Privacy Policy
1. Who This Applies To
This Privacy Policy applies to everyone who visits crewcompliance.org or uses any CrewCompliance service ("Service"). CrewCompliance ("we," "us," or "our") operates the Service.
Questions? Contact us: privacy@crewcompliance.org · San Francisco, California
2. Information We Collect
2.1 Information You Give Us
Account information (when you register):
- Your name and email address
- Your company name and address
- Your phone number (optional)
Questionnaire information (to generate your Document):
When you complete our questionnaire, we collect the business information you enter, which may include:
- Your trade(s) and type of work performed
- Number of employees and job types
- Work states and locations
- Equipment and machinery used
- Chemicals and hazardous materials on-site
- Emergency contacts and first aid resources
- Prior OSHA citations or incidents (optional)
- Any other details you choose to provide
This information is used to generate your safety program Document. You control what you share — more detail generally means a more complete Document.
Purchase information:
When you buy, we receive order details including your email, billing address, and the last 4 digits of your payment card. Full payment processing is handled by Stripe — we never see or store your full card number.
2.2 Information We Collect Automatically
When you visit our website, we may automatically collect:
- IP address and basic request metadata for security, abuse prevention, and infrastructure logs
- Browser type and version
- Device type and operating system
- Pages you visit and time you spend on them
- How you arrived at our site (referring URL or referring domain)
- Click patterns and navigation
We also do basic first-party visit counting for our own internal dashboard even when analytics cookies are declined. That basic counter stores only a normalized page path and timestamp into hourly aggregates. It does not use cookies, localStorage IDs, fingerprinting, stored IP addresses, stored user-agents, stored referrers, or cross-page identifiers.
If you accept analytics, we also record separate anonymous pageview analytics for our internal dashboard, such as page path, source/UTM tags, referrer domain, and anonymous visitor/session IDs. Our consented first-party analytics records do not store your email address, raw IP address, or full external referrer URL in the analytics dataset itself.
We use this information for security, fraud prevention, and improving the Service.
2.3 Cookies
We use cookies (small text files stored on your device) for:
- Staying logged in — session management
- Security — fraud detection and prevention
- Analytics — understanding how visitors use the site through separate consent-gated first-party analytics and PostHog
Even if you decline analytics cookies, we still do basic non-identifying first-party visit counting that does not use cookies or localStorage IDs. For more details, see our Cookie Policy.
You can disable cookies in your browser settings. Some features (like staying logged in) may not work without cookies.
3. How We Use Your Information
We use your information to:
- Provide the Service — generate your Document based on your questionnaire answers
- Process payments — complete your purchase and manage billing
- Communicate with you — send order confirmations, document delivery emails, and support responses
- Keep the Service secure — detect and prevent fraud, abuse, and unauthorized access
- Improve our templates — analyze anonymized patterns to build better documents
- Comply with the law — respond to legal requirements, court orders, or government requests
We use anonymized, aggregated data (data that can't be traced back to you) for analytics and product improvement.
What we don't do:
- Sell your information to third parties
- Send you unsolicited marketing without your consent
- Use your data to make automated decisions that significantly affect your legal rights
4. Who We Share Your Information With
We don't sell, rent, or trade your personal information. We share it only in these limited circumstances:
4.1 Service Providers
We work with a small number of third-party vendors who help operate the Service. They receive only the data they need to do their job and are contractually required to protect it:
- Stripe — Payment processing (stripe.com/privacy)
- Netlify — Servers and infrastructure (netlify.com/privacy)
- ProtonMail — Transactional emails (order confirmations, delivery)
- PostHog — Usage analytics (anonymized data only, posthog.com/privacy)
- CrewCompliance first-party analytics — Anonymous pageview/session analytics stored in our own infrastructure and surfaced only in our private dashboard
4.2 Legal Requirements
We may disclose your information if required by law, subpoena, or court order, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
4.3 Business Transfers
If CrewCompliance is acquired by or merged with another company, your information may be transferred as part of that transaction. We will notify you before your data moves to a different privacy policy.
4.4 With Your Permission
We may share your information with other parties when you explicitly authorize us to.
5. Data Security
We use industry-standard security practices to protect your information:
- Encrypted connections (HTTPS/TLS) for all data transmitted to and from the Service
- Encrypted storage for sensitive data
- Access controls limiting who can see your information internally
- Regular security reviews
No online service is completely immune to security threats. If we experience a data breach that affects your personal information, we will notify you as required by applicable law.
6. How Long We Keep Your Data
| Type of Data | Retention Period |
|---|---|
| Account information | Until you request deletion, or 3 years after last activity |
| Questionnaire responses | 3 years, or until deletion request |
| Generated Documents | Available for 1 year — download and save your own copy |
| Payment records | As required by law (typically 7 years for tax purposes) |
| Security logs | 90 days |
| Basic first-party visit counts | 30 days in hourly aggregates |
| Consented anonymized traffic analytics | 90 days in our systems |
7. Your Rights and Choices
7.1 Access and Correction
You can view and update your account information by contacting us at any time.
7.2 Delete Your Account
You can request deletion of your account and personal data by emailing privacy@crewcompliance.org. We'll process your request within 30 days. Note: we must retain some records (payment history, etc.) as required by law even after account deletion.
7.3 Marketing Emails
If we send you marketing emails, you can unsubscribe at any time using the link in the email or by contacting privacy@crewcompliance.org. You'll still receive transactional emails (order confirmations, document delivery, account notices).
7.4 California Residents — CCPA Rights
If you're a California resident, you have the right to:
- Know what personal information we've collected, used, or shared about you
- Delete your personal information (with certain exceptions)
- Opt out of the "sale" of personal information — we don't sell personal information, so this right is automatically satisfied
- Non-discrimination — we won't treat you differently for exercising your privacy rights
To exercise these rights, email privacy@crewcompliance.org. We'll respond within 45 days. We may need to verify your identity before processing requests.
7.5 International Users
CrewCompliance is a US-based service designed for US customers. If you are located outside the US, please be aware that your data will be transferred to and stored in the United States. We do not actively market to or target EU/UK users. If you have questions about your data, contact us at privacy@crewcompliance.org.
8. Children's Privacy
Our Service is intended for business owners and company representatives who are at least 18 years old. We do not knowingly collect personal information from anyone under 18. If you believe we've received information from a child, please contact us at privacy@crewcompliance.org and we'll delete it promptly.
9. Third-Party Links
Our website may contain links to other websites. We are not responsible for the privacy practices of those sites. We encourage you to read their privacy policies before providing any information.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We'll let you know about material changes by updating the "Last Updated" date at the top of this page. For significant changes, we may also send you an email. Your continued use of the Service after changes are posted means you accept the updated policy.
11. Contact Us
If you have questions, concerns, or requests related to your privacy:
CrewCompliance
Attn: Privacy
San Francisco, California
privacy@crewcompliance.org
(650) 780-3035