Privacy Policy

CREWYAI, INC.

Effective: November 14, 2025 | Version: 1.0

This Privacy Policy details how CREWYAI, INC. ("Company," "we," "us," "our") collects, uses, stores, discloses, and protects information when you access or use our AI-driven lead automation and sales platform, including the website, user dashboard, mobile tools, API connections, and all related features (collectively, the "Platform").

Our Platform is exclusively for U.S.-based businesses. We do not target or serve users outside the United States.

By using the Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

Table of Contents

1

Company Information & How to Reach Us

Company Name: CREWYAI, INC.
Registered Agent: Legalinc Corporate Services Inc.
Address: 131 Continental Dr, Suite 305, Newark, DE 19713, United States
Website: https://crewy.ai
Dashboard: https://app.crewy.ai
Privacy Contact: privacy@crewy.ai

All privacy-related inquiries, rights requests, TCPA opt-outs, or disputes must be sent to this email address with a clear subject line.

2

Categories of Data We Collect

We collect the following types of information:

Category
Examples
Account & Identity
Full name, business name, email, phone number, physical address, website, operating hours, service categories
Payment & Billing
Stripe token, billing address, subscription tier, usage counters
Lead & Customer Data
Customer names, phone numbers, emails, project details, full conversation threads, attachments, scheduling preferences
Communication Records
SMS/MMS content, call recordings, AI-generated replies, delivery status, timestamps, media files
Verification & Security
Phone ownership logs, IP addresses, device fingerprint, Twilio SIDs, login events
Usage & Behavior
Pages viewed, response times, feature activation, A/B test exposure, search queries
Technical Data
IP (IPv4/IPv6), browser, OS, device ID, screen resolution, time zone, referral source

Media Files (MMS):

We temporarily download and store images, videos, audio, and other attachments from customer messages. These may be retained up to 7 days or longer for compliance, quality assurance, or business purposes. We may analyze content for spam, safety, or policy violations. We reserve the right to delete any file at any time without notice.

3

Sources and Specific Data from Third-Party Integrations

(Thumbtack, Yelp, Angi, Twilio etc.)

When you connect your accounts via OAuth or API, you explicitly authorize us to access and store the following data permanently:

Thumbtack

  • Full customer project requests and detailed descriptions
  • Customer contact info (name, phone number, email, zip code/location)
  • Quote requests, negotiation threads, and pricing discussions
  • Complete back-and-forth message history
  • Service category selections and customer preferences
  • Project budget ranges, timelines, and attachments
  • Lead status updates and acceptance/rejection events

Yelp

  • Incoming "Request a Quote" messages and full conversation threads
  • Customer name and contact details (when released)
  • Business review interactions tied to leads
  • Message timestamps and read receipts

Angi (formerly Angie's List)

  • Home service inquiries and project scopes
  • Customer name, phone, email, address
  • Budget and timeline preferences

Google Local Services Ads / Business Profile

  • Lead forms, call logs, review interactions, and availability data

Twilio

  • SMS/MMS delivery reports, call recordings, transcripts, metadata, carrier info

OpenAI / Google Gemini / Grok / Perplexity

  • Prompt context, generated responses, model usage logs

Stripe

  • Transaction metadata, subscription status, usage events

We act as your authorized agent for these integrations. All pulled data — including full customer conversations and contact details — is stored indefinitely in your account for automation, analytics, and historical reference.

4

Purposes for Processing Your Data

We use your data to:

  • Create and manage your account
  • Deliver leads and enable AI-powered responses
  • Automate calls, SMS, and scheduling
  • Process payments and track usage
  • Train and improve internal AI models (anonymized)
  • Provide customer support
  • Prevent fraud, abuse, and policy violations
  • Conduct analytics and product research
  • Comply with legal and regulatory requirements
  • Enforce our Terms of Service
  • Any other legitimate business purpose
5

Data Sharing and Disclosures

We do not sell your personal information.

Recipient
Purpose
Twilio
SMS, voice, verification, call forwarding
OpenAI / Google Gemini / Grok
AI message and script generation
Stripe
Secure payment processing and billing
Cloud Providers (AWS, GCP)
Hosting, storage, backups
Analytics Tools (Google Analytics, Mixpanel)
Usage insights and performance
Thumbtack / Yelp / Angi / Others
Sync leads and send AI-generated replies
Professional Advisors
Legal, accounting, audit
Law Enforcement / Regulators
When required by law or to protect rights

Aggregated or anonymized data may be used or shared for research, marketing, or commercial purposes. We determine what qualifies as "anonymous."

Business Transfers: In a merger, acquisition, or asset sale, your data may be transferred to the successor entity.

6

Automated Outbound Calls and SMS (TCPA Compliance)

Our Platform can:

  • Automatically call your verified business number when a new lead arrives
  • Send AI-generated SMS directly to customers via your Twilio number
  • Forward calls and enable two-way messaging

Your Consent

By enabling these features and verifying a phone number, you provide prior express written consent to receive automated calls and SMS from our system at that number.

Revoking Consent

  • Press 9 during any automated call
  • Toggle off in your dashboard
  • Reply STOP to any SMS
  • Email privacy@crewy.ai with subject "TCPA OPT-OUT" → Immediate and permanent — applies globally to the phone number across all accounts.

Recording & Logging

  • All automated calls are recorded
  • All SMS/MMS messages are logged
  • Retained up to 2 years or longer for quality, training, compliance, and legal defense

Your Responsibility:

You alone are responsible for obtaining proper consent before our AI contacts your customers. We are not liable for any TCPA, TSR, or similar violations on outbound customer communications.

7

Phone Number Ownership Verification & Caller ID Logging

To use your real caller ID:

  1. We initiate a verification call via Twilio
  2. You answer and enter the spoken code

We permanently log and never delete:

Logged Item
Example
Phone Number
+1-555-123-4567 (E.164)
IP Address
IPv4 + IPv6 + Cloudflare proxy
User Agent
Full browser string
Timestamp
UTC with millisecond precision
Twilio SID
CAxxxxxxxxxxxxxxxx
Verification Result
Success / Failure

Purpose: Fraud prevention, ownership disputes, TCPA defense, regulatory compliance.

Retention: Indefinite — even after account deletion.

8

AI-Powered Content Generation and Messaging

Our AI (powered by OpenAI GPT, Google Gemini, and/or Grok/xAI) generates and, when you explicitly enable automation, automatically sends customer-facing messages as follows:

Message Type
AI Action
Auto-Send Available?
Your Control
SMS Replies
Generates full SMS based on inquiry, your prompts, and rules
Yes — only if "Auto-Send SMS" is ON
Toggle in settings; default OFF for new accounts
Call Scripts
Generates complete script and initiates automated outbound/forwarded call
Yes — only if "Auto-Calling" is ON
Per-lead or global toggle; manual activation required to start
Quotes, Scheduling, Follow-Ups
Generates full message (quote, availability, next steps) and sends via SMS or in-platform
Yes — only if "Auto-Respond" is ON
Appears in dashboard for optional review; auto-sends only if you confirm the feature

How Auto-Send Works (Your Full Control):

  • All auto-send features are opt-in only
  • Default = OFF for new users
  • You enable each (SMS, Calls, Quotes) via clear toggles in Settings → Automation
  • You can pause, edit, or cancel any AI action before or during execution
  • You are 100% responsible for all sent content — AI or manual
  • AI may generate inaccurate, non-compliant, or off-brand messages
  • We do not pre-screen or guarantee compliance with TCPA, Thumbtack, Yelp, or any law
9

Payments, Billing Models, and Usage Metering

  • We offer subscription and/or pay-per-use billing at our sole discretion
  • Usage events (leads processed, SMS sent, calls placed, AI replies) are metered and sent to Stripe
  • Final invoice amount is calculated at billing time using rates in effect then
  • Rates can change mid-cycle — no price lock
  • Usage records are retained indefinitely for audit, billing disputes, and compliance
  • We may switch your billing model or pricing tier anytime with or without notice
10

Cookies, Pixels, and Analytics Technologies

Type
Tools Used
Purpose
Essential
Session cookies
Authentication, core functionality
Analytics
Google Analytics 4, Mixpanel, Hotjar
Usage patterns, performance
Marketing
Meta Pixel, LinkedIn Insight Tag
Retargeting, ad measurement

Control:

  • Manage via our cookie banner
  • Browser settings
  • Opt-out links (e.g., Google Opt-Out)

Do Not Track: We do not honor DNT signals — no industry standard exists.

11

Your U.S. Privacy Rights and Choices

Under CCPA/CPRA and similar state laws, you may have the right to:

Right
How to Exercise
Know / Access
Request a copy of your data
Delete
Request removal — may be denied if needed for legal, billing, or security purposes
Correct
Update via dashboard or email
Opt-Out of Sale/Share
We do not sell or share for cross-context advertising

How to Submit:

  • Email privacy@crewy.ai with subject "Privacy Rights Request"
  • Include: account email, specific request, verification info
  • Response Time: Within 45 days
  • Verification Required
  • Fees may apply for excessive or repetitive requests
12

Retention Periods and Deletion Practices

Data Type
Retention Period
Account & Profile
Active + 7 years
Lead & Customer Data
Indefinite (business need)
Call Recordings
Up to 2 years or longer
SMS/MMS Logs
Indefinite
Verification Logs
Never deleted
Billing & Usage Records
10 years
Backups
Rolling 90 days

Deletion:

  • Honored only when legally permissible
  • Backups may retain data for up to 90 additional days
  • Some data (e.g., consent logs, verification records) is never deleted
13

Security Controls and Limitations

We implement:

  • TLS 1.3 in transit
  • AES-256 at rest (select data)
  • Role-based access controls
  • Regular audits and penetration testing
  • Incident response plan

Critical Disclaimers:

  • NO GUARANTEE of security
  • Breaches may occur
  • You assume all risk
  • Liability limited per our Terms of Service

Report suspected issues to privacy@crewy.ai only

14

Marketing Communications and Opt-Outs

Type
Can Opt Out?
Transactional (lead alerts, billing, security)
No
Marketing (promotions, tips, newsletters)
Yes — via unsubscribe link, account settings, or email

Delivery not guaranteed — check spam/junk folders.

You are responsible for keeping contact info current.

15

Multi-Platform Lead Management

15.1 Currently Integrated Lead Sources

  • Yelp: Customer inquiries and business messaging
  • Thumbtack: Project requests and quotes
  • Google Calendar: Availability checking
  • Google Sheets: Dynamic data for AI responses
  • Twilio: SMS and voice communication

15.2 Future Platform Support

We may add:

  • Angi (formerly Angie's List)
  • HomeAdvisor
  • Other local service marketplaces

15.3 Platform-Agnostic Features

  • Single dashboard for all leads
  • Consistent AI-powered auto-reply across platforms
  • Centralized notifications (email, SMS, in-app)
  • Unified analytics and reporting
  • Single billing

15.4 Platform-Specific Differences

Platform
Key Differences
Yelp
No initial phone; messaging-first; AI focuses on getting contact
Thumbtack
Immediate phone; structured projects; AI focuses on quotes/scheduling
General
Auto-calling only when phone available; response windows vary

15.5 Multi-Platform Data Consolidation

  • Customer data kept separate (not merged)
  • Each lead retains source
  • Settings: per-platform or global
  • No auto-matching of repeat customers — your responsibility
16

AI-Generated Content and Data Processing

16.1 AI Systems Used

Providers: OpenAI (GPT), Google Gemini, Grok/xAI

What AI Does:

  • Generates automated responses to customer inquiries
  • Creates telephone call scripts
  • Drafts follow-up messages
  • Suggests responses based on your business prompts

16.2 How AI Uses Your Data

Input Data:

  • Customer inquiry and lead details
  • Your business info and custom prompts
  • Full conversation history
  • Calendar availability (if connected)
  • Google Sheets data (if connected)
  • Your AI settings (tone, length, instructions)

AI Training:

  • Your conversations may be used by providers to improve models
  • We may share anonymized data with OpenAI, Google, xAI
  • Opt-out available: Email privacy@crewy.ai

Provider Policies Apply: We do not control how they retain or use data.

16.3 AI Content Accuracy and Limitations

Important Disclaimers:

  • AI may generate inaccurate, incomplete, or inappropriate content
  • AI may misunderstand context or violate platform policies
  • AI lacks human judgment

No Guarantees:

  • We do NOT guarantee accuracy, compliance, or appropriateness
  • We are NOT liable for customer complaints

Your Responsibilities:

  • Configure prompts carefully
  • Monitor AI output
  • Disable auto-reply if needed
  • Ensure compliance with your policies and law

16.4 Your Control Over AI

Customization:

  • Write custom prompts
  • Set tone, length, delay
  • Control shared info (pricing, availability)
  • Enable/disable per business

Disabling AI:

  • Turn off auto-reply anytime
  • Manual mode: respond to each lead
  • Past AI content retained for records
17

Changes to This Policy

  • Updated version posted
  • Continued use = acceptance
  • Material changes: Email + in-app notice
  • You must monitor
18

Age Requirements

18+ only.

We do not collect data from minors.

Minor accounts are terminated immediately.

19

Contact Information for Requests

All requests: privacy@crewy.ai

Subject lines: "TCPA OPT-OUT", "Privacy Rights Request", "Verification Dispute", "Security Incident"

Mailing:
CREWYAI, INC.
131 Continental Dr, Suite 305
Newark, DE 19713
Attn: Privacy Officer

Response Times:

  • TCPA: 2 business days
  • Privacy: 45 days
  • No response guaranteed to unauthorized channels

Effective: November 14, 2025

Version: 1.0

By using the Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.