Privacy Policy

Effective Date: June 29, 2026

Data Collected & Processed

To deliver our frontline verification service, CrewMento processes the following categories of data:

  • User Information: Names, corporate emails, and roles (Admin, Safety Lead, Operator).
  • Floor Reality & Audit Logs: Step-by-step timestamps, question-by-question metrics, interface click history, and direct shift crew comments.
  • Client-Uploaded Assets: Operating manuals, machine schematics, and chemical safety sheets.

Global Privacy & Cross-Border Data Transfers

  • Server Locations: Data is currently hosted on secure virtual private servers (VPS) in India. To optimize performance and fulfill strict data residency obligations for international clients, the Company is in the process of deploying infrastructure within the European Union (EU).
  • Cross-Border Protections:We utilize Standard Contractual Clauses (SCCs) to ensure safe data transfers from the US, EU, and Australia to our processing centers, maintaining compliance with the EU GDPR, Australian Privacy Act 1988, California Consumer Privacy Act (CCPA), and India's Digital Personal Data Protection (DPDP) Act 2023.

Absolute Data Isolation & Confidentiality Guarantee

The CrewMento Data Pledge: We guarantee that no personnel, staff, or internal engineers from Webgrapes Private Limited (CrewMento) will access, read, reuse, or share your proprietary company data, plant operational schematics, or workforce tracking analytics for any purpose other than critical server maintenance or as explicitly authorized by your administrative team. Your data is isolated per tenant branch and strictly confidential.

AI Data Ingestion Privacy Safeguards

Because CrewMento utilizes a Bring Your Own Key (BYOK) framework for its automated AI capabilities, our infrastructure acts merely as a secure pass-through pipeline. We do not ingest your proprietary manuals into global datasets or public LLMs. It is the Client's responsibility to configure data privacy settings within their respective Google Gemini console.

Data Retention & Right to Erasure

We store compliance metrics for as long as the Client's enterprise account is active. Following the 30-day post-termination export window, or upon a verified request for deletion under regional privacy frameworks (such as GDPR "Right to be Forgotten"), we permanently wipe the data files from our databases.