Privacy Policy

Last updated: 12 May 2026 — Version 1.0 (beta)

The short version: Your roster PDFs are parsed in memory and dropped immediately — we never store them on our server. Your account email, work identity, career history and duty notes ARE stored, in the EU (Frankfurt, Germany), so you can use the service. You can export or delete everything at any time. We use no analytics, no tracking pixels, no third-party cookies.

1. Who we are

Controller: CrewMark, operated by a sole proprietor based in Belgium.
Contact: privacy@crewmark.tech
Service domain: crewmark.tech

Full controller identity and registered address are available to data subjects on written request to the contact above.

CrewMark is in beta. The legal entity will transition to an EU corporate vehicle (e.g. Belgian SRL or Estonian OÜ) before public launch — this policy will be updated when that happens.

2. Personal data we process

Category	Examples	Where stored	Legal basis
Account identity	Personal email, first/last name, display name	PostgreSQL on our EU server	Art 6(1)(b) — performance of contract
Work identity	Work email, crew ID, airline, home base, rank	Same	Art 6(1)(b)
Career history	Past airlines, qualifications, contractual bases with dates	Same	Art 6(1)(b) + 6(1)(f) legitimate interest
Authentication artifacts	Magic-link tokens (hashed), JWT sessions, login IP + user-agent	Same — tokens stored as SHA-256 hash, never plaintext	Art 6(1)(b) + 6(1)(f) security
Roster contents (transient)	Duty codes, flight legs, check-in/out times, hotel layovers, crew lineup	In-memory only. Parsed, returned to your browser, then dropped. NOT stored on our server.	Art 6(1)(b)
Free-text duty notes	Your private notes per duty day	PostgreSQL on our EU server	Art 6(1)(b)
Swap-market listings	A duty you offer, your roster context window visible to peers	In-memory only. Wiped on server restart.	Art 6(1)(a) consent — you actively post
Local browser storage	Last parsed roster, user preferences, auth token	Your browser only (`localStorage`) — never sent to us except the auth token on each request	Strictly necessary — service can't function without it

2.1 What we do NOT collect

No PDF bytes stored on our server — in-memory parse only
No passwords (passwordless magic-link login only)
No analytics SDKs (no Google Analytics, no Mixpanel, no Segment, no Hotjar)
No tracking pixels, no third-party cookies
No marketing / advertising data
No biometric, health, genetic, political, religious, or trade-union data

3. Why we process this data

Account creation and login — so you can authenticate
Roster parsing — the core service you signed up for
FTL compliance check + salary estimate — runs in your browser; no data sent to us beyond what's needed to parse your PDF
Career history tracking — to give you a lifetime "Crew Passport"
Swap marketplace — to connect you with other crew on the platform
Admin spam vetting — your registration "why I want access" note is read by the CrewMark admin team to approve genuine crew accounts
Transactional email — magic-link emails and approval notifications, sent via Google Workspace (EU tenant)

4. Where your data lives — sub-processors

Provider	Role	Location	Safeguards
Hostinger International Ltd	VPS hosting (database + application)	Frankfurt, Germany 🇩🇪	EU controller, GDPR DPA, ISO/IEC 27001
Google Workspace (Gmail SMTP)	Transactional email delivery	EU Workspace tenant	EU-US Data Privacy Framework, standard contractual clauses
Let's Encrypt / ISRG	TLS certificate issuance	Global	No personal data — domain name only

All personal data is processed inside the European Economic Area. We do not intentionally transfer personal data to a third country.

5. Your rights under the GDPR

Right	How to exercise it
Access (Art 15)	Settings → "Download my data". Returns a ZIP of all your account data as JSON.
Rectification (Art 16)	Edit your profile in Settings. Some fields (airline, home base, rank) require admin approval to prevent identity churn.
Erasure (Art 17)	Settings → "Delete my account". This permanently deletes your account, magic links, career history, and duty notes. Cannot be undone.
Restriction (Art 18)	Email us at privacy@crewmark.tech. We can suspend your account without deleting it.
Portability (Art 20)	Same as Access — the export is machine-readable JSON.
Object (Art 21)	We do not process for marketing or profiling, so there is nothing to object to. If you disagree with any processing, email us.
Complaint	You can lodge a complaint with the Belgian Data Protection Authority — www.dataprotectionauthority.be

6. Retention

Active account data — kept while your account exists. Deleted within 24 hours of you using "Delete my account", purged from backups in the next backup cycle (max 30 days).
Inactive accounts — if you don't log in for 24 months, we notify you, give 30 days' grace, then soft-delete; hard-delete 30 days after that.
Magic-link tokens — expire 15 minutes after issue; rows kept 90 days for audit, then purged.
Roster PDFs — zero retention. Dropped from memory immediately after parse.
Swap-market listings — max 30 days or until the next server restart, whichever comes first.
Backups — 30-day rolling, then permanent purge.

7. Security

We follow industry-standard controls aligned with GDPR Article 32 and ISO/IEC 27001 Annex A. Notably:

TLS 1.2+ everywhere via auto-renewed Let's Encrypt certificates
Passwordless authentication — no passwords to leak
Magic-link tokens stored as SHA-256 hashes (never plaintext)
Database not accessible from the public internet
Container isolation for application services
SSH access by key only (no passwords)
Automatic OS security updates
Admin accounts use multi-factor authentication

If a breach occurs, we will notify the Belgian Data Protection Authority within 72 hours per Article 33, and we will notify affected users without undue delay per Article 34.

8. Cookies and local storage

We use no third-party cookies, no analytics cookies, and no advertising cookies. The only client-side storage we use is your browser's localStorage, holding:

Your authentication token (so you stay logged in)
Your last parsed roster (so the app works offline)
Your UI preferences

This is strictly necessary for the service to function and does not require consent under the ePrivacy Directive. You can clear it any time via your browser settings.

9. International users

CrewMark is designed for EU/EEA-based crew. If you access it from outside the EEA, your data is still processed exclusively on EU servers — no extra-EEA transfer takes place.

10. Children

CrewMark is a B2C tool for working airline crew. We do not knowingly collect data from anyone under 18. If you believe a minor has registered, email us and we will delete the account.

11. Changes to this policy

We will post any material changes here at least 30 days before they take effect, and notify registered users by email. Prior versions are archived in our Git repository.

12. Contact

Questions, requests, or complaints:

CrewMark — Controller
privacy@crewmark.tech
Belgium

We respond within 30 days as required by Article 12(3).