Crewshift Privacy Policy
Last updated: February 12, 2026 Version: 1.11. Data Controller
The controller of personal data is:
Brillnet - Piotr Adamskiul. Sienkiewicza 73/6
90-057 Lodz, Poland
Tax ID (NIP): 732-177-90-60
Contact for privacy matters: hello@crewshift-app.com
2. Data Protection Contact
For all personal data processing matters, you can contact:
Barbara AdamskaE-mail: hello@crewshift-app.com
3. Categories of personal data
Within Crewshift, we process:
3.1 Account data
- E-mail address
- Full name
- Role/function in organization
- Phone number (optional)
3.2 Organization data
- Organization/company name
- Tax/registration identifiers (where applicable)
- Business contact details
- Operational profile
3.3 Scheduling and attendance data
- Shift schedules
- Working time events (start/end/breaks)
- Attendance and absence records
- Leave and time-off requests
- Schedule change history
3.4 Employee data entered by employer
- Names and surnames
- E-mail addresses
- Phone numbers (optional)
- Position/skills information
- Availability preferences
- Hourly rates (if provided)
3.5 Technical and security data
- IP address
- Activity logs (login and operations)
- Device/browser metadata
- Session and authentication metadata
3.6 Cookies and analytics data
- Essential cookies
- Optional analytics cookies (with consent)
- Session identifiers
4. Purposes and legal bases
We process personal data for the following purposes:
4.1 Contract performance (Art. 6(1)(b) GDPR)
- Account provisioning and maintenance
- Delivery of Service features
- Scheduling and attendance workflows
- Technical support and service communication
4.2 Legitimate interests (Art. 6(1)(f) GDPR)
- Security and fraud prevention
- Service quality improvement
- Incident diagnostics and reliability
- AI-assisted operational predictions (e.g. no-show risk)
4.3 Legal obligations (Art. 6(1)(c) GDPR)
- Accounting and tax obligations
- Cooperation with competent authorities
- Mandatory legal retention requirements
4.4 Consent (Art. 6(1)(a) GDPR)
- Optional analytics cookies
- Optional marketing communication
- Any optional features explicitly configured as consent-based
5. Recipients and subprocessors
We use trusted subprocessors to operate the Service.
| Subprocessor | Purpose | Region |
|---|---|---|
| Stripe | Payment processing | EU/US |
| SendGrid/Twilio | Transactional e-mail | US |
| Firebase | Authentication | EU/US |
| Sentry | Error monitoring | EU |
| PostgreSQL provider | Primary database hosting | EU |
| Redis/cache provider | Performance and caching | EU |
| Google Analytics (optional) | Analytics with consent | US |
A current subprocessor list is available here: Subprocessor List.
6. International transfers
Where personal data is transferred outside EEA, we apply appropriate safeguards, including one or more of:
- EU Standard Contractual Clauses (SCCs)
- EU-US Data Privacy Framework participation (where applicable)
- Additional technical and organizational safeguards
7. Retention periods
Retention is limited to what is necessary for service provision, legal compliance and legitimate business continuity.
Typical retention categories:
| Data category | Typical retention |
|---|---|
| Account data | During contract + legal limitation period |
| Operational schedules/attendance | During service period + configured retention |
| Billing records | As required by accounting/tax law |
| Security logs | Limited security retention window |
8. Data subject rights
Under GDPR and applicable law, data subjects may request:
- Access to personal data
- Rectification
- Erasure (where legally applicable)
- Restriction of processing
- Data portability
- Objection to processing based on legitimate interest
- Withdrawal of consent (for consent-based processing)
Requests can be sent to: hello@crewshift-app.com
You also have the right to lodge a complaint with a competent supervisory authority.
9. Security measures
We implement technical and organizational safeguards proportionate to risk, including:
- Encryption in transit (TLS)
- Access control and role-based permissions
- Security logging and monitoring
- Backup and recovery controls
- Environment separation and deployment controls
No system is fully risk-free, but safeguards are continuously reviewed and improved.
10. Automated processing and AI features
Crewshift may provide AI-assisted recommendations and predictions. These outputs:
- Are decision-support only
- Do not replace managerial or legal judgment
- Should be validated by the Organization before operational/legal use
11. Children's data
The Service is intended for professional/business use and is not targeted to children.
12. Changes to this Privacy Policy
We may update this policy to reflect legal, product or operational changes.
Material updates are communicated through service channels (in-app notice and/or e-mail).
13. Contact
Privacy and data rights contact: hello@crewshift-app.com