Privacy Policy

Last Updated: 21/10/2025

1. Introduction

Crew Chain Ltd ("we," "our," or "us") operates the CrewChain mobile application (iOS and Android) and web platform (the "Service"). This Privacy Policy explains how we collect, use, and protect your personal information when you use our construction project management platform.

This Privacy Policy applies to all users of our Service, including Main Contractors and Subcontractors, and covers our mobile applications (iOS and Android) and web platform.

2. Information We Collect

2.1 Personal Information

• Contact Details: Full name, email address, phone number
  • Main Contractors: Email address required for authentication and document signing
  • Subcontractors: Can authenticate using either phone number or email address. Email address is required for all Subcontractors to enable document signing functionality through our DocuSeal integration
• Account Information: User ID, role (Main Contractor/Subcontractor), company affiliation
• Profile Data: Profile pictures, display names, company information
• Authentication Data: Password (hashed), authentication method (email/phone)
• Professional Data:
  • Certifications: List of professional certifications
  • Certification Files: Photos and PDFs of certification documents
  • Onboarding Data: Onboarding completion status, project assignment
• Notification Preferences: Push notification settings and FCM tokens
• Device Information: Device type, operating system, app version

2.2 Project Data

• Project Information: Project names, addresses, postcodes, descriptions, project codes
• Team Data: Team member lists, roles, permissions, check-in/check-out records
• Work Documentation: Photos, voice note recordings (for work uploads and snag reports)
• Project Files:
  • Design Files: Images and PDFs of architectural drawings, plans, schematics
  • Certification Files: Images and PDFs of professional certifications
  • Document Files: PDFs and other documents uploaded to projects
• Programme Data: Project schedules, timelines, milestones, phase planning, completion tracking
• Location Data: GPS coordinates for site check-in/check-out only, project site locations
• Time Data: Check-in/check-out timestamps, project timelines, completion dates, site attendance records
• Communication Data: Messages, text comments, voice note comments, project updates, team communications
• Quality Control: Snag reports, issue tracking, resolution status
• Progress Tracking: Work completion status, milestone achievements, project phases

2.3 Usage Data

• App Usage: Features used, time spent in app, navigation patterns, session duration
• File Activity:
  • Uploads: Images (JPEG, PNG) and PDFs uploaded to projects
  • Downloads: Design files, certification documents, project documents
  • Views: Which files are accessed and when, viewing duration
• Performance Data: App crashes, loading times, error logs, system performance
• Device Data: Device model, operating system, storage usage, network information

2.4 Financial Data

• Payment Information: Subscription details, payment methods, billing addresses
• Transaction Records: Payment history, invoice data, refund information
• Billing Data: Company billing information, payment terms

3. How We Use Your Information

3.1 Service Provision

• Project Management: Creating and managing construction projects, resource allocation
• Team Collaboration: Facilitating communication between main contractors and subcontractors
• Document Management: Storing and sharing project documents, designs, and certifications
• Attendance Tracking: GPS check-in/check-out functionality for site attendance verification
• Work Documentation: Recording and tracking work progress with photos and voice notes
• Quality Assurance: Monitoring work quality, tracking snags and issues
• Progress Reporting: Generating project reports, status updates, completion tracking
• Programme Management: Managing project schedules, timelines, and milestone tracking

3.2 Communication

• Push Notifications: Project updates, team invitations, work assignments, system alerts
• Email Notifications: Account updates, project invitations, system alerts
• In-App Messages: Project-specific communications, team updates, system messages
• SMS Notifications: Authentication codes for phone-based login

3.3 Business Operations

• Account Management: User authentication, role assignment, access control, data backup and recovery
• Billing: Processing subscription payments for Main Contractors, invoice generation
• Support: Providing customer service and technical support, troubleshooting
• Service Improvement: Understanding app usage through user feedback to improve our services and feature development
• Security: Fraud prevention, account security, suspicious activity detection
• Compliance: Meeting regulatory requirements, audit trails, legal compliance

4. Legal Basis for Processing

4.1 Contract Performance

• Service Delivery: Processing data necessary to provide our construction management services
• User Agreements: Fulfilling our obligations under our Terms of Service
• Project Management: Managing projects and team collaborations as requested
• Billing: Processing payments and managing subscriptions

4.2 Legitimate Interests

• Business Operations: Improving our services and developing new features
• Security: Protecting our platform and users from fraud and abuse
• Analytics: Understanding user behavior to enhance user experience
• Communication: Sending important service-related communications
• Quality Assurance: Monitoring and improving service quality

4.3 Consent

• Optional Features: Using location services and push notifications (with your consent)

4.4 Legal Obligation

• Regulatory Compliance: Meeting UK data protection and software industry requirements
• Record Keeping: Maintaining records as required by law
• Tax Compliance: Meeting HMRC requirements for financial records
• Software Compliance: Complying with software industry standards and regulations

4.5 Vital Interests

• Emergency Situations: Protecting life and safety in emergency situations
• Security Threats: Responding to security threats and potential harm

5. Data Sharing and Disclosure

5.1 Within Your Organization

• Project Teams: Sharing project data with team members and collaborators
• Main Contractors: Access to team member data for project management purposes
• Subcontractors: Access to project data relevant to their work assignments

5.2 Third-Party Services

• Google Cloud Platform: Hosting and processing data (Europe West 2 - London)
• DocuSeal: Document signing and management (Dublin, Ireland)
• Firebase: Authentication, database, and push notifications (Europe West 2 - London)
• Google Maps: Location services and mapping (United States)
• Google reCAPTCHA: Bot detection and form protection (United States)
• OpenCage GmbH: Geocoding services for address-to-coordinate conversion (Germany)

5.3 Legal Requirements

• Law Enforcement: When required by law or court order
• Regulatory Bodies: When required by UK data protection or software industry regulators
• Legal Proceedings: When necessary to protect our rights or comply with legal obligations
• Government Agencies: When required for national security or public safety
• Court Orders: When required by valid legal process

6. Data Security

6.1 Technical Safeguards

• Encryption: Data encrypted in transit and at rest using industry-standard encryption
• Access Controls: Role-based access to sensitive data, secure authentication
• Secure Infrastructure: Hosted on secure, monitored servers with regular security updates
• Regular Updates: Keeping security measures up to date with latest threats
• Network Security: Firewalls, intrusion detection, and monitoring systems
• Data Backup: Regular, secure backups with encryption and access controls

6.2 Operational Safeguards

• Staff Training: Regular data protection training for all staff members
• Access Monitoring: Logging and monitoring data access, regular access reviews
• Incident Response: Procedures for handling data breaches and security incidents
• Regular Audits: Periodic security assessments and vulnerability testing
• Data Minimization: Collecting only necessary data, regular data cleanup
• Secure Development: Security-by-design principles in software development

7. Your Rights

7.1 Access Rights

• Data Access: Request copies of your personal data in a clear, understandable format
• Data Portability: Receive your data in a structured, machine-readable format
• Account Information: View and update your account details at any time
• Processing Information: Understand how your data is being processed
• Third-Party Sharing: Know which third parties have access to your data

7.2 Correction Rights

• Data Accuracy: Correct inaccurate or incomplete data
• Profile Updates: Update your profile information at any time
• Preference Changes: Modify your notification and privacy settings
• Data Verification: Request verification of data accuracy
• Update Requests: Request updates to outdated information

7.3 Deletion Rights

• Right to be Forgotten: Request deletion of your personal data
• Account Deletion: Delete your account and associated data
• Self-Service Deletion: Account deletion is available directly in the app:
  • Main Contractors: Available on both web platform and mobile app
  • Subcontractors: Available on mobile app
  • Deletion is immediate and permanent
• Data Anonymization: Project contributions may be anonymized rather than deleted
• Partial Deletion: Request deletion of specific data categories
• Confirmation: Receive confirmation of data deletion

7.4 How to Exercise Your Rights

• Account Settings: Many rights can be exercised directly through your account settings in the app
• Contact Us: Email i.vaitekunas@crewchain.co.uk for data protection requests
• Response Time: We will respond to all requests within 30 days
• Verification: We may need to verify your identity before processing requests
• No Charge: Exercising your rights is free of charge unless requests are manifestly unfounded or excessive

8. Data Retention

8.1 User Data

• Active Accounts: Retained while account is active and for 3 years after last activity
• Inactive Accounts: Deleted after 3 years of inactivity, with prior notification
• Account Deletion: Deleted immediately upon deletion request, with confirmation
• Profile Data: Retained for duration of account plus 3 years for legal compliance
• Authentication Data: Retained for security purposes, deleted after account closure

8.2 Project Data

• Active Projects: Retained while project is active and for 7 years after completion
• Completed Projects: Retained for 7 years for legal compliance and audit purposes
• Archived Projects: Deleted after 7 years unless legally required to retain longer
• Work Documentation: Retained for 7 years for quality assurance and legal compliance
• Location Data: Retained for 7 years for audit and compliance purposes
• Programme Data: Retained for 7 years for project management and compliance purposes

9. Contact Information

9.1 Data Protection Contact

Email: i.vaitekunas@crewchain.co.uk

Address: 7 John Pope Way, NG24 2FG, Newark on Trent, Nottinghamshire

Response Time: We will respond within 30 days of receiving your request

9.2 ICO Registration

We are registered with the Information Commissioner's Office (ICO) as a data controller. ICO Registration Number: ZC000176

9.3 Complaints

If you have concerns about how we handle your personal data, you can:

• Contact our Data Protection Officer at i.vaitekunas@crewchain.co.uk
• Complain to the ICO at ico.org.uk or by calling 0303 123 1113
• Seek legal advice from a qualified data protection lawyer
• Use our internal complaints procedure (available on request)

This Privacy Policy was last updated on 21/10/2025 and is compliant with UK GDPR and the Data Protection Act 2018.