Privacy Policy

1. Data Controller

The Platform is operated by Vladislav Poliakov, individual developer ("Operator") who serves as Data Controller under GDPR (and analogous frameworks) for personal data processed. Contact: support@crewbase.pro

2. Data Protection Principles & Minimization

We apply core principles: lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity & confidentiality, and accountability. We collect only data reasonably necessary for recruitment matching, application workflows, security, subscription management and user support. Optional fields are labelled. Do not upload sensitive personal data not requested unless explicitly required by applicable maritime regulation.

3. Categories of Personal Data

3.1 Account & Identity: Email (required), name, user type (jobSeeker/employer/admin), company name (employer), internal IDs.

3.2 Profile & Professional (Job Seeker): Experience, vessel history, ranks, availability dates, regions, certifications metadata, uploaded documents, languages, skills, preferences, AI search prompts, and contact details.

3.3 Employer & Company: Company description, logo, contact role, approval status, posting history, moderation flags.

3.4 Job & Application: Job titles, descriptions, requirements, source attribution, timestamps, application status, view indicators, delivery metrics, resume generation metadata.

3.5 Interaction & Feedback: Reports, complaints, feedback forms, moderation notes (access restricted to admins).

3.6 Technical & Usage: Auth events, session timestamps, notification tokens, app version, crash & performance diagnostics, anonymized usage metrics.

3.7 Purchases & Subscriptions: Transaction/receipt identifiers, product identifiers (SKUs), entitlement state, renewal period, trial eligibility via RevenueCat. No raw card data is received.

3.8 Security & Abuse: Fraud indicators, rate limit counters, hashed references, temporarily cached IP for abuse prevention.

3.9 Notification Preferences: Toggle states for job alerts, application updates, profile views, reminder categories.

4. Special Categories & Children

We do not intentionally collect special category data (GDPR Art. 9) nor children's data (<16). The Platform's professional orientation means minors should not register. If you believe such data was submitted inadvertently, request removal: support@crewbase.pro.

5. Legal Bases (GDPR Mapping)

• Contract Performance: Account creation, profile display, job matching, application submission, subscription entitlement.
• Legitimate Interests: Security, service reliability, aggregated analytics, preventing spam, improving matching quality, defending legal claims.
• Consent: Optional notifications, marketing emails (future), additional optional profile attributes.
• Legal Obligation: Retention for tax, financial record keeping, responding to lawful requests.

6. Purposes of Processing

Provide core functionality; candidate discovery & evaluation; resume generation; delivery and tracking of applications; acceptable use enforcement; moderation & complaint handling; subscription entitlement & billing validation; security monitoring; aggregated, anonymized analytics; service notices; legal and regulatory compliance.

7. Job Source Transparency & Data Origins

Jobs appear either posted directly by verified employers, curated from publicly accessible sources with attribution, or contributed through authorized agency feeds. If a source owner disputes inclusion, we will review and remove or adjust attribution within 24 hours.

8. Disclosure & Sharing

We do NOT sell personal data. We disclose only as necessary:

• Infrastructure & Processors: Firebase (Auth, Firestore, Storage, Messaging), email services, RevenueCat.
• Employers: Receive applicant profile data only for active recruitment evaluation. Applications may be routed via proxy channels.
• Job Seekers: View job posting details employers publish. Proxy routing may hide employer's underlying email address.
• Admins/Moderation: Limited access for compliance, verification, abuse and safety review.
• Legal/Regulatory: When compelled by valid legal request.

9. International Transfers

Data may be processed in multiple regions including EU and US via Firebase. Safeguards include Standard Contractual Clauses (Google), encryption in transit (TLS) and at rest.

10. Retention

We apply defined retention windows then delete or anonymize:

• Account & Profile: Until deletion or 24 months inactivity
• Applications & Jobs: Active + up to 24 months
• Subscription Records: Statutory period + up to 6-10 years (jurisdiction dependent)
• Security & Access Logs: 90-365 days
• Crash/Performance Data: Up to 180 days
• Complaints/Reports: Lifecycle + up to 24 months
• Backups: Rolling up to 30 days

11. Data Subject Rights & Procedure

Rights: Access, Rectification, Erasure, Restriction, Portability, Objection, Withdraw Consent, Complaint to supervisory authority.

Procedure: Email support@crewbase.pro with subject "Data Rights Request". We may require email validation. Response normally within 30 days. Portability format: JSON/CSV where feasible.

12. Automated Processing & Profiling

AI/semantic ranking and match scores are assistive relevance indicators only; no automated decision produces legal or similarly significant effects. Human review is required for any hiring decision.

13. Security

Measures include: Firebase Auth session handling; Firestore security rules; encryption in transit (TLS 1.2+) and at rest; scoped API keys; periodic access review; segregation of production and test data; rate limiting & abuse detection; monitoring for anomalous patterns. No method guarantees absolute security; residual risk remains.

14. Candidate Data Confidentiality (Employers)

Employers agree to use candidate personal data exclusively for recruitment evaluation. Prohibited: exporting candidate lists for unrelated marketing, public disclosure, resale, or indefinite retention after a role is filled. Suspected breach: notify support@crewbase.pro promptly.

15. Job Seeker Responsibilities

Do not submit fabricated credentials, forged certificates or another person's identity. Do not mass spam applications. Use of publicly sourced job data is restricted to personal application purposes.

16. Complaints & Takedown (24H)

Report alleged infringement, privacy breach, unlawful posting, impersonation or data misuse to support@crewbase.pro with sufficient detail. Validated reports will trigger removal within 24 hours.

17. Data Deletion & Account Closure

In-app deletion or written request results in profile, applications and documents being deleted or irreversibly anonymized, subject to: retention of minimal transactional/security logs; legal obligations; backup latency up to 30 days.

18. Children & Age Rating

App Store content rating 4+ does not indicate the intended professional audience. The Platform is not directed to children under 16. If we learn a minor under 16 registered, we will promptly delete the account.

19. Cookies / SDK Identifiers

The mobile app does not use third-party advertising SDKs nor IDFA. Firebase/RevenueCat may utilize internal identifiers strictly for functionality, analytics or entitlement reconciliation.

20. Marketing Communications

At present we do not send promotional email marketing. If introduced, a clear opt-in and unsubscribe mechanism will be provided.

21. Changes

Material Privacy Policy changes will be announced in-app or by email with reasonable notice. Continued use post-effective date indicates acceptance.

22. Complaints to Authorities

You may lodge a complaint with your local data protection authority. We encourage contacting us first.

23. Subprocessors

Current subprocessors handling Personal Data:

• Google Firebase (GCP): Hosting, DB, Auth, Storage, FCM – EU/US (SCCs)
• RevenueCat: Subscription receipt & entitlement processing – US/SCCs
• Resend: Transactional email delivery – US/SCCs
• Apple (APNs): Push delivery – Global
• Firebase Crashlytics/Performance: Crash & performance telemetry – EU/US (SCCs)

24. Law Enforcement Request Policy

We require valid legal process for disclosure unless there is an emergency involving imminent risk. Requests are reviewed for scope and legality. Where permitted, affected users are notified prior to disclosure.

25. CCPA / CPRA (California)

We do not sell or share Personal Information for cross-context behavioral advertising. California consumers may exercise access, deletion, correction and opt-out rights via support@crewbase.pro. We will not discriminate for exercising any CPRA right.

26. Schrems II & International Transfer Safeguards

EU/EEA Personal Data transfers rely on Standard Contractual Clauses plus supplementary measures: TLS encryption, provider at-rest encryption, role-based access, minimization, logging and periodic risk review.

27. Contact

Data Controller / Operator: Vladislav Poliakov, individual developer

Email: support@crewbase.pro

Privacy Policy URL: https://crewbase.pro/privacy

Refund Policy: https://crewbase.pro/terms#refund