Privacy Policy

How we collect, use, and protect your information

Last Updated: 30/04/2026

1. Introduction

Crew Chain Ltd ("we," "our," or "us") operates the CrewChain mobile application (iOS and Android) and web platform (the "Service"). This Privacy Policy explains how we collect, use, and protect your personal information when you use our construction project management platform.

Data Controller: Crew Chain Ltd

Company Registration: 16616527

ICO Registration Number: ZC000176

DPO contact: i.vaitekunas@crewchain.co.uk

Address: 7 John Pope Way, NG24 2FG, Newark on Trent, Nottinghamshire

Contact: support@crewchain.co.uk

Website: www.crewchain.co.uk

This Privacy Policy applies to all users of our Service, including Main Contractors and Subcontractors, and covers our mobile applications (iOS and Android) and web platform.

2. Information We Collect

2.1 Personal Information

  • Contact Details: Full name, email address, phone number
    • Main Contractors: Email address required for authentication and account administration
    • Subcontractors: Can authenticate using either phone number or email address
  • Account Information: User ID, role (Main Contractor/Subcontractor), company affiliation
  • Profile Data: Profile pictures, display names, company information
  • Company branding (Pro/Pro+): Optional company logo image, colour values (such as accent, page surfaces, and optional sidebar/panel colours on the web), and related display preferences stored on your company record; used to customise the Service for your organisation on web and, where supported, on mobile
  • Authentication Data: Password (hashed), authentication method (email/phone)
  • Professional Data:
    • Certifications: List of professional certifications
    • Certification Files: Photos and PDFs of certification documents
    • Onboarding Data: Onboarding completion status, project assignment
  • Notification Preferences: Push notification settings and FCM tokens
  • Device Information: Device type, operating system, app version

2.2 Project Data

  • Project Information: Project names, addresses, postcodes, descriptions, project codes
  • Team Data: Team member lists, roles, permissions, check-in/check-out records
  • Work Documentation: Photos, voice note recordings (for work uploads and snag reports)
  • Project Files:
    • Design Files: Images and PDFs of architectural drawings, plans, schematics
    • Certification Files: Images and PDFs of professional certifications
    • Document Files: PDFs and other documents uploaded to projects
    • Signed Documents: Signed PDFs generated by the Service, including signing metadata and signature images where applicable
  • Programme Data: Project schedules, timelines, milestones, phase planning, completion tracking
  • Location Data: Coordinates and related metadata for site attendance. This includes: (a) when you manually check in or check out, a location fix from your device to verify you are within the project geofence (where you grant permission); (b) project site locations and geofence radii configured for your projects; (c) if you use automatic attendance features and grant the permissions your device requests (on iOS this may include Always location access so geofencing can work when the app is not open), geofence (region) monitoring around the site while you are checked in, so we can record automatic check-out when you leave the site boundary and automatic check-in when you re-enter. Geofencing uses the operating system’s region services and is not the same as logging your continuous position everywhere; we process these boundary events for attendance and audit logs. Some automatic events may associate coordinates with the configured site boundary rather than a fresh GPS fix each time.
  • Time Data: Check-in/check-out timestamps, project timelines, completion dates, site attendance records
  • Communication Data: Messages, text comments, voice note comments, project updates, team communications
  • Quality Control: Snag reports, issue tracking, resolution status
  • Progress Tracking: Work completion status, milestone achievements, project phases

2.3 Usage Data

  • App Usage: Features used, time spent in app, navigation patterns, session duration
  • File Activity:
    • Uploads: Images (JPEG, PNG) and PDFs uploaded to projects
    • Downloads: Design files, certification documents, project documents
    • Views: Which files are accessed and when, viewing duration
  • Performance Data: App crashes, loading times, error logs, system performance
  • Device Data: Device model, operating system, storage usage, network information

2.4 Financial Data

  • Subscription details: Plan selected, billing interval, subscription status, and seat limits/usage for Main Contractors
  • Transaction records: Payment history, invoice/receipt metadata, and refund metadata (where applicable)
  • Billing data: Company billing information and contact details
  • Stripe identifiers: Stripe customer IDs, subscription IDs, invoice IDs and other transaction identifiers used to administer billing and support
  • Payment method data: Payment card and bank details are processed by our payment processor (Stripe). We do not store full card numbers

2.5 Document signing data

  • Signature image: A signature image captured from the signer and used to generate signed PDF documents
  • Signing timestamp: The date/time a document was signed or acknowledged
  • Document identifiers: Document hashes/identifiers and related audit metadata used to help verify document integrity and signing history

2.6 Website contact form

If you use the enquiry form at www.crewchain.co.uk/contact, we collect:

  • Name and email address (required)
  • Message and topic (which team should receive it)
  • Company name and phone number if you choose to provide them

We use this solely to respond to your enquiry unless a separate lawful basis applies (for example if you become a customer). We retain contact form enquiries only as long as needed to respond and for ordinary business records.

3. How We Use Your Information

3.1 Service Provision

  • Project Management: Creating and managing construction projects, resource allocation
  • Team Collaboration: Facilitating communication between main contractors and subcontractors
  • Document Management: Storing and sharing project documents, designs, and certifications
  • Attendance Tracking: GPS and geofence-based check-in/check-out, including optional automatic check-out when leaving the site and automatic check-in on return, where enabled and permitted on your device
  • Work Documentation: Recording and tracking work progress with photos and voice notes
  • Quality Assurance: Monitoring work quality, tracking snags and issues
  • Progress Reporting: Generating project reports, status updates, completion tracking
  • Programme Management: Managing project schedules, timelines, and milestone tracking

3.2 Communication

  • Website enquiries: When you submit the contact form, we process your details to reply to you
  • Push Notifications: Project updates, team invitations, work assignments, system alerts
  • Email Notifications: Account updates, project invitations, system alerts
  • In-App Messages: Project-specific communications, team updates, system messages
  • SMS Notifications: Authentication codes for phone-based login

3.3 Business Operations

  • Account Management: User authentication, role assignment, access control, data backup and recovery
  • Billing: Processing subscription payments for Main Contractors, invoice generation
  • Support: Providing customer service and technical support, troubleshooting
  • Service Improvement: Understanding app usage through user feedback to improve our services and feature development
  • Security: Fraud prevention, account security, suspicious activity detection
  • Compliance: Meeting regulatory requirements, audit trails, legal compliance

4. Legal Basis for Processing

4.1 Contract Performance

  • Service Delivery: Processing data necessary to provide our construction management services
  • User Agreements: Fulfilling our obligations under our Terms of Service
  • Project Management: Managing projects and team collaborations as requested
  • Billing: Processing payments and managing subscriptions

4.2 Legitimate Interests

  • Business Operations: Improving our services and developing new features
  • Security: Protecting our platform and users from fraud and abuse
  • Analytics: Understanding user behavior to enhance user experience
  • Communication: Sending important service-related communications
  • Quality Assurance: Monitoring and improving service quality

4.3 Consent

  • Optional Features: Push notifications (with your consent). Location services where required or offered by your device for check-in verification and geofence-based attendance (you control permission levels in system settings; on iOS, background geofence features typically require Always location permission)

4.4 Legal Obligation

  • Regulatory Compliance: Meeting UK data protection and software industry requirements
  • Record Keeping: Maintaining records as required by law
  • Tax Compliance: Meeting HMRC requirements for financial records
  • Software Compliance: Complying with software industry standards and regulations

4.5 Vital Interests

  • Emergency Situations: Protecting life and safety in emergency situations
  • Security Threats: Responding to security threats and potential harm

5. Data Sharing and Disclosure

5.1 Within Your Organization

  • Project Teams: Sharing project data with team members and collaborators
  • Main Contractors: Access to team member data for project management purposes
  • Subcontractors: Access to project data relevant to their work assignments

5.2 Third-Party Services

  • Google Cloud Platform: Hosting and processing data (Europe West 2 - London)
  • Resend: Sending transactional emails (including company registration and billing messages, and delivery of enquiries submitted via our website contact form)
  • In-app signing: Document signing and signed PDF generation is performed within the Service (hosted on our infrastructure)
  • Firebase: Authentication, database, and push notifications (Europe West 2 - London)
  • Google reCAPTCHA (v3): Bot detection and abuse prevention for our web platform
  • Google Maps: Location services and mapping (United States)
  • OpenCage GmbH: Geocoding services for address-to-coordinate conversion (Germany)
  • Stripe: Payment processing, fraud prevention and invoicing/receipts for subscriptions (see Section 2.4 Financial Data)

5.3 Legal Requirements

  • Law Enforcement: When required by law or court order
  • Regulatory Bodies: When required by UK data protection or software industry regulators
  • Legal Proceedings: When necessary to protect our rights or comply with legal obligations
  • Government Agencies: When required for national security or public safety
  • Court Orders: When required by valid legal process

6. Data Security

6.1 Technical Safeguards

  • Encryption: Data encrypted in transit and at rest using industry-standard encryption
  • Access Controls: Role-based access to sensitive data, secure authentication
  • Secure Infrastructure: Hosted on secure, monitored servers with regular security updates
  • Regular Updates: Keeping security measures up to date with latest threats
  • Network Security: Firewalls, intrusion detection, and monitoring systems
  • Data Backup: Regular, secure backups with encryption and access controls

6.2 Operational Safeguards

  • Staff Training: Regular data protection training for all staff members
  • Access Monitoring: Logging and monitoring data access, regular access reviews
  • Incident Response: Procedures for handling data breaches and security incidents
  • Regular Audits: Periodic security assessments and vulnerability testing
  • Data Minimization: Collecting only necessary data, regular data cleanup
  • Secure Development: Security-by-design principles in software development

7. Your Rights

7.1 Access Rights

  • Data Access: Request copies of your personal data in a clear, understandable format
  • Data Portability: Receive your data in a structured, machine-readable format
  • Account Information: View and update your account details at any time
  • Processing Information: Understand how your data is being processed
  • Third-Party Sharing: Know which third parties have access to your data

7.2 Correction Rights

  • Data Accuracy: Correct inaccurate or incomplete data
  • Profile Updates: Update your profile information at any time
  • Preference Changes: Modify your notification and privacy settings
  • Data Verification: Request verification of data accuracy
  • Update Requests: Request updates to outdated information

7.3 Deletion Rights

  • Right to be Forgotten: Request deletion of your personal data
  • Account Deletion: Delete your account and associated data
  • Self-Service Deletion: Account deletion is available directly in the app:
    • Main Contractors: Available on both web platform and mobile app
    • Subcontractors: Available on mobile app
    • Deletion is immediate and permanent
  • Data Anonymization: Project contributions may be anonymized rather than deleted
  • Partial Deletion: Request deletion of specific data categories
  • Confirmation: Receive confirmation of data deletion

7.4 How to Exercise Your Rights

  • Account Settings: Many rights can be exercised directly through your account settings in the app
  • Contact Us: Email i.vaitekunas@crewchain.co.uk for data protection requests
  • Response Time: We will respond to all requests within 30 days
  • Verification: We may need to verify your identity before processing requests
  • No Charge: Exercising your rights is free of charge unless requests are manifestly unfounded or excessive

8. Data Retention

8.1 User Data

  • Active Accounts: Retained while account is active and for 3 years after last activity
  • Inactive Accounts: Deleted after 3 years of inactivity, with prior notification
  • Account Deletion: Deleted immediately upon deletion request, with confirmation
  • Profile Data: Retained for duration of account plus 3 years for legal compliance
  • Authentication Data: Retained for security purposes, deleted after account closure

8.2 Project Data

  • Active Projects: Retained while project is active and for 7 years after completion
  • Completed Projects: Retained for 7 years for legal compliance and audit purposes
  • Archived Projects: Deleted after 7 years unless legally required to retain longer
  • Work Documentation: Retained for 7 years for quality assurance and legal compliance
  • Location Data: Retained for 7 years for audit and compliance purposes
  • Programme Data: Retained for 7 years for project management and compliance purposes

8.3 Billing and tax records

  • We may retain billing and invoice records (including Stripe transaction identifiers) for as long as necessary to meet our accounting and tax obligations

9. Contact Information

9.1 Data Protection Contact

Email: i.vaitekunas@crewchain.co.uk

Address: 7 John Pope Way, NG24 2FG, Newark on Trent, Nottinghamshire

Response Time: We will respond within 30 days of receiving your request

9.2 ICO Registration

We are registered with the Information Commissioner's Office (ICO) as a data controller. ICO Registration Number: ZC000176

9.3 Complaints

If you have concerns about how we handle your personal data, you can:

  • Contact our Data Protection Officer at i.vaitekunas@crewchain.co.uk
  • Complain to the ICO at ico.org.uk or by calling 0303 123 1113
  • Seek legal advice from a qualified data protection lawyer
  • Use our internal complaints procedure (available on request)

This Privacy Policy was last updated on 11/04/2026 and is compliant with UK GDPR and the Data Protection Act 2018.