How Crewie Protects Your Data
Encryption, access controls, infrastructure, and compliance
Your business data is sensitive. We treat it that way.
Encryption
All data in Crewie is encrypted both in transit and at rest.
- In transit: TLS 1.3
- At rest: AES-256 encryption
- Database backups are encrypted
- Encryption keys are managed securely and rotated regularly
Access controls
We implement strict access controls so only the right people can access your data:
- Multi-factor authentication (MFA) — available and strongly recommended for all users
- Role-based access control (RBAC) — permissions based on role, not individual configuration
- Single sign-on (SSO) — via Google and Microsoft
- Session management and automatic timeout
- Full audit logs of all access and changes
Infrastructure
Crewie runs on enterprise-grade cloud infrastructure with:
- Regular security patches and updates
- DDoS protection and rate limiting
- Automated backups with point-in-time recovery
- Geographic data redundancy
Compliance
- GDPR compliant data handling
- SOC 2 Type II certification in progress
- CCPA compliance for California users
- Regular third-party security audits
- Penetration testing and vulnerability assessments
Your role in security
Security is a shared responsibility. You can help keep your account secure by:
- Using a strong, unique password for your Crewie account
- Enabling multi-factor authentication
- Not sharing your login credentials
- Logging out of shared or public devices
- Reporting suspicious activity to security@crewie.app immediately
Questions or concerns? Contact our security team at security@crewie.app.
Was this helpful?