Privacy Policy

Crew-OS is operated by the Crew-OS project team (“Operator”). For privacy-related enquiries, data-access requests, or complaints, use the contact details listed in Section 14 below. The Operator acts as the data controller for personal data processed through the Service.

This Policy applies to all personal data processed through the Service, including our website, progressive web app, iOS app, and any API endpoints we expose. It does not apply to third-party services you reach through links from the Service (for example, Google Sign-In consent screens or AeroDataBox flight pages). Those services operate under their own privacy policies, which we recommend you review.

We try to collect as little data as possible and only what the Service actually needs. Specifically:

(a) Account data — required

• Email address and password (password is hashed; we never see the plaintext).
• First name and last name, as you enter them during registration.
• Authentication provider identifier if you sign in via Google (the Google account id, name and profile picture URL).
• Timestamp of account creation, last sign-in, and acceptance of these terms.

(b) Salary profile — optional, you choose what to enter

• Basic salary, housing allowance, transportation allowance, and any custom allowances you configure.
• GOSI and SANID deduction percentages.
• Flags indicating which allowances are enabled for your role.

(c) Salary history — generated from your usage

• One record per calendar month capturing the net take-home (“final salary”) calculated from your inputs.
• Timestamps for when each month was first captured and last edited.
• A flag indicating whether the month was auto-captured by the live calculator or manually entered.

(d) Flight lookups — stored locally

• Saudia flight numbers you search for and the resulting schedule / status data returned by third-party aviation APIs.
• Announcement drafts you customize for a specific flight.
• This data is held on your device and is not, today, synced to our servers.

(e) Device and usage data

• Standard server-access logs (IP address, user-agent, request path, timestamp, response size) held by our hosting provider.
• Error telemetry when the Service crashes or encounters an unexpected condition.
• Basic counts of feature usage to help us prioritise improvements.
• Aggregated interaction analytics via Microsoft Clarity — heatmaps and session recordings of how the interface is used (clicks, scrolls, page transitions). Text you type is masked by default. This is product analytics only; it is never sold or used for advertising.

We do not knowingly collect government ID numbers, national ID / Iqama, bank account numbers, health records, precise geolocation, or any category of data classified as sensitive under Saudi Arabia’s Personal Data Protection Law (PDPL) unless you voluntarily paste such information into a free-text field (which we ask you not to do).

We use your data only for the purposes below:

• Provide the Service — authenticate you, load your salary profile and history across devices, fetch flight data on your behalf.
• Secure the Service — detect abuse, rate-limit automated traffic, protect against credential-stuffing.
• Communicate — send verification emails, password-reset links, and critical security or service notices. We do not send marketing email.
• Improve the Service — diagnose bugs from error logs, measure which features are used so we can prioritise engineering work.
• Comply with law — respond to lawful requests from competent authorities, enforce our Terms.

We do not sell your data. We do not use your data to train machine- learning models. We do not share your data with advertisers, data brokers, or social networks for any purpose.

Where the PDPL or a comparable regime (e.g., GDPR) requires a legal basis, we rely on the following grounds depending on the data element:

• Performance of a contract — to deliver the Service you signed up for (account data, profile, salary history).
• Legitimate interests — to secure the Service, prevent abuse, and improve features (logs, telemetry).
• Consent — for optional features that go beyond core functionality (where applicable, we ask first).
• Legal obligation — where a valid court order or regulatory demand applies.

We rely on a small number of reputable sub-processors. Each is contractually obliged to protect your data and process it only on our instructions.

• Supabase — authentication, database hosting, object storage. Data is stored in the region configured for our project. See supabase.com/privacy.
• Vercel — web hosting and edge delivery of the Crew-OS web application. See vercel.com/legal/privacy-policy.
• Cloudflare — proxy, DDoS protection, and the flight-lookup worker. See cloudflare.com/privacypolicy.
• Microsoft Clarity — first-party product analytics: aggregated heatmaps and session-interaction recordings (clicks, scrolls, navigation) used to understand how features are used and to diagnose usability problems. Clarity automatically masks text input by default and we do not use it for advertising. See privacy.microsoft.com.
• Vercel Analytics — privacy-preserving, aggregate page-view and performance metrics. No cross-site tracking. See vercel.com/legal/privacy-policy.
• AeroDataBox (via RapidAPI) — receives flight numbers you look up, returns schedule / status data. We do not send your account identifier, only the flight number.
• Google (optional) — OAuth sign-in, if you choose to connect a Google account.
• Apple — App Store distribution for the iOS app, in-app purchase receipt verification (if applicable).

Our sub-processors may store or process data outside the Kingdom of Saudi Arabia (for example, in the European Union or the United States). When they do, we rely on the recipient’s participation in recognised transfer frameworks (e.g., Standard Contractual Clauses, the EU–U.S. Data Privacy Framework) or on your explicit consent where a framework is not available.

• Account data — for as long as your account exists. If you delete your account, we erase identifying fields within 30 days and retain only aggregated, non-identifying records required for accounting or fraud prevention.
• Salary profile and history — retained with your account; removed when you delete the account.
• Flight records (local-only) — automatically purged from your device 24 hours after the effective arrival time of each flight.
• Server logs — retained for up to 90 days for security forensics, then deleted.
• Support correspondence — retained for up to 24 months, unless a longer period is required by law.

Subject to applicable law (including the PDPL), you have the right to:

• Access a copy of the personal data we hold about you.
• Rectify data that is inaccurate or incomplete.
• Erase your data (“right to be forgotten”), subject to limited legal-retention exceptions.
• Object to or restrict certain processing activities.
• Withdraw consent at any time where processing relies on your consent.
• Portability — receive your data in a common, machine-readable format.
• Complain to a supervisory authority (in Saudi Arabia, the Saudi Data & Artificial Intelligence Authority — SDAIA).

To exercise any of these rights, email the contact in Section 14. We may need to verify your identity before acting on a request. We aim to respond within 30 days.

We apply industry-standard safeguards: encryption in transit (TLS 1.2+), encryption at rest for database storage, hashed passwords (bcrypt via Supabase Auth), row-level-security policies so that every user sees only their own rows, short-lived session tokens, and access controls on administrative interfaces. No system is ever 100% secure; we will notify affected users without undue delay if a confirmed data breach creates a material risk to them, in accordance with the PDPL and other applicable laws.

Crew-OS uses the following storage mechanisms — strictly-necessary ones to run the app, plus a single first-party analytics tool:

• Session cookies / tokens issued by Supabase Auth to keep you signed in.
• localStorage keys prefixed crewos.* and crew-os_* holding your salary profile, salary history, fetched flight, and announcement drafts — so the app works offline and loads instantly.
• IndexedDB / Cache API used by our Service Worker to cache the app shell for faster launches and offline reads.
• Analytics storage set by Microsoft Clarity to recognise a session for heatmaps and interaction recordings. This is first-party product analytics, not advertising.

We do not set advertising cookies, cross-site tracking pixels, or fingerprinting scripts. Clearing your browser’s site data will remove all of the above and sign you out.

The Service is intended for working cabin-crew professionals and is not directed at individuals under 18 years of age. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us and we will delete it.

We may update this Policy from time to time to reflect new features, legal requirements, or sub-processor changes. We will post the updated version at crew-os.org/privacy with a new “last updated” date. Material changes will be announced in-app or by email. Your continued use of the Service after the effective date constitutes acceptance of the revised Policy.

Privacy enquiries, data-subject requests, and breach notifications:
Email: crewos.support@gmail.com
Phone / WhatsApp: +966 56 561 1967

Disclaimer: This Privacy Policy is provided as a good-faith summary of our data practices. It is not legal advice. For authoritative interpretation, consult a qualified lawyer licensed in your jurisdiction.