Privacy Policy

Last updated: March 25, 2026

CrewScan ("Service") is operated by CrewScan ("Company", "we", "us"). This policy describes how we collect, use, and protect your information.

1. Information We Collect

Data Type	Examples	Purpose
Account info	Email, name, password hash	Authentication, account management
Organization info	Business name, team members	Multi-user access, billing
Receipt images	Photographs of receipts and invoices	AI extraction, record keeping, QBO sync
Expense data	Vendor, amount, date, line items, job/cost code assignments	Expense tracking, QBO sync
QuickBooks data	Customer list, class list, vendor list (cached)	Job/cost code suggestions
Usage data	Feature usage, error logs	Service improvement, debugging
Payment info	Processed by Stripe (we do not store card numbers)	Subscription billing

2. How We Use Your Information

Provide and operate the Service
Process receipt images with AI to extract and categorize expense data
Sync approved expenses to your QuickBooks Online account
Send transactional emails (magic link invites, sync notifications)
Process subscription payments via Stripe
Improve the Service using anonymized, aggregated data

3. AI Processing

Receipt images are processed using third-party AI services (xAI) to extract text and categorize expenses. Images are sent to the AI provider's API for processing and are not retained by the AI provider beyond the API request. We do not use your receipt data to train AI models.

4. Third-Party Services

Service	Purpose	Data Shared
Intuit QuickBooks Online	Accounting sync	Expense data, receipt images (via your OAuth authorization)
xAI (Grok)	Receipt OCR and classification	Receipt images (for processing only)
Stripe	Payment processing	Payment method, billing address
Amazon Web Services	Cloud infrastructure	All service data (hosted on AWS)
Neon	Database hosting	Business data (hosted on Neon's infrastructure)
Cloudflare	DNS, CDN, frontend hosting	Web traffic

5. Data Retention

Receipt images and expense data are retained for as long as your account is active. After account deletion, data is retained for 30 days for recovery purposes, then permanently deleted. Anonymized aggregate data may be retained indefinitely.

6. Data Security

We use industry-standard security measures including: encryption in transit (TLS), encryption at rest (AWS KMS for sensitive data like OAuth tokens), row-level security for tenant isolation, and secure password hashing (bcrypt). We do not store QuickBooks OAuth tokens in plaintext.

7. Your Rights

You may: access your data at any time through the Service; export your data; request deletion of your account and data; opt out of non-essential emails. To exercise these rights, contact us at alex@crewscan.app.

8. Cookies

We use essential cookies for authentication (session tokens). We do not use tracking cookies or third-party advertising cookies.

9. Children's Privacy

The Service is not intended for users under 18. We do not knowingly collect data from minors.

10. Changes to This Policy

We may update this policy at any time. We will notify you of material changes via email. Continued use after changes constitutes acceptance.

11. Contact

Questions about this policy? Contact us at alex@crewscan.app.

← Back to CrewScan