Privacy Policy

Effective date: May 16, 2026 · Applies to:VeraCrew (“Veracrew,” “we,” “us”) web properties and SaaS services

This policy describes personal and organizational information we process when you use Veracrew, including when you visit our marketing site or use the subscribed product. Legal language should be finalized with counsel; this draft reflects how the product operates today so teams can iterate safely.

Categories of information we collect

• Account identifiers. Name, email address, hashed password credentials, OAuth profile basics when signing in via Google.
• Organization operational data. Fields you enter related to crews, schedules, templates, and compliance artifacts you intentionally store in Veracrew.
• Usage and telemetry. Product analytics captured through PostHog and similar tooling to understand feature adoption (subject to deployment configuration and masking).
• Support and transactional records. Email messages routed through transactional providers (for example onboarding, receipts, reminders) plus invoice metadata surfaced from Stripe subscriptions.
• Security signals. Cloudflare Turnstile tokens evaluated during registration for bot friction; short-lived uploads for document workflows.

Why we process data

• Operate, secure, troubleshoot, and improve the service.
• Authenticate users and enforce organizational access controls.
• Bill organizations and reconcile subscription state through Stripe.
• Communicate about service changes, outages, onboarding, or legal obligations.
• Meet regulatory, auditing, fraud-prevention, and contractual requirements.

Cookies and analytics

We rely on strictly necessary cookies and similar storage for authentication, CSRF/session continuity, feature flags, analytics, or experimental insights. Detailed cookie tables can be finalized with legal — at minimum we use PostHog for product instrumentation and Stripe.js or Turnstile iframes as required by those integrations.

Processors and subprocessors

Representative infrastructure and software vendors powering Veracrew include:

• Stripe for payments, invoicing primitives, tax configuration, or related billing tooling.
• Managed PostgreSQL (for example Neon) for primary application storage.
• Amazon S3 (or comparable object storage providers) for file blobs and templates.
• Resend (or analogous email transports) for automated mail.
• PostHog for analytics and experimentation.
• Cloudflare for edge security and bot challenges.
• Observability vendors such as Sentry for error reporting.

A dedicated subprocessors ledger may be published separately. Until then requests for the latest disclosure should go through Veracrew support referenced in onboarding correspondence.

Retention and deletion

We retain information for as long as your organization maintains an active account and for statutory or dispute windows thereafter. Administrators may request deletes or scoped exports aligned with contractual terms; certain billing or regulatory records remain longer even after account termination.

Rights requests

Administrators can contact Veracrew through the onboarding or billing email on file to access, rectify, export, or erase personal information subject to eligibility. Regulatory timelines vary by jurisdiction; we endeavor to respond within reasonable commercially standards after verification.

International transfers

Veracrew is operated from jurisdictions where principal engineering and vendors reside (including United States cloud regions). Organizations outside those regions authorize transfers pursuant to contractual clauses and Standard Contractual Clauses when required.

Questions

Reach your Veracrew account contact or escalate through the onboarding email referenced in product communications. Security-specific topics can also leverage the inbox described on the Security overview page.