1. Introduction
CrewOS ("we," "us," or "our") is an industry-agnostic crew and contractor operations SaaS platform operated by FoundryOS. CrewOS enables businesses to manage scheduling, timeclock tracking, compliance, invoicing, expenses, and contractor coordination through a centralized platform.
This Privacy Policy describes how we collect, use, disclose, and protect information when you use CrewOS (the "Service"), including our website, web application, and related services. By accessing or using CrewOS, you agree to the practices described in this policy.
2. Data Processing Roles
CrewOS operates within a multi-tenant architecture where it is important to understand the roles of each party with respect to data processing:
- CrewOS as Data Processor: When account owners (businesses) input, store, and manage information about their crew members, contractors, clients, and operations, CrewOS acts as a data processor. We process this data on behalf of the account owner according to their instructions and the functionality of the Service.
- Account Owner as Data Controller: The account owner (the business that created the CrewOS account) is the data controller and determines the purposes and means of processing business data within their tenant. This includes crew member records, client information, scheduling data, and financial records.
- CrewOS as Data Controller: For data we collect directly from all users for the purpose of providing and improving the Service (such as account registration data, authentication data, and usage analytics), CrewOS acts as the data controller.
3. Information We Collect from Account Owners
When a business creates a CrewOS account, we collect the following information:
- Account credentials: Email address, full name, company name, and password (stored as a cryptographic hash; we never store plaintext passwords).
- Organization settings: Branding assets (company logo, brand colors), timezone preference, currency preference, and company contact details.
- Industry template selection: The industry category chosen during signup, which determines the default configuration of site fields, picklists, and operational defaults for the account.
- Billing information: Payment details are collected and processed directly by Stripe. We store only subscription status, plan tier, and billing cycle information — not payment card numbers.
4. Business Data Stored Per Tenant
Account owners may store the following categories of business data within their CrewOS tenant. This data is isolated per tenant and is not accessible to other tenants:
- Client records: Client names, contact information, sites, site contacts, and site access credentials.
- Contracts: Contract terms, schedule rules, service scope, and contract status.
- Crew and contractor records: Name, email, phone number, mailing address, hourly rate, member type (employee/subcontractor), and emergency contact information.
- Compliance documents: Uploaded files (such as certifications, licenses, and insurance documents) with associated expiry date tracking.
- Schedules and shift assignments: Shift times, crew assignments, and schedule rules.
- Timeclock events: Clock-in and clock-out timestamps for tracking hours worked.
- Shift photos: Clock-in photos and lock confirmation photos captured during shift operations.
- Client invoices: Invoices generated for clients based on contract terms and completed work.
- Contractor invoices: Invoices submitted by contractors for work performed.
- Expenses and receipts: Expense records including uploaded receipt images and AI-scanned receipt data (amounts, vendors, categories).
- Financial records and transactions: Revenue, cost, and profitability data derived from invoices, expenses, and payroll calculations.
5. Information Collected from Crew Members and Contractors
When a crew member or contractor accepts an invitation to join an account owner's CrewOS tenant, the following information is collected:
- Profile information: Email address, full name, and phone number (provided during invite acceptance or profile setup).
- Timeclock data: Clock-in and clock-out timestamps recorded during shift operations.
- Shift photos: Photos captured at clock-in or for lock confirmation as required by the account owner's configuration.
- Compliance document uploads: Certifications, licenses, or other documents uploaded to satisfy compliance requirements set by the account owner.
- Contractor invoices: Invoices submitted through the crew portal for work performed.
- Profile change requests: Requests submitted by crew members to update their profile information, subject to account owner approval.
Crew members and contractors interact with CrewOS through a dedicated crew portal. The account owner (the business) is the data controller for this data and determines what information crew members are required to provide.
6. Information We Do Not Collect
CrewOS does not collect the following types of information:
- GPS or geolocation data: CrewOS does not track the physical location of users. If location-based features are introduced in the future, they will be opt-in and explicitly enabled by the account owner, with clear notice to affected users.
- Social media data: We do not access, collect, or integrate with any social media accounts or profiles.
- Background check results: While account owners may upload compliance documents (such as certifications or licenses), CrewOS does not conduct, facilitate, or store background checks. Compliance documents are uploaded and managed by users, not generated through CrewOS.
- Biometric data: Shift photos are stored as standard image files and are not processed for biometric identification or facial recognition.
7. How We Use Your Information
We use collected information for the following purposes:
- Service delivery: To provide, maintain, and operate the CrewOS platform, including scheduling, timeclock, invoicing, compliance tracking, and all core features.
- Authentication and security: To verify user identity, manage sessions, and protect accounts from unauthorized access.
- Transactional communications: To send shift reminders, compliance document chase emails, daily digest summaries, and other operational notifications configured by the account owner.
- Billing and subscription management: To process payments, manage subscription tiers, and provide billing-related communications.
- AI-powered features: On the Pro tier, to provide AI assistant functionality and receipt OCR scanning. AI features process business data (such as expense receipts and operational queries) but do not use personal data for model training.
- Service improvement: To analyze usage patterns in aggregate to improve platform reliability, performance, and user experience.
- Legal compliance: To meet applicable legal, regulatory, and tax obligations.
8. Third-Party Services (Sub-Processors)
CrewOS uses the following third-party services to deliver the platform. These sub-processors may process data as described below:
| Service | Purpose | Data Processed |
|---|---|---|
| Supabase | Database, authentication, and file storage | All application data, user credentials, uploaded files (compliance docs, shift photos, receipts) |
| Stripe | Subscription billing and payment processing | Payment method details, billing address, subscription status |
| Resend | Transactional email delivery | Recipient email addresses, email content (shift reminders, compliance chase, daily digest) |
| Vercel | Application hosting and serverless functions | HTTP request data, server logs |
| Anthropic (Claude) | AI assistant and receipt OCR (Pro tier only) | Business data submitted to AI features (expense receipts, operational queries). Does not process personal data. Data is not used for model training. |
Each sub-processor maintains its own privacy policy and data processing practices. We select sub-processors that demonstrate adequate data protection standards and contractual commitments.
9. Data Retention
We retain data according to the following schedule:
| Data Category | Retention Period |
|---|---|
| Account data (profile, organization settings) | Duration of account plus 30 days after termination |
| Business data (schedules, invoices, crew records, etc.) | Duration of account |
| Compliance documents | Duration of account (account owner can delete individually at any time) |
| Financial and billing records | 7 years (as required for tax and accounting compliance) |
| Security and access logs | 90 days |
When an account is terminated, we will delete or anonymize business data within 30 days, except where retention is required by law (such as financial records for tax compliance). Account owners may request data export prior to account termination.
11. Automated Decision-Making
CrewOS does not engage in automated decision-making that produces legal effects or similarly significant effects on any individual. Specifically:
- The AI assistant (available on the Pro tier) provides suggestions only — including expense categorization recommendations, receipt data extraction, and operational insights. All business decisions are made by the account owner or authorized users.
- Schedule generation follows rules configured by the account owner and produces draft schedules that require human review and confirmation.
- Compliance alerts and reminders are automated notifications based on document expiry dates — they do not make determinations about a crew member's eligibility or employment status.
12. Data Security
We implement the following measures to protect your data:
- Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS (HTTPS).
- Encryption at rest: Database storage and file storage are encrypted at rest through our infrastructure providers.
- Multi-tenant isolation: Row-Level Security (RLS) policies enforce strict data isolation between tenants at the database level. Each tenant's data is accessible only to authorized users within that tenant.
- Password security: User passwords are cryptographically hashed using industry-standard algorithms. Plaintext passwords are never stored or logged.
- Access controls: Role-based access controls (owner, operator, contractor) restrict functionality and data visibility based on user role within each tenant.
- API security: Server-side authentication verification, rate limiting, input validation, and CSRF protection on all API endpoints.
13. Your Rights Under GDPR
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) or equivalent legislation:
- Right of access: You may request a copy of the personal data we hold about you.
- Right to rectification: You may request correction of inaccurate or incomplete personal data.
- Right to erasure: You may request deletion of your personal data, subject to legal retention obligations.
- Right to restriction: You may request that we restrict processing of your personal data in certain circumstances.
- Right to data portability: You may request your personal data in a structured, commonly used, and machine-readable format.
- Right to object: You may object to processing of your personal data based on legitimate interests.
- Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time.
For crew members and contractors: If your data is processed by CrewOS on behalf of an account owner (your employer or contracting business), please direct your data rights requests to that account owner in the first instance, as they are the data controller. We will assist the account owner in fulfilling valid requests.
To exercise any of these rights directly with CrewOS, contact us at contact@foundryos.ca.
14. California Residents (CCPA)
This section applies to California residents and describes the disclosures and rights required by the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). It is provided to all Privacy Policy readers as a transparent statement of our practices; readers outside California may disregard.
Do Not Sell or Share My Personal Information. CrewOS does not sell personal information to third parties, and does not share personal information for cross-context behavioral advertising. There is therefore no sale or share to opt out of. If our practices ever change, we will provide a "Do Not Sell or Share My Personal Information" link on this page and honor opt-out signals such as the Global Privacy Control (GPC) browser signal.
Categories of personal information collected. In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA (Cal. Civ. Code § 1798.140):
- Identifiers: name, email address, phone number, account credentials, IP address, and similar identifiers (see sections 3 and 5 above for details).
- Commercial information: subscription tier, billing cycle, and records of services you use within CrewOS.
- Internet or other electronic network activity: server logs, session data, and product-usage telemetry used to operate and secure the Service.
- Geolocation data: only when an account owner explicitly enables geofenced clock-in (see section 6) — otherwise no geolocation data is collected from users.
- Professional or employment-related information: crew member role, hourly rate, shift assignments, compliance documents, and timeclock records uploaded by account owners.
Each category above is collected for the business and commercial purposes described in section 7 ("How We Use Your Information") and is shared only with the sub-processors listed in section 8. We do not sell or share any category for cross-context behavioral advertising.
Your CCPA rights. Subject to verification of your identity, California residents may exercise the following rights:
- Right to know: request disclosure of the specific pieces and categories of personal information we have collected about you, the sources from which we collected it, the business purpose for collecting it, and the categories of third parties with whom we have shared it.
- Right to delete: request that we delete personal information we have collected from you, subject to exceptions allowed by law (for example, where we must retain financial records for tax compliance).
- Right to correct: request correction of inaccurate personal information we maintain about you.
- Right to opt out of sale or sharing: as noted above, we do not sell or share personal information — the right is preserved for you if our practices ever change.
- Right to limit use of sensitive personal information: CrewOS does not use sensitive personal information for purposes beyond those permitted by § 1798.121(a).
- Right to non-discrimination: we will not discriminate against you for exercising any CCPA right, including by denying service, charging different prices, or providing a different level of quality.
How to exercise your rights. To submit a verifiable consumer request, email us at contact@foundryos.ca from the email address associated with your CrewOS account. Authorized agents submitting a request on your behalf must provide signed written authorization together with proof of your identity. We will verify your identity by matching the information provided in the request against the information we already maintain (typically at least two data points) and may request additional verification where warranted by the sensitivity of the data requested.
Response time. We will acknowledge receipt of your request within 10 business days and respond substantively within 45 calendar days. Where necessary, we may extend the response window by an additional 45 calendar days and will notify you in writing of the extension and the reason.
15. International Data Transfers
CrewOS infrastructure is hosted in North America. If you access the Service from outside North America, please be aware that your data may be transferred to, stored, and processed in a jurisdiction different from your own.
Where we transfer personal data across borders, we rely on appropriate safeguards, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable.
- Sub-processor commitments to data protection standards equivalent to or exceeding the requirements of applicable data protection legislation.
- Technical measures (encryption, access controls, tenant isolation) that protect data regardless of storage location.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Effective Date" at the top of this page.
- Provide notice through the Service (such as a banner or notification) for significant changes.
- Where required by law, obtain your consent before applying material changes to the processing of your personal data.
We encourage you to review this Privacy Policy periodically. Your continued use of CrewOS after any changes constitutes acceptance of the updated policy.
17. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
FoundryOS — Email: contact@foundryos.ca
We aim to respond to all privacy-related inquiries within 30 days. If you are unsatisfied with our response, you may have the right to lodge a complaint with your local data protection authority.