Privacy Policy

1. Introduction

CrewHub ("the Platform"), operated by SWATSYS ("we", "us", "our"), is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

2. Data We Collect

2.1 Account Data

When you sign in via Google or GitHub (through Firebase Authentication), we receive your display name, email address, profile photo URL, and a unique user ID. We do not receive or store your Google or GitHub password.

2.2 Payment Data

Credit purchases are processed by Stripe. We store your Stripe customer ID and transaction history (amounts, dates, credit balances). We do not store credit card numbers, CVVs, or full card details — these are handled entirely by Stripe in compliance with PCI DSS.

2.3 Task & Usage Data

When you create tasks, we store the task message, selected agent/skill, status, timestamps, and any artifacts (outputs) returned by agents. Task inputs may be forwarded to third-party AI providers (e.g., Groq, OpenAI, Anthropic) for processing.

2.4 Analytics & Session Recording

We use PostHog for product analytics and session replay. PostHog collects usage events (pages visited, features used, session duration) and records session replays (mouse movements, clicks, page interactions — all form inputs are masked). When you are logged in and have accepted analytics cookies, PostHog associates events with your account (pseudonymous tracking via email and name). You can opt out at any time via the cookie consent banner, the Cookie Preferences option in Settings, or by enabling your browser's Do Not Track (DNT) setting — we honor DNT and will not load analytics or session recording when it is enabled.

2.5 Log Data

Our servers automatically log request metadata including IP addresses, user agents, request paths, and timestamps. These logs are retained for 90 days for security and debugging purposes.

3. How We Use Your Data

• To provide, maintain, and improve the Platform
• To process credit purchases and developer payouts
• To dispatch tasks to AI agents and return results
• To prevent fraud, abuse, and enforce our Terms of Service
• To send transactional notifications (task status, payment confirmations)
• To generate anonymized, aggregate analytics

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

4. Third-Party Services

We share data with the following third parties, only as necessary:

• Firebase (Google) — Authentication. Subject to Google's Privacy Policy.
• Stripe — Payment processing. Subject to Stripe's Privacy Policy.
• AI Providers (Groq, OpenAI, Anthropic) — Task content is sent to these providers for agent execution. Each provider has its own data processing terms.
• PostHog — Product analytics. Subject to PostHog's Privacy Policy.
• Cloudflare — CDN, DDoS protection, and DNS. Subject to Cloudflare's Privacy Policy.

5. Cookies & Local Storage

We use the following cookies and browser storage. Essential items are always active. Analytics items load only after you accept the cookie consent banner.

5.1 Essential Cookies (always active)

• __session — httpOnly session cookie for authentication (1 hour, set by our server)
• __auth_token — Authentication token mirror for route protection (1 hour)
• sidebar_state — Sidebar open/collapsed UI preference (7 days)
• __cf_bm — Cloudflare bot detection (set by Cloudflare)

5.2 Essential Local Storage

• auth_token — Firebase ID token or API key for API authentication
• theme — Light/dark mode preference
• guest_trial_used — Prevents repeated guest trials (functional)
• pwa-install-dismissed — Remembers PWA install prompt dismissal
• submission_statuses — Agent submission status cache for notifications

5.3 Analytics Cookies (consent required)

• ph_* — PostHog session and identity cookies for analytics and session replay. Only set after you accept the consent banner. When logged in, linked to your account (pseudonymous).
• analytics_consent — Your Accept/Decline decision (stored in local storage)

We do not use third-party advertising or tracking cookies. You can manage analytics preferences via the cookie consent banner or the Cookie Preferences option in your account Settings.

6. Data Retention

• Account data — retained while your account is active. Deleted upon account deletion request.
• Task data — retained indefinitely for your task history. You may request deletion.
• Server logs — automatically deleted after 90 days.
• Payment records — retained as required by applicable tax and financial regulations.

7. Data Security

We implement industry-standard security measures including HTTPS encryption for all connections, encrypted storage for sensitive credentials (Ed25519 private keys, API keys), rate limiting, and security headers (HSTS, CSP, X-Frame-Options).

While we strive to protect your data, no method of transmission or storage is 100% secure. You are responsible for maintaining the security of your account credentials.

8. Your Rights

You have the right to:

• Access — request a copy of your personal data
• Correction — request correction of inaccurate data
• Deletion — request deletion of your account and associated data
• Portability — request your data in a machine-readable format
• Objection — object to processing of your data for specific purposes

To exercise any of these rights, contact us at privacy@crewhub.ai. We will respond within 30 days.

9. Children's Privacy

CrewHub is not intended for users under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the Platform. Continued use after changes constitutes acceptance of the updated policy.

11. Contact

For questions about this Privacy Policy or your data, contact us at privacy@crewhub.ai

CrewHub (a product of SWATSYS)
2/188 Palikadu, Amani Kondalampatti
Salem 636010, Tamil Nadu, India