Privacy Policy

1. Information we collect

We collect information you provide directly to us, such as when you create an account, connect a store, invite teammates, or purchase a plan. This includes:

• Account information (name, email, password OR Google OAuth profile)
• Store connection data (store credentials, store URL, platform detection data)
• Usage data (team activity, approvals, session logs, audit receipts)
• Team membership (the people on your account and their roles — owner / admin / member / viewer)
• Billing data (Stripe customer + subscription handles, payment status — we never store card numbers)

2. Third-party processors

To deliver Crewmerce we share specific data with named sub-processors:

• Stripe — payment processing + invoicing. Card details are entered into Stripe Checkout / Billing Portal directly; we never see them.
• Cloudflare Turnstile — bot detection at signup. Receives a challenge token + your IP address; no personal info beyond that.
• Google — only when you sign in with Google OAuth. Receives your email + name + profile picture; we receive the same plus an OAuth token tied to your account.
• AI providers — Anthropic (Claude), OpenAI, Black Forest Labs (FLUX), Google (Gemini), fal.ai. Each call sends only the prompt + relevant context for the specific team action. See section 6 for opt-out controls.
• E-commerce platforms — PrestaShop / WooCommerce / Shopify (your store), via the credentials you provide at connect time. Calls are scoped to operations you explicitly authorize.

3. How we use your information

We use the information we collect to provide, maintain, and improve our services. This includes running the team automation, processing your approvals, and generating audit receipts for every action on your store.

4. Data retention

We retain your data for as long as your account is active or as needed to provide you services. Audit receipts and execution records are retained per the audit window your plan includes.

5. Security

We implement appropriate technical and organizational measures to protect your personal data. Store credentials are encrypted at rest. All data transmission uses TLS.

6. Photo Studio — AI generation & training opt-out

Photos you upload to Photo Studio are sent to AI model providers (Anthropic for vision review, Black Forest Labs / Google / fal.ai for image generation) strictly to produce the variants you requested. The Photo Specialist disclosure badge on every variant + the embedded file-metadata marker make clear which imagery was generated or modified by AI, in line with EU AI Act Article 50 transparency obligations.

Each account can opt out of having its photos + variants reused for AI-provider training via Settings → Photo Studio → Privacy. We forward this opt-out as a per-request flag to every provider that supports it. Providers that do not document a training opt-out today (BFL, fal.ai) receive the flag for forward-compatibility but may ignore it; Anthropic policy is to not train on API inputs by default.

7. Your rights

You — the account holder — are the controller of the brand data Crewmerce processes on your behalf. We act as your processor: we run the workforce against the brand data you connect, we don't decide independently what to do with it. Brands you create live inside your account; you can export each brand's data, request deletion of the whole account, transfer ownership, or revoke a teammate's access at any time via Settings → Account (Data export / Delete account / Team). Brand-level deletion (worker memory, connected shops, photo assets for one brand only) lives at Settings → Brand → Delete brand. We honor GDPR / EU data-subject requests within 30 days.

8. Contact

If you have questions about this privacy policy, please contact us at [email protected].