← Back to Home

Privacy Policy

Last updated: February 12, 2026

1. Introduction

Crew ("we", "our", or "the Service") is an AI agent platform that connects to your messaging apps and productivity tools. This Privacy Policy explains how we collect, use, store, and protect your information when you use our Service.

2. Information We Collect

2.1 Account Information

When you sign in with Google or Microsoft, we receive and store your name, email address, and profile picture as provided by the identity provider.

2.2 OAuth Tokens

To access Google Workspace (Gmail, Calendar, Drive) or Microsoft 365 (Outlook, OneDrive, Teams, Calendar) on your behalf, we store OAuth access and refresh tokens. These tokens are encrypted at rest using AES-256-GCM and are never exposed to third parties.

2.3 Chat Messages

Messages you send to the AI agent and responses generated are stored in our database to provide conversation history. You may delete individual conversations at any time.

2.4 Connected Channel Data

When you connect messaging channels (Telegram, Discord, Slack, KakaoTalk, LINE, WhatsApp), we store the credentials and configuration necessary to route messages between the channel and your AI agent. We do not store the content of messages processed through channels beyond what is needed for the active conversation session.

2.5 Workspace Files

Files you upload or that the AI agent creates during a session are stored in your sandboxed workspace. Workspace data is encrypted at rest using per-user encryption keys.

2.6 Usage and Billing Data

We track credit consumption, subscription status, and payment transaction history to operate our billing system. Payment processing is handled by Stripe; we do not store your full credit card number.

3. How We Use Your Information

  • To authenticate you and manage your account
  • To operate the AI agent on your behalf (reading emails, managing calendar, accessing files)
  • To route messages between your connected channels and the AI agent
  • To execute scheduled tasks (cron jobs) you configure
  • To track and enforce usage limits under your subscription plan
  • To improve the Service and fix issues

4. Data Security

We take the security of your data seriously:

  • OAuth tokens are encrypted with AES-256-GCM before storage
  • Workspace files are encrypted at rest with per-user keys derived via HKDF
  • All communication between your browser and our servers uses HTTPS/TLS
  • AI agent sandboxes are isolated per user — no cross-tenant data access
  • Internal API endpoints are protected with secret-based authentication and timing-safe comparison
  • Security headers (X-Frame-Options, CSP, etc.) are applied to all responses

5. Third-Party Services

The Service integrates with the following third-party providers. Each has its own privacy policy:

  • Anthropic (Claude) — AI model provider. Your messages are sent to Anthropic's API to generate responses.
  • OpenAI — Fallback AI model provider, used when configured.
  • Google APIs — Gmail, Calendar, Drive access on your behalf.
  • Microsoft Graph API — Outlook, OneDrive, Teams, Calendar access on your behalf.
  • Stripe — Payment processing.
  • E2B — Sandboxed code execution environment for AI agents.

6. Data Retention

We retain your data for as long as your account is active. When you delete your account, we will delete your personal data, chat history, workspace files, channel connections, and stored tokens within 30 days. Anonymized usage analytics may be retained for operational purposes.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Delete your account and all associated data
  • Disconnect any connected channel or revoke OAuth access at any time
  • Export your conversation history
  • Opt out of non-essential data processing

8. Cookies

We use essential cookies for authentication (session tokens) and user preferences (theme, locale). We do not use third-party tracking cookies or advertising cookies.

9. Children's Privacy

The Service is not intended for children under 16. We do not knowingly collect personal information from children under 16.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a notice on the Service. Your continued use after changes constitutes acceptance of the updated policy.

11. Contact

If you have questions about this Privacy Policy or your data, please contact us at privacy@crewai.app.