Privacy Policy
Last updated: June 2025
1. Introduction
DataCrew ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our data analytics platform at yourdatacrew.com.
2. Information We Collect
Account Information
- Email address (for authentication and communication)
- Full name (optional, for display purposes)
- Authentication data managed by Supabase (password hashes, OAuth tokens)
Data You Connect or Upload
- CSV/Excel files you upload for analysis
- Data imported from connected sources (Xero, Shopify, SQL databases)
- OAuth tokens for third-party service connections (encrypted at rest)
Usage Data
- Analysis history and AI model usage
- Feature usage patterns (dashboards created, reports generated)
- Server logs (IP address, browser type, request timestamps)
3. How We Use Your Information
- To provide the Service: data cleaning, AI analysis, dashboard generation, PDF reports
- To manage your account & subscription
- To send transactional emails (account verification, billing receipts)
- To improve the Service and fix issues
- To enforce our Terms of Service and prevent abuse
We do not sell your personal information or your uploaded data to third parties.
4. Third-Party Services
We use the following third-party services to operate DataCrew:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Authentication & user management | Email, password hash |
| Stripe | Payment processing | Email, payment details (we do not store card numbers) |
| OpenAI | AI-powered data analysis | Data samples & metadata for analysis (no PII sent by default) |
| Xero | Accounting data integration | OAuth connection; data fetched per user request |
| Shopify | E-commerce data integration | OAuth connection; data fetched per user request |
5. Data Security
- All traffic is encrypted via TLS (HTTPS)
- OAuth tokens and database credentials are encrypted at rest using AES-256 (Fernet)
- Passwords are hashed by Supabase using bcrypt
- API rate limiting prevents abuse
- Redis is password-protected in production
- Infrastructure runs on isolated Docker containers
For more details, see our Security page.
6. Data Retention
- Your uploaded data is stored as long as your account is active.
- You may delete individual datasets or your entire account at any time.
- Upon account deletion, we remove all associated data within 30 days.
- Orphaned files (not linked to any dataset) are automatically cleaned up within 7 days.
- Server logs are retained for up to 90 days for security and debugging purposes.
7. Cookies
DataCrew uses essential cookies for authentication sessions (Supabase auth tokens stored in local storage). We do not use third-party tracking cookies or advertising cookies.
8. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access a copy of your personal data
- Request correction of inaccurate data
- Request deletion of your data and account
- Export your data in a machine-readable format
- Withdraw consent for data processing
To exercise any of these rights, contact support@yourdatacrew.com.
9. Children's Privacy
DataCrew is not intended for use by individuals under 16 years of age. We do not knowingly collect personal information from children.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. The "Last updated" date at the top indicates the most recent revision.
11. Contact Us
If you have questions about this Privacy Policy, contact us at support@yourdatacrew.com.