Crewly

← Back to home

Privacy policy

Last updated: April 13, 2026

This Privacy Policy describes how Crewly ("we," "us," or "our"), operated by Manifesto, collects, uses, and shares information in connection with our websites, mobile applications, and related services (collectively, the "Services").

1. Information we collect

1.1 Account and registration data

When you register an organization or are invited as an employee, we collect your name, email address, phone number (optional), company name, and password (stored securely using Firebase Authentication — we never store passwords in plain text). Administrators may also provide company address, logo, and employee details including job role, hourly rate, and skills.

1.2 Location data

The Crewly mobile app collects precise GPS location data when employees check in and check out of work areas. This includes latitude, longitude, and accuracy. Location is also used to verify geofence proximity and sort nearby work areas. Location data is collected only while the app is in use (foreground) — we do not track location in the background.

1.3 Operational data

We collect data you and your organization create through the Services, including work areas, task assignments, check-in/check-out records with timestamps and photos, expense submissions with receipt images, equipment records, notes, timesheets, and notification preferences.

1.4 Device and technical data

We collect device type, operating system, app version, push notification tokens (FCM), IP address, browser type, and diagnostic logs needed to operate and secure the Services.

1.5 Cookies, local storage, and offline cache

Our website uses cookies and browser local storage for authentication sessions, user preferences (such as theme settings), notification preferences, and dismissed reminder states. The mobile app uses local device storage to cache data for offline access (Firestore offline persistence) and to store session information. We use Firebase Analytics for aggregate usage statistics. See Section 9 (Cookies) for details.

1.6 Invitation and onboarding data

When an administrator invites an employee, we generate a time-limited invitation code and send it to the employee's email address. The invitation record includes the code, email, organization ID, and expiry timestamp. Invitation records are marked as used after the employee registers and are not retained beyond their purpose.

1.7 Communications

When you contact us via the contact form or email, we process the information you provide including your name, email, and message content.

2. How we use information

  • Provide, maintain, and improve the Services including GPS-verified check-ins and geofence features.
  • Create and manage user accounts and organization workspaces.
  • Authenticate users, enforce security, and prevent fraud or abuse.
  • Send service-related emails including invitation codes, password resets, and welcome messages.
  • Deliver push notifications for task assignments, check-in reminders, and schedule changes.
  • Generate timesheets and reports from check-in data for your organization.
  • Comply with legal obligations and respond to lawful requests.
  • Analyze usage in aggregate to understand reliability and product performance.

3. Legal bases (where applicable)

If laws such as the GDPR or Australian Privacy Act apply, we rely on: contract performance (providing the Services), legitimate interests (security, improvement, and fraud prevention, balanced against your rights), consent (where required, such as for location data and marketing), and legal obligation.

4. Sharing of information

  • With your organization: administrators can access operational data including check-in records, GPS locations, task progress, expenses, and timesheets for employees in their organization.
  • With service providers: we use Firebase (Google Cloud) for hosting, authentication, database, storage, and analytics; Google Maps for geocoding and address lookup; Hostinger for email delivery (SMTP); and Vercel for web hosting. These providers process data on our behalf subject to their own privacy policies.
  • For legal reasons: if required by law, regulation, legal process, or to protect rights, safety, and security.
  • In connection with a business transaction: such as a merger or acquisition, subject to standard protections.

We do not sell your personal information.

5. Data retention

We retain account data for as long as your organization's account is active. Check-in records, task data, and operational data are retained for the duration of the organization's subscription. When an organization is deleted, associated data is removed within 90 days. You may request earlier deletion by contacting us.

6. Security

We implement technical and organizational measures including encrypted data transmission (TLS), Firebase security rules for data isolation between organizations, server-side authentication verification, and access controls. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

7. International transfers

Our Services use Google Cloud infrastructure which may process data in multiple regions. If you access the Services from outside Australia, your information may be transferred and processed across borders. Where required, we use appropriate safeguards.

8. Your rights and choices

Depending on your location, you may have rights to:

  • Access, correct, or delete your personal information.
  • Export your data in a portable format.
  • Object to or restrict certain processing.
  • Withdraw consent (where processing is based on consent).
  • Disable push notifications through your device settings.
  • Manage notification preferences within the app.
  • Lodge a complaint with a supervisory authority.

To exercise these rights, contact us using the details on the Contact page or email info@crewlyapp.pro. Employees should first contact their organization administrator, who can manage data within their workspace.

9. Cookies and tracking

We use the following types of cookies and local storage:

  • Essential cookies: Firebase authentication tokens and session data required for the Services to function. These cannot be disabled.
  • Functional storage: user preferences such as theme (light/dark), dismissed notification states, and proximity reminder tracking stored in browser localStorage.
  • Analytics: Firebase Analytics collects aggregate usage data to help us understand how the Services are used. This data is anonymized and not used for advertising.

You can manage cookie preferences through the cookie consent banner shown on your first visit. You can also clear cookies and local storage through your browser settings at any time.

10. Children

The Services are not directed to children under 16 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised policy with an updated "Last updated" date. Material changes will be communicated via email or in-app notification.

12. Contact

For privacy-related questions, contact us at info@crewlyapp.pro or use the Contact page on this website.

Crewly is operated by Manifesto.