Skip to main content
CrewConnect

Privacy Policy

Last updated: April 2026

1. Information We Collect

Information you provide directly:

  • Identity information: full name, email address, phone number, self-attested age (confirmed 18 or older at signup), and profile photograph
  • Professional information: positions held, vessel experience, tonnage endorsements, program type, languages spoken, nationality, years of experience, availability dates and location, and self-reported drug-test status
  • Credential information: credential type, issue date, expiration date, issuing authority, and scanned copies of supporting documents (such as STCW certificates, MMC/USCG licenses, passports, and medical certificates)
  • Profile content: your bio, references, and any content you voluntarily submit
  • Employer information (for hiring accounts): vessel name, position details, salary ranges, and posting content
  • Communications: messages you send through the Platform, introduction requests, and feedback you submit

Information collected automatically:

  • Usage data: pages visited, search filters used, match interactions, profile views, time spent on features
  • Technical data: IP address, approximate geographic region derived from IP, browser type and version, operating system, device type, and session identifiers
  • Log data: server logs of requests, errors, and authentication events
  • Bot-protection data: Cloudflare Turnstile challenge results during signup and login

Information from third parties: If you sign up using a social login provider (such as Google), we receive basic profile data (name, email, provider-issued identifier) from that provider as permitted by your provider privacy settings.

2. How We Use Your Information

We use your information to: operate the Platform and match crew with employers; send transactional emails (verification, notifications); improve Platform features; and ensure safety and prevent fraud.

3. Legal Basis for Processing

We process your personal information based on: (a) contract performance — providing the services you signed up for; (b) legitimate interest — fraud prevention, platform security, and service improvement; (c) consent — for optional features and communications you opt into; (d) legal obligation — when required by law enforcement or court order.

4. Geographic Scope

CrewConnect is operated by AH360 Photography LLC from the United States and is intended for users located in the United States. If you access the Platform from outside the US, you do so at your own discretion and are responsible for compliance with local laws.

5. Privacy-First Design

CrewConnect is built with privacy as a core principle. Profiles are anonymous by default — your real name and contact information are only revealed to another user after you explicitly accept an introduction request.

6. Information Sharing

We do not sell your personal information. We share information only in the following circumstances:

With other users when you consent: When you accept an introduction request and opt to reveal your identity, the other party will see your real name and contact information you choose to share.

With service providers who help us operate the Platform: We use the following third-party processors, each bound by data-processing agreements that restrict their use of your information to operating the Platform on our behalf:

  • Supabase — primary database and file storage for profiles, messages, uploads, and session data
  • Resend — outbound transactional email delivery
  • Vercel — web application hosting for the frontend
  • Railway — API server hosting for the backend
  • Anthropic — AI-assisted document parsing for credential uploads
  • Twilio — SMS and WhatsApp delivery for phone-number verification, security notices, and the user-enabled SMS/WhatsApp channels of your notification preferences
  • Cloudflare Turnstile — bot-prevention challenge during signup and login
  • Firecrawl — public-web research of employer and vessel profiles during onboarding

We review this list whenever we add, remove, or change a processor, and update this policy to reflect current vendors.

With law enforcement or in legal proceedings: We may share information when required by subpoena, court order, or other legal process, or to protect the safety of users or the public.

7. Credentials and Certifications

Credential information you provide is used to facilitate matching and support qualification review. Credential numbers are visible only to you and Platform administrators.

8. Credential Documents

When you upload supporting documents (such as USCG licenses, captain's certifications, or other credentials), these files may contain sensitive personal information including your full legal name, date of birth, license or certificate numbers, and photographs. These documents are:

  • Stored securely with encryption at rest in our cloud storage provider
  • Access-controlled — only accessible to you and Platform administrators during the review process
  • Not publicly visible — document files are never displayed to other users or indexed by search engines
  • Deleted when you request — if you delete your account, all uploaded documents are permanently removed from our systems

We recommend redacting any information on your documents that is not relevant to the credential being submitted (such as home address or Social Security number) before uploading.

9. Data Retention

We retain your account data for as long as your account is active. You may delete your account at any time from account settings or by contacting us at the email below.

When you delete your account:

  • Uploaded credential documents and photographs are permanently deleted from cloud storage immediately.
  • Personal information such as your name, email address, and phone number is scrubbed from the active database (set to null or pseudonymized) immediately. Your display name is replaced with "[Deleted User]".
  • Document scan data (including AI-extracted text from credential uploads) is immediately deleted from the active database.
  • Encrypted database backups retained by our cloud provider may contain a copy of your data until they naturally expire under the provider's standard retention schedule (typically within seven days). We do not restore individual records from these backups.
  • Anonymized analytics (such as aggregate usage counts) may persist, but will not identify you.

Some information may be retained longer where required by law, for example audit records required by financial, tax, or regulatory authorities.

10. Security

We implement industry-standard security measures including encrypted connections (HTTPS/TLS), hashed passwords (bcrypt), role-based access controls, CSRF protection, rate limiting, and Content Security Policy headers.

11. Cookies

We use a first-party session cookie (`crew.sid`) to maintain your login state. We also use Cloudflare Turnstile, an anti-bot verification service, which may set a short-lived first-party cookie during the signup and login process to distinguish humans from automated traffic.

We do not use analytics cookies, advertising cookies, or third-party tracking scripts (such as Google Analytics, Facebook Pixel, or similar). Because the cookies we use are strictly necessary for authentication and bot prevention, no cookie consent banner is required under current United States law.

We do not currently respond to "Do Not Track" (DNT) signals sent by web browsers. Because we do not engage in cross-site tracking or behavioural advertising, DNT has no practical effect on what we collect.

Note that our anti-bot security provider (Cloudflare Turnstile) inspects the IP address of every signup and login attempt globally, regardless of user location, as a strictly necessary security measure to prevent automated abuse.

If this changes in the future — for example, if we add analytics — we will update this policy and, where required, add a consent interface.

12. Your Rights

You may: (a) access your personal information through your account settings; (b) correct inaccurate information by editing your profile; (c) delete your account and all associated data through account settings or by contacting us; (d) export a copy of your personal data through your account settings or by contacting us at the email below.

13. Children's Privacy

CrewConnect is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via email or in-app notification.

15. Contact

For privacy questions or data requests, contact us at Steve@ah360views.com.

16. Regulatory Compliance

Florida Information Protection Act (FIPA): CrewConnect is operated by AH360 Photography LLC, a Florida company. We follow FIPA's requirements for safeguarding personal information and, in the event of a data breach involving unauthorized access to covered information, we will notify affected users within the thirty-day timeline required by FIPA.

California Consumer Privacy Act (CCPA / CPRA): CrewConnect currently operates below the thresholds that trigger the CCPA (businesses with more than $25 million in annual revenue, businesses that buy, sell, or share the personal information of 100,000 or more California residents, or businesses that derive 50% or more of their annual revenue from selling personal information). We nevertheless honor access, correction, deletion, and export requests from all users regardless of state. We do not sell personal information.

Fair Credit Reporting Act (FCRA): CrewConnect is not a consumer reporting agency as defined by the FCRA. We do not produce "consumer reports" and we do not verify crew credentials, employment history, or fitness for employment. Employers who use the Platform remain solely responsible for conducting their own verification and background checks before making hiring decisions.

Geographic scope: CrewConnect is intended for users in the United States. We do not direct our services to users in the European Union or the United Kingdom, and we do not knowingly collect data from users in those regions. Users who access the Platform from outside the United States do so at their own discretion.

17. Beta Program Status

CrewConnect is currently operating as a closed beta with a limited group of invited users. During beta:

  • Features may change, be removed, or be reset without advance notice
  • We may reset non-essential data (such as test matches, placeholder jobs, and seed content) between beta phases
  • Service availability is best-effort; there is no uptime guarantee
  • We may use anonymized, aggregated beta-period data to improve the matching engine, product copy, and onboarding flow
  • We will not use your credential documents or identifying information for any purpose outside the ones described in this policy

We welcome feedback during beta. You can send feedback directly to Steve@ah360views.com.

Privacy Policy — CrewConnect