Privacy Policy

Effective Date: May 5, 2026

This Privacy Policy describes how Androcrew ("we," "us," or "our") collects, uses, discloses, and protects your information when you access or use the Androcrew platform at chat.androcrew.com and any related services, websites, mobile applications, APIs, and integrations (collectively, the "Service"). Androcrew is an AI-powered personal assistant platform that uses generative AI and large language models ("LLMs") to perform tasks on your behalf.

      Privacy at a glance.
      We collect only what is needed to operate the Service.
We do not sell your personal information.
We do not use your conversations, files, or connected-account data to train AI models — ours or third-party.
For financial connections (Plaid), we store only an encrypted access token. We do not persist your bank transactions in our systems; we fetch them on demand to fulfill your request and discard them after the response is generated.
For voice/telephony features, we do not retain audio recordings. Only a transcript is produced; the only durable copy is a truncated form in our system logs.
You can delete your conversations, files, connected accounts, and entire account at any time.

    

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

Email address
Name (as provided via your identity provider)
Authentication credentials managed through our identity provider (Keycloak); we do not see or store your password directly
Optional profile information you choose to provide (preferences, locale, timezone)

1.2 Conversation Data

When you use the Service, we store:

Messages you send and responses generated by AI
Chat session metadata (titles, timestamps, tags, folders)
Files you upload to conversations or knowledge bases
Notes and personal context you save within the platform
Vector embeddings (numerical representations) of your content used for retrieval

1.3 Connected Account Data

If you connect third-party accounts (e.g., Google, Plaid, telephony), we may access and store:

OAuth access and refresh tokens, encrypted at rest, used to maintain your authorized connection
The minimum profile metadata needed to identify the connection (e.g., the email address of the connected mailbox)
Data returned from the connected service in the course of fulfilling a specific request you make (see Section 4 for how this data flows through AI processing)

We request only the OAuth scopes needed to provide the features you use, and you can disconnect any account at any time, which revokes our stored tokens.

1.4 Billing Information

Payment processing is handled by Stripe. We store:

Subscription tier and status
Stripe customer and subscription identifiers
Last four digits and brand of your payment method (for display only)
Invoice history and billing address (as provided to Stripe)

We never store full credit card numbers, CVVs, or raw payment credentials.

1.5 Usage Data

Token consumption and task counts per billing cycle
API key usage metadata (API keys themselves are hashed)
Scheduled task definitions and execution history
Feature interaction events (e.g., which crew was selected, which tools were called)

1.6 Automatically Collected Data

Request logs (IP address, user agent, request timestamps, request IDs)
Error and performance logs for service reliability
Approximate location derived from IP address (for security and regional routing)

2. How We Use Your Information

Purpose	Data Used
Provide AI-powered responses	Conversation messages, uploaded files, connected-account data fetched for the request
Maintain chat history and personalization	Messages, session metadata, saved memory entries
Process payments and manage subscriptions	Billing information via Stripe
Enforce usage limits and prevent abuse	Token consumption, task counts, request logs
Execute scheduled tasks	Task definitions, user context, OAuth tokens
Operate, debug, and improve service reliability	Error logs, performance metrics, AI observability traces
Send service notifications	Email address (usage warnings, billing updates, security alerts)
Comply with legal obligations and enforce our Terms	Account, billing, and log data as required

We do not use your conversations, files, or connected-account data for advertising, profiling for marketing purposes, or to train AI models.

3. Legal Bases for Processing (EEA / UK)

If you are located in the European Economic Area or the United Kingdom, we process your personal data under the following legal bases:

Contract: to provide the Service you have requested.
Legitimate interests: to operate, secure, and improve the Service, prevent fraud and abuse, and communicate with you about the Service. We balance these interests against your privacy rights.
Consent: for optional features such as connecting third-party accounts, telephony features, and certain cookies. You can withdraw consent at any time.
Legal obligation: to comply with applicable laws and respond to lawful requests.

4. AI and Large Language Models

Important: Your messages, attached content, and connected-account data fetched for a request are sent to third-party AI model providers to generate responses. This is core to how the Service works. We have selected providers and routing partners that contractually agree not to use customer content to train their models.

4.1 How AI Processing Works

Your messages, plus any context the assistant determines is relevant (recent chat history, retrieved knowledge-base snippets, tool results, fetched calendar events or emails, etc.), are assembled into a prompt and sent to one or more third-party LLM providers.
Responses are streamed back to you and stored as part of the conversation.
Uploaded files and knowledge-base documents are processed to generate vector embeddings for semantic search and retrieval.

4.2 AI Model Providers

We route LLM requests through OpenRouter, which forwards them to upstream providers including Anthropic, Google, xAI, and others. We configure OpenRouter and our routing rules to use providers and endpoints that do not retain prompts or completions for training. Each provider remains subject to its own privacy policy.

4.3 No Training on Your Data

We do not use your conversations, prompts, completions, files, embeddings, or connected-account data to train, fine-tune, or evaluate any AI model — ours or any third party's. We do not sell or otherwise make this content available for AI training by others.

4.4 AI Limitations

AI-generated responses may be inaccurate, incomplete, biased, or otherwise inappropriate.
The Service does not provide professional advice (legal, medical, financial, tax, or otherwise).
You should independently verify any important information before relying on it.

4.5 Observability

We use Langfuse (self-hosted) to monitor AI interactions for quality, debugging, latency, and cost. This includes logging prompts, responses, tool calls, and token usage. Access is restricted to authorized members of our operations team, and observability data is subject to the same retention and deletion controls as the underlying conversation.

5. Memory and Personalization

The Service can remember facts and preferences you choose to share (or that the assistant infers) to provide more personalized responses across sessions. Memory entries are stored in your account, are visible to you, and can be edited or deleted at any time. Memory is used only to personalize your experience and is not shared across users or used to train models.

6. Financial Account Linking (Plaid)

We do not store your bank transaction data. If you link a financial account via Plaid, we store only an encrypted Plaid access token tied to your account. When you make a request that requires financial data (for example, asking about your spending or a subscription audit), we use that token to fetch the necessary data from Plaid in real time, process it to answer your request, and discard it from working memory once the response is generated. Bank transaction details, balances, and account numbers are not persisted in our databases.

6.1 What We Store

An encrypted Plaid access token and item identifier per linked institution.
Minimal display metadata about the link (e.g., institution name and a masked account label) so you can identify and manage your connections.
A high-level audit record that a fetch occurred (timestamp, requesting feature) — without the financial data itself.

6.2 What We Do Not Store

Bank login credentials (Plaid handles authentication; we never see your credentials).
Full account or routing numbers.
Transaction histories, transaction-level metadata, balances, holdings, or liabilities.
Any derivative dataset built from your transactions.

6.3 Data Flow

For each financial request: provision token → fetch from Plaid → analyze in memory → return answer to you → discard fetched data. Anything that briefly appears in our LLM observability traces is subject to retention and deletion controls and is access-restricted.

6.4 Disconnecting

You can disconnect any linked institution at any time from the Service, which deletes the stored access token. You can also revoke access directly through Plaid Portal.

7. Voice and Telephony Features

We do not retain audio recordings. When you use a voice chat feature or the assistant places or receives a phone call on your behalf, the audio stream is converted to text in real time. The audio is not saved. The only durable artifact is the text transcript, and we further reduce that by storing only a truncated form in our system logs.

7.1 What We Capture

Real-time speech-to-text transcripts produced from the audio stream while the call or voice session is active.
Call metadata (phone number dialed or received, duration, timestamps, outcome).
A truncated transcript snippet retained in logs for debugging and support.

7.2 What We Do Not Retain

Audio recordings of voice chat or telephony calls.
Full untruncated transcripts beyond the active session window required to complete your task.

7.3 Two-Party Consent and Disclosure

Some jurisdictions require all parties to a call to consent to recording or transcription. Because the Service may transcribe calls, you are responsible for providing any required disclosure to the other party and for using the feature in compliance with applicable laws. The assistant is generally instructed to disclose that it is an AI when placing calls on your behalf.

8. Google User Data

Where the Service integrates with Google APIs (Gmail, Calendar, Drive, Contacts), our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use Google user data only to provide and improve user-facing features you have requested. We do not transfer Google user data to third parties except as necessary to provide or improve those user-facing features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users. We do not use Google user data for serving advertisements or for training generalized AI models.

9. Third-Party Services

The Service integrates with the following categories of third-party services:

Service	Purpose	Data Shared
OpenRouter / upstream LLM providers	AI model routing	Prompts and contextual content needed to generate the response
Google APIs	Gmail, Calendar, Drive, Contacts	OAuth tokens; data accessed per your specific requests
Plaid	Financial account linking	Bank account access tokens; transactional data fetched on demand and not persisted
Stripe	Payment processing	Billing and payment information
SendGrid	Transactional email	Email address, notification content
Telephony providers	Voice call placement and transcription	Phone numbers, call audio (in-flight only), transcripts
Keycloak (self-hosted)	Authentication and SSO	Account and authentication data
Google Cloud Platform	Cloud infrastructure	All hosted data (under our control)

Each third-party service is governed by its own privacy policy. We encourage you to review them.

We share personal information only as described in this policy:

Service providers and processors who help us operate the Service (cloud hosting, payment processing, AI model routing, email delivery, telephony) under contracts that restrict their use of your information.
Connected services you authorize, when you direct the assistant to send an email, create a calendar event, place a call, etc.
Legal and safety reasons, where we believe disclosure is reasonably necessary to comply with law, enforce our Terms, or protect the rights, safety, or property of users or others.
Business transfers, in connection with a merger, acquisition, financing, or sale of assets, with appropriate notice to you.
With your explicit consent for any other purpose.

We do not sell your personal information, and we do not "share" it for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA.

11. Cookies and Tracking Technologies

We use a small number of strictly necessary and functional cookies and similar technologies (such as browser local storage) to:

Keep you signed in (session and authentication tokens).
Remember your UI preferences (theme, language, layout).
Maintain CSRF protection and other security controls.

We do not use third-party advertising or cross-site tracking cookies. Where required by law, we will request your consent for non-essential cookies.

12. Data Storage and Security

12.1 Infrastructure

Data is stored on Google Cloud Platform (GCP) infrastructure in the United States.
Databases use PostgreSQL with encryption at rest.
Files are stored in Google Cloud Storage with access controls.
OAuth tokens, API keys, and similar secrets are encrypted before storage; API keys are additionally hashed.
All network traffic is encrypted via TLS/HTTPS.

12.2 Access Controls

User data is isolated at the application level — you can access only your own data.
Administrative access is restricted, authenticated through SSO, and logged.
We follow the principle of least privilege and conduct periodic access reviews.

12.3 Your Responsibilities

No system is perfectly secure. You are responsible for keeping your account credentials and any API keys you generate confidential. Notify us immediately at support@androcrew.com if you suspect unauthorized access to your account.

13. Data Retention

Data Type	Retention Period
Conversations and messages	Until you delete them or your account
Uploaded files and knowledge bases	Until you delete them or your account
Memory entries	Until you delete them or your account
Plaid transactional data	Not stored — fetched on demand and discarded after the response
Voice/telephony audio	Not stored
Voice/telephony transcripts (full)	Held only in active session memory; not persisted
Voice/telephony transcript snippets in logs	Truncated; retained with server logs (30 days)
Automated action audit logs	90 days
Scheduled task execution history	90 days
AI observability traces (Langfuse)	30 days
Server and request logs	30 days
Billing records	As required by tax, accounting, and other applicable laws
Backups	Up to 35 days; deleted data is purged on the backup rotation cycle

14. Your Rights and Choices

Subject to applicable law, you have the right to:

Access the personal data we hold about you.
Correct inaccurate or incomplete information.
Delete your conversations, files, knowledge bases, memory entries, connected accounts, and your entire account.
Disconnect third-party accounts at any time, revoking our stored tokens.
Export a portable copy of your data.
Object to or restrict certain processing.
Withdraw consent where processing is based on consent.
Lodge a complaint with your local data protection authority.

You can exercise most rights directly in the Service settings. For requests we cannot complete in-app — including data exports and full account deletions — email support@androcrew.com. We will verify your identity before acting on a request and will respond within the timeframes required by applicable law (generally within 30 days, extendable as the law permits).

15. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, gives you specific rights regarding your personal information.

15.1 Categories Collected

In the past 12 months we have collected the following categories of personal information: identifiers (name, email, IP address); customer records (billing details via Stripe); commercial information (subscription and usage data); internet/network activity (request logs, feature usage); geolocation (approximate, derived from IP); and inferences drawn from any of the above for product personalization. We collect sensitive personal information only when you provide it (for example, content you place in a conversation or document) and we use it solely to provide the Service.

15.2 Sources, Purposes, and Recipients

We collect this information directly from you, from your devices, and from third-party services you authorize. We use it for the purposes described in Section 2 and disclose it only to the categories of recipients described in Section 10.

15.3 Your California Rights

Right to know what personal information we collect, use, disclose, and (if applicable) sell or share.
Right to delete personal information we have collected from you.
Right to correct inaccurate personal information.
Right to limit the use and disclosure of sensitive personal information.
Right to opt out of the sale or sharing of personal information. We do not sell or share personal information as those terms are defined under the CCPA/CPRA, so there is nothing to opt out of.
Right to non-discrimination for exercising your rights.

To exercise these rights, contact support@androcrew.com. You may designate an authorized agent to make a request on your behalf, subject to verification.

16. Sensitive Information and Acceptable Use

The Service is a general-purpose AI assistant and is not designed or certified for handling regulated categories of data such as protected health information (HIPAA), card data subject to PCI-DSS beyond what Stripe handles, government-classified information, or data subject to specialized export controls. Please do not submit this kind of information to the Service. You are responsible for the lawfulness of the content you submit and for ensuring that you have the right to share any third-party data (including content from connected accounts) with the Service.

17. Automated Decision-Making

The Service uses AI to generate suggestions, drafts, and actions in response to your requests. We do not use this AI to make decisions about you that produce legal or similarly significant effects without your involvement. Actions that have real-world impact (sending emails, placing calls, scheduling events, moving money where supported) require your authorization either at the time of the action or via a scheduled task you have configured.

18. Children's Privacy

The Service is not intended for users under the age of 18, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact support@androcrew.com and we will delete it.

19. International Data Transfers

Androcrew is operated from the United States, and your data may be processed in the United States and other countries where our service providers operate. Where required by law (for example, transfers from the EEA, UK, or Switzerland), we rely on appropriate transfer mechanisms such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, and applicable adequacy decisions. By using the Service, you understand that your data may be transferred to jurisdictions that may not provide the same level of data protection as your home jurisdiction.

20. Security Incident Notification

If we become aware of a security incident that affects your personal information, we will notify you and any applicable regulators as required by law, without undue delay. Notice will describe the nature of the incident, the categories of data involved, the steps we have taken or will take, and recommended actions for you.

21. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page, updating the effective date, and — for material changes — providing additional notice (such as an in-app notice or email) before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

22. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise any of your rights, contact us at:

Privacy: support@androcrew.com
Security: support@androcrew.com