitely for analytics and service improvement purposes.

Upon account termination, you will have a 30-day grace period to export your data before permanent deletion begins. After this period, data will be purged from our active systems within 30 additional days. Backup copies may persist for up to 90 days before being overwritten in the normal course of backup rotation.

7. Your Rights

Depending on your location, you may have certain rights regarding your personal information. These may include:

• Right of Access: You may request a copy of the personal information we hold about you
• Right to Correction: You may request that we correct any inaccurate or incomplete personal information
• Right to Deletion: You may request that we delete your personal information, subject to certain legal exceptions
• Right to Data Portability: You may request your data in a structured, commonly used, machine-readable format (CSV or JSON)
• Right to Restrict Processing: You may request that we limit how we use your personal information
• Right to Object: You may object to the processing of your personal information for certain purposes, including direct marketing
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days, as required by applicable law. You can also manage many of these preferences directly in your account settings.

8. Cookies and Tracking Technologies

We use the following types of cookies and tracking technologies:

• Essential Cookies: Required for the Service to function properly, including authentication tokens and session management. These cannot be disabled.
• Functional Cookies: Remember your preferences and settings, such as language, timezone, and dashboard layout.
• Analytics Cookies: Help us understand how users interact with our Service so we can improve the experience. We use privacy-focused analytics that do not track individual users across websites.
• Performance Cookies: Monitor application performance and help us identify and fix issues quickly.

You can control cookie preferences through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. Please note that disabling essential cookies may prevent you from using certain features of the Service. We do not use third-party advertising cookies or participate in ad networks.

9. Third-Party Services

Our Service integrates with or utilizes the following third-party services, each governed by their own privacy policies:

• Stripe: Payment processing and subscription management. Stripe is PCI DSS Level 1 certified. We never store full credit card numbers on our servers.
• Amazon Web Services (AWS): Cloud infrastructure and data hosting. Data is stored in US-based data centers with SOC 2 compliance.
• Google Maps Platform: Mapping, geocoding, and location services for canvassing and job site management.
• Twilio / Resend: SMS and email communication services for automated messaging and notifications.
• EagleView / Nearmap: Aerial imagery and property measurement data (when connected by the customer).

We carefully vet all third-party service providers to ensure they meet our security and privacy standards. You can view and manage connected third-party integrations from your account settings at any time.

10. Children's Privacy

Our Service is designed for business use and is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information promptly. If you believe we may have collected information from a child under 18, please contact us at [email protected].

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by email (sent to the email address associated with your account) and by posting a prominent notice on our website at least 30 days before the changes take effect. The "Last updated" date at the top of this policy indicates when it was most recently revised. Your continued use of the Service after the effective date of the updated policy constitutes your acceptance of the changes.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

See also our Terms of Service and Security page for more information about how we protect your data.