Privacy Policy

1. Information we collect

We collect information you provide directly to us, such as when you create an account, connect a store, invite teammates, or purchase a plan. This includes:

• Account information (name, email, password OR Google OAuth profile)
• Store connection data (store credentials, store URL, platform detection data)
• Usage data (team activity, approvals, session logs, audit receipts)
• Team membership (the people on your account and their roles — owner / admin / member / viewer)
• Billing data (Stripe customer + subscription handles, payment status — we never store card numbers)

2. Third-party processors

To deliver Crewmerce we share specific data with named sub-processors:

• Stripe — billing data for subscription management and PCI-compliant payment processing
• Cloudflare Turnstile — anti-bot signals to protect signup and key endpoints from abuse; no payload data leaves your browser session
• Anthropic Claude / OpenAI / BFL / Google Gemini / fal.ai — AI inference for the Workers your team runs. Each provider receives only the specific context needed for that action
• Cloudflare R2 — storage for generated product photos and assets
• Resend — transactional email (verification, password reset, billing receipts)
• Railway — cloud hosting (EU + US regions for our application servers and databases)

3. How we use information

We use the information we collect to:

• Provide and maintain Crewmerce
• Process AI workforce automation tasks
• Generate audit receipts for every team action
• Improve service performance and reliability
• Communicate with you about service updates

4. Data security

We implement industry-standard security measures:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Store credentials encrypted with per-tenant keys
• Regular security audits and updates
• Access controls and audit logging

5. Data retention

We retain data for as long as your account is active or as needed to provide services. Audit receipts are retained for the lifetime of your account for compliance and transparency purposes. You can request data deletion at any time.

6. Third-party services

Crewmerce integrates with third-party services (Anthropic Claude, OpenAI, Stripe, payment processors, e-commerce platforms). Each has its own privacy policy. We minimize data shared and only transmit what is necessary for the requested functionality.

7. Your rights

Crewmerce processes your account's brand data on your behalf — you are the data controller for the personal data your brand handles (customer messages, order details, etc.), and Crewmerce is the data processor.

As the controller of your brand data, you have the right to:

• Access your data through the Settings → Account section
• Export your data in JSON format
• Delete your account (which removes brand data; account-level metadata is retained for audit + compliance)
• Object to processing of your brand data
• Request data portability
• Withdraw consent for AI processing of specific brand assets

8. Connecting AI tools (OAuth)

Crewmerce supports OAuth 2.1 with PKCE so external AI tools (Claude.ai, ChatGPT, Cursor, VS Code, Windsurf, and other MCP clients) can act on your workforce when you explicitly authorize them. When you connect a tool:

• We show you exactly which permissions the tool is asking for on a consent screen before any access is granted — Worker dispatch scopes, autonomy ring ceiling (Observe / Suggest / Act-and-Report / Autonomous), and evidence-trail read/write
• You can narrow the permissions on the consent screen — uncheck Workers or downgrade the autonomy ring before clicking Allow. The granted scope set is stored alongside the OAuth client and enforced on every subsequent dispatch
• Tokens issued to external tools are short-lived (1 hour access, 30 day refresh with automatic rotation) and never re-fetchable — we store SHA-256 hashes only
• Each call from a connected tool is recorded in your evidence trail with the tool name + the Worker it dispatched + the action it took, so you have a full audit log even for automated activity
• You can revoke any connected tool at any time from Settings → Account → Integrations → AI tools, which invalidates every token the tool holds immediately and (for refresh tokens) revokes the entire chain to prevent replay
• The OAuth handshake happens between Anthropic / OpenAI / Cursor / etc. and Crewmerce — your credentials (account password, store credentials, billing data) are never sent to the connecting AI tool

The OAuth endpoints (`/oauth/authorize`, `/oauth/token`, `/oauth/revoke`, `/oauth/register`, `/.well-known/oauth-authorization-server`, and `/.well-known/oauth-protected-resource`) implement RFC 6749 + RFC 7591 + RFC 7636 + RFC 7009 + RFC 8414 + RFC 9728 + OAuth 2.1 draft. PKCE with S256 is mandatory; the legacy implicit grant and `plain` PKCE method are explicitly rejected.

9. Contact us

For privacy-related questions or to exercise your rights, contact us at [email protected].