Privacy Policy

1.1. Account: The user account you create to access the Service.

1.2. User: Any individual or entity using the Service, including Job Seekers and Employers.

1.3. Personal Data: Any information relating to an identified or identifiable natural person.

1.4. Sensitive Data: Special category data, including biometric data, racial or ethnic origin, political opinions, religious beliefs, health data, sexual orientation, and genetic data.

1.5. User Data: All data and content you submit to the Service.

1.6. Cookies: Small text files placed on your device to help the Service recognize repeat visitors and facilitate certain features.

4.1. Consent Required: By providing your phone number and opting in to receive text messages, you consent to receive SMS/text messages from CrewCentral for service notifications, appointment reminders, verification codes, and other transactional communications.

4.2. Message Frequency: Message frequency varies based on your activity and preferences. You may receive multiple messages per week.

4.3. Opt-Out: You can opt out of receiving text messages at any time by replying "STOP" to any text message from us. You may also opt out by updating your preferences in your account settings.

4.4. Message and Data Rates: Standard message and data rates may apply. Contact your mobile carrier for details about your messaging plan.

4.5. Third-Party Service Providers: We use Twilio Inc. and other third-party service providers to deliver text messages. These providers may have access to your phone number and message content for the purpose of message delivery.

4.6. Message Monitoring: For quality assurance, fraud prevention, and compliance purposes, message content may be monitored and reviewed by us and our service providers in accordance with applicable laws and regulations.

Access & Portability: You may request a copy of your Personal Data in a commonly used format.

Correction: You may update or correct inaccurate or incomplete information via your Account settings or by contacting us.

Deletion: You may request deletion of your Personal Data, subject to legal obligations to retain certain records.

Objection & Restriction: Where lawful, you may object to or request restriction of processing based on legitimate interests or direct marketing.

Withdraw Consent: If processing is based on consent, you may withdraw consent at any time without affecting prior processing.

Opt-Out: You can opt out of marketing communications by clicking "unsubscribe" or via in-app settings.

13.1. The Service may contain links to third-party websites, applications, or services, or may integrate with third-party APIs and data sources. We are not responsible for their privacy practices or data handling.

13.2. We encourage you to review the privacy policies of any third-party services before providing them with your personal information.

13.3. This Privacy Policy does not apply to information collected by third parties through their own services or websites.

14.1. Data Export: You may request an export of your personal data in a commonly used format (JSON, CSV, or PDF) by contacting us at support@crewcentral.com. We will provide this data within 30 days of your request.

14.2. Account Deletion: You may request deletion of your account and associated personal data at any time. Upon deletion, your data will be permanently removed within 30 days, except where retention is required by law.

14.3. Data Retention: After account deletion or 24 months of inactivity, we permanently delete personal data unless legal obligations require longer retention (e.g., tax records, legal disputes).

15.1. COPPA Compliance: Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information immediately.

15.2. GDPR Rights: If you are located in the European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data.

15.3. CCPA Rights: If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete personal information, and the right to opt-out of the sale of personal information.

15.4. Data Subject Requests: To exercise any of these rights, please contact us at support@crewcentral.com with your request and proof of identity. We will respond within 30 days.

16.1. Accessibility Commitment: We strive to make our Service accessible to users with disabilities and aim to comply with Web Content Accessibility Guidelines (WCAG) 2.1 Level AA standards.

16.2. Privacy Support: For questions about this Privacy Policy, data requests, accessibility issues, or privacy concerns, please contact us at support@crewcentral.com or +1(949)400-3549. We aim to respond within 48 hours.

17.1. Automated Matching: We use automated algorithms to match job seekers with relevant job opportunities and to rank applicants for employers. This processing is based on profile information, skills, experience, and preferences you provide.

17.2. No Solely Automated Decisions: We do not make decisions based solely on automated processing that would have legal or similarly significant effects on you. All hiring decisions remain with employers.

17.3. Your Rights: You have the right to request human intervention, express your point of view, and contest any automated decision-making that affects you. Contact us at support@crewcentral.com to exercise these rights.

18.1. Strictly Necessary Cookies: These cookies are essential for the Service to function and cannot be disabled. They include authentication, security, and basic functionality cookies.

18.2. Non-Essential Cookies: We use analytics and marketing cookies only with your consent. You can manage these preferences through our cookie banner or in your account settings.

18.3. Cookie Banner: When you first visit our Service, you'll see a cookie consent banner allowing you to accept or decline non-essential cookies. You can change your preferences at any time.

18.4. Browser Controls: You can also manage cookies through your browser settings, though this may affect Service functionality.

19.1. Analytics & Performance: Google Analytics (usage analytics), Mixpanel (user behavior tracking), Vercel (hosting and performance monitoring).

19.2. Communication Services: Twilio Inc. (SMS/text messaging), SendGrid (email delivery), Google Meet (video conferencing integration).

19.3. Infrastructure & Security: Amazon Web Services (cloud hosting), Cloudflare (CDN and security), Auth0 (authentication services).

19.4. Social Authentication: Google OAuth (account authentication), Facebook Login (account authentication), GitHub OAuth (account authentication), LinkedIn OAuth (account authentication), Microsoft OAuth (account authentication), Apple Sign-In (account authentication). We only collect your email address and basic profile information for account creation and authentication purposes.

19.5. AI & Machine Learning: OpenAI (content generation and matching algorithms), Pinecone (vector database for semantic search).

19.6. Data Processing: All third-party providers are contractually bound to protect your data and use it only for the specified purposes. We regularly review and update our vendor relationships.

20.1. Breach Response Plan: We have implemented comprehensive security measures and incident response procedures to protect your personal data and respond quickly to any potential breaches.

20.2. Regulatory Notification: In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authorities within 72 hours of becoming aware of the breach, as required by applicable law.

20.3. User Notification: If a breach is likely to result in a high risk to your personal data, we will notify you without undue delay via email, in-app notification, or prominent website notice, including information about the nature of the breach and steps you can take to protect yourself.

20.4. Mitigation Measures: We will take immediate steps to contain the breach, assess the impact, and implement additional security measures to prevent similar incidents.

21.1. DPIA Commitment: We conduct Data Protection Impact Assessments (DPIAs) for any high-risk processing activities, particularly those involving automated decision-making, large-scale processing of personal data, or new technologies that may affect your privacy rights.

21.2. Privacy by Design: We implement privacy-by-design principles in our product development, ensuring that data protection considerations are integrated into new features and services from the outset.

21.3. Ongoing Assessment: We regularly review and update our data processing activities to ensure they remain compliant with applicable privacy laws and best practices.

22.1. We may update this Policy from time to time. Material changes will be communicated via email, in-app notification, or prominent notice on our website at least 30 days before taking effect.

22.2. Your continued use of the Service after any changes constitutes acceptance of the revised Policy. If you do not agree to the changes, you must stop using the Service.

22.3. We will maintain previous versions of this Policy in our archives for your reference.