CrewHu Privacy Statement on Compliance with GDPR

Last updated: June 15, 2026

On May 25, 2018, the European Union's data privacy law, the General Data Protection Regulation (GDPR), became effective and Crewhu maintains privacy and security practices designed to protect your privacy.

GDPR is broad in scope and affects businesses outside of the EU, as it applies to all companies processing and holding the personal data of residents and citizens of the EU, and, where applicable, the United Kingdom, regardless of the company's location. Under GDPR, "personal data" means "any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier."

Crewhu maintains policies and practices designed to support compliance with GDPR requirements regarding the collection and storage of your personal data. For more information on how and when we collect your personal data, please read our Privacy Policy.

What does CrewHu do to comply with GDPR?

Among other measures, Crewhu has updated its privacy policy and practices to require that:

• Any personal data transferred to us has been collected and processed by you in accordance with GDPR requirements in respect to consent and lawfulness of processing;
• If we obtain personal data from a source other than the individual it relates to, we provide them with privacy information;
• We provide individuals with privacy information at the time we collect their personal data from them;
• We provide individuals with information regarding their rights to erasure, to rectification, to transfer, and to object to profiling regarding personal data stored by Crewhu; individuals desiring to exercise these rights may do so by contacting privacy@crewhu.com.
• We implement appropriate technical and organizational measures, including:
  • SSL with 256-bit encryption.
  • Fully secured server infrastructure, with dedicated servers, automated backups, and routinely updated security patches.
  • Appropriate safeguards and vendor controls for data transfers and processing by external data processors, where applicable, without relying on the EU-U.S. Privacy Shield framework.
  • Use of external data processors to provide, host, maintain, and support the Services, as described below.
  • General data processing locations / regions are identified below and may be updated from time to time.
• We maintain information available regarding the categories of personal data obtained and the recipients or categories of recipients of the personal data.

External Data Processors and Data Processing Locations

Crewhu uses external data processors to provide, host, maintain, and support the Services. Current external data processors and general data processing locations include:

Standardized Privacy and Security Documentation

Crewhu provides privacy and security information through its standardized public documentation, including this GDPR Policy, the Privacy Policy, Terms and Conditions, and related public support resources. For standard subscriptions, customers agree to Crewhu's public Terms of Use at signup, and Crewhu does not provide separately signed agreements. Crewhu does not complete customer-specific security questionnaires, perform customized privacy or security assessments, or execute customized or customer-provided privacy, security, data processing, or vendor compliance documents for standard subscriptions.

CrewHu does not provide confidential security materials, penetration test reports, vulnerability scan results, infrastructure diagrams, employee records, insurance certificates, or other non-public security documentation for standard subscriptions.

Crewhu takes privacy seriously. If you have any questions or concerns about how we collect and store your personal data or if you would like to exercise any of your rights under GDPR, please contact us at privacy@crewhu.com.