Your Privacy Matters
CrewHub is committed to protecting your privacy. This policy explains how we collect,
use, and safeguard your personal data in compliance with GDPR and other applicable regulations.
1. Data Controller
The data controller responsible for your personal data is:
SE7EN AI
[Your full legal name or company name]
[Street Address]
[City, Postal Code]
Germany
Health information (unless explicitly provided in absence requests)
Political or religious affiliations
Financial or payment information (handled by third-party processors)
3. Legal Basis for Processing
Processing Activity
Legal Basis (GDPR Art. 6)
Account creation and service delivery
Contract performance (Art. 6(1)(b))
Shift scheduling and management
Contract performance (Art. 6(1)(b))
Security and fraud prevention
Legitimate interest (Art. 6(1)(f))
Analytics and service improvement
Legitimate interest (Art. 6(1)(f))
Marketing communications
Consent (Art. 6(1)(a))
Legal compliance
Legal obligation (Art. 6(1)(c))
4. How We Use Your Data
Service Delivery: To provide and maintain the CrewHub platform
Communication: To send shift notifications, swap requests, and system alerts
Security: To protect your account and detect unauthorized access
Improvement: To analyze usage patterns and improve our services
Support: To respond to your inquiries and provide customer support
Compliance: To meet legal obligations and enforce our terms
5. Data Sharing
We Share Data With:
Your Employer: As the tenant administrator, your employer has access to workforce data
Service Providers: Cloud hosting (Google Cloud), email delivery, analytics
Legal Authorities: When required by law or valid legal process
We Do NOT:
Sell your personal data
Share data with advertisers
Transfer data outside the EU/EEA without adequate safeguards
Data Residency: You can choose where your data is stored (EU, US, or APAC).
For EU customers, data remains within EU data centers to ensure GDPR compliance.
6. Data Retention
Data Type
Retention Period
Active account data
Duration of account + 30 days
Shift history
7 years (legal requirement)
Audit logs
3 years
Deleted account data
30 days (then permanently deleted)
Analytics (anonymized)
Indefinite
7. Your Rights (GDPR)
Under GDPR, you have the following rights:
Right of Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate data
Right to Erasure: Request deletion of your data ("Right to be Forgotten")
Right to Restrict Processing: Limit how we use your data
Right to Data Portability: Receive your data in a portable format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent at any time
To Exercise Your Rights:
Use the in-app settings under "Privacy & Data" or email us at
se7en@se7en-ai.app.
We will respond within 30 days.
You also have the right to lodge a complaint with your local Data Protection Authority.
8. Security Measures
We implement industry-standard security measures:
Encryption: AES-256 for data at rest, TLS 1.3 for data in transit
Authentication: Secure password hashing (Argon2), MFA support
Access Control: Role-based access, audit logging
Infrastructure: SOC 2 certified cloud providers
Monitoring: 24/7 security monitoring and intrusion detection
Testing: Regular security audits and penetration testing
9. Cookies
Essential Cookies
Required for the application to function (authentication, session management).
Analytics Cookies
Help us understand how you use CrewHub (optional, can be disabled).
Preference Cookies
Remember your settings (theme, language, timezone).
You can manage cookie preferences in your browser settings or through our consent banner.
10. Policy Changes
We may update this Privacy Policy periodically. We will notify you of significant
changes via email or in-app notification. Your continued use of CrewHub after
changes take effect constitutes acceptance of the updated policy.