Privacy Policy

Last updated: March 13, 2026

CrewNest, Inc. ("CrewNest," "Company," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, store, and protect information obtained through our website at crewnest360.com, our mobile applications, and all related services (collectively, the "Platform").

By accessing or using the Platform, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with this Privacy Policy, you must not access or use the Platform.

This Privacy Policy is designed to comply with the California Consumer Privacy Act ("CCPA"), the General Data Protection Regulation ("GDPR"), and other applicable data protection laws. Where specific provisions apply only to residents of certain jurisdictions, this is noted in the relevant section.

1. Information We Collect

1.1 Personal Information You Provide

When you create an account, use our services, or communicate with us, we may collect the following categories of personal information:

  • Identity Information: Full legal name, date of birth, profile photograph, and gender.
  • Contact Information: Email address, phone number, and mailing address.
  • Professional Information: Airline employer, crew type (pilot, first officer, flight attendant), employee identification number, base airport (domicile), and seniority status.
  • Financial Information: Payment method details (processed and stored securely by Stripe, Inc. — CrewNest does not store full credit or debit card numbers), bank account information for host payouts via Stripe Connect, and tax identification numbers where required.
  • Listing Information (Hosts): Property address, descriptions, photographs, pricing, availability, house rules, and amenity details.
  • Booking Information: Check-in and check-out dates, guest count, special requests, and booking preferences.

1.2 Verification Documents

To verify your airline crew status, we collect photographs or scans of your airline-issued identification badge and/or employment verification documentation. These documents are encrypted using AES-256 encryption at rest and transmitted via TLS 1.3 in transit. Verification documents are stored in our secure Supabase Storage infrastructure with strict access controls. Only authorized CrewNest personnel involved in the verification process may access these documents.

1.3 Information Collected Automatically

When you access or use the Platform, we automatically collect certain information, including:

  • Usage Data: Pages visited, features used, search queries, listing views, booking patterns, time spent on pages, click patterns, and referral sources.
  • Device Information: Device type, operating system, browser type and version, screen resolution, language settings, and unique device identifiers.
  • Network Information: IP address, internet service provider, connection type, and approximate geolocation derived from your IP address.
  • Location Data: With your permission, we may collect precise geolocation data from your device to provide location-based search results and show listings near your current location. You may revoke location permissions at any time through your device settings.

1.4 Communications

We collect and store messages exchanged between Users through the Platform's in-app messaging system, communications with our customer support team (including AI-assisted support chat), and email correspondence. In-app messages are transmitted in real time via Supabase Realtime and are stored in our database. Personal contact information (phone numbers, email addresses) is masked in messages until a booking is confirmed.

1.5 Information from Third Parties

We may receive information about you from third-party service providers, including:

  • Stripe: Payment verification, transaction status, and account information for payment processing and host payouts.
  • Checkr: Background check results for host verification (report status only — we do not store full background check reports).
  • Google OAuth: If you sign in using Google, we receive your name, email address, and profile picture from your Google account.

2. How We Use Your Information

We use the information we collect for the following purposes, each of which constitutes a legitimate interest or is based on your consent:

  • Providing and Improving Services: To operate, maintain, and improve the Platform, including creating and managing your account, processing bookings, facilitating communications between hosts and guests, and developing new features and services.
  • Identity and Crew Verification: To verify your identity as an airline crew member, prevent fraud, and maintain the integrity of our crew-only community. This includes manual review of verification documents by authorized personnel.
  • Payment Processing: To process booking payments, host payouts, refunds, and other financial transactions through our payment processor, Stripe. This includes detecting and preventing fraudulent transactions.
  • AI-Powered Matching and Recommendations: To provide personalized listing recommendations using our AI matching system powered by Anthropic's Claude API. Your profile data, search history, booking preferences, and schedule patterns are analyzed to identify optimal housing matches. All AI processing occurs on our secure servers and is not used to train third-party AI models.
  • Communications: To send you transactional notifications (booking confirmations, payment receipts, payout notifications), safety alerts, and platform updates. With your explicit consent, we may also send promotional communications and marketing emails. You may opt out of marketing communications at any time.
  • Safety and Fraud Prevention: To detect, investigate, and prevent fraudulent, unauthorized, or illegal activities; to enforce our Terms of Service; and to protect the rights, property, and safety of CrewNest, our Users, and the public.
  • Analytics and Research: To analyze usage patterns, measure the effectiveness of features, and conduct research to improve the Platform. Analytics data is aggregated and de-identified where possible.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests, including tax reporting and regulatory compliance.

3. Information Sharing and Disclosure

We NEVER sell your personal information to third parties.

CrewNest does not sell, rent, or trade your personal data to advertisers, data brokers, or any other third parties for their marketing or commercial purposes.

We may share your information in the following limited circumstances:

3.1 With Other Users

When you make a booking, we share necessary information with the host, including your name, profile photo, crew type, airline, and check-in/check-out dates. Similarly, guests receive the host's name, profile photo, property address, and check-in instructions. Personal contact information (phone numbers, email addresses) remains masked until a booking is confirmed. Full property addresses are disclosed only after booking confirmation.

3.2 With Service Providers

We share information with trusted third-party service providers who perform services on our behalf, subject to contractual obligations of confidentiality and data protection:

  • Stripe, Inc. — Payment processing, host payout administration, and fraud detection.
  • Supabase, Inc. — Database hosting, authentication, file storage, and real-time messaging infrastructure.
  • Anthropic, PBC — AI-powered listing matching, pricing suggestions, and content moderation via the Claude API. Only anonymized or pseudonymized data is shared; no crew verification documents are transmitted.
  • Resend, Inc. — Transactional email delivery (booking confirmations, payout notifications, account alerts).
  • Checkr, Inc. — Host background verification services. Checkr processes background checks directly; CrewNest receives only pass/fail status results.
  • Mapbox, Inc. — Map rendering and geocoding services for listing search and display.
  • Vercel, Inc. — Web application hosting and content delivery.

3.3 With Law Enforcement and Legal Authorities

We may disclose your information if we believe in good faith that such disclosure is necessary to: (a) comply with a legal obligation, subpoena, court order, or other legal process; (b) protect and defend the rights, property, or safety of CrewNest, our Users, or the public; (c) detect, prevent, or address fraud, security, or technical issues; or (d) respond to an emergency involving danger of death or serious physical injury.

3.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity. We will notify you via email and/or a prominent notice on the Platform of any change in ownership or uses of your personal information, as well as any choices you may have regarding your information.

4. Data Security

4.1 CrewNest implements industry-standard administrative, technical, and physical security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.3. Verification documents and sensitive personal data receive additional encryption layers.
  • Access Controls: Supabase Row Level Security (RLS) policies ensure that Users can only access data they are authorized to view. Administrative access is restricted to authorized personnel with multi-factor authentication.
  • Infrastructure Security: Our infrastructure is hosted on SOC 2 Type II compliant providers (Supabase, Vercel, Stripe) with automatic security patching, intrusion detection systems, and regular penetration testing.
  • Payment Security: All payment processing is handled by Stripe, which is PCI-DSS Level 1 certified. CrewNest never receives, processes, or stores full credit card numbers.
  • Security Audits: We conduct regular security audits and vulnerability assessments to identify and remediate potential security risks.

4.2 While we employ commercially reasonable security measures, no method of electronic transmission or data storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly notifying affected Users in the event of a data breach in accordance with applicable data breach notification laws.

5. Your Rights

5.1 Rights Available to All Users

Regardless of your location, you have the following rights regarding your personal information:

  • Right to Access: You may request a copy of the personal information we hold about you.
  • Right to Correction: You may request that we correct any inaccurate or incomplete personal information.
  • Right to Deletion: You may request that we delete your personal information, subject to certain legal exceptions (such as data required for tax reporting or active dispute resolution).
  • Right to Data Portability: You may request a copy of your personal information in a structured, commonly used, and machine-readable format (JSON or CSV).
  • Right to Opt-Out of Marketing: You may opt out of receiving promotional communications at any time by clicking the "unsubscribe" link in any marketing email or by updating your notification preferences in your account settings.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

5.2 Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business or commercial purposes for collection, and the categories of third parties with whom we share it.
  • Right to Opt-Out of Sale or Sharing: CrewNest does not sell personal information. We do not share personal information for cross-context behavioral advertising purposes.
  • Right to Limit Use of Sensitive Personal Information: You may request that we limit the use and disclosure of your sensitive personal information to that which is necessary to provide the services.

California residents may submit CCPA requests by emailing privacy@crewnest360.com with the subject line "CCPA Request." We will verify your identity before processing any request and will respond within forty-five (45) days.

5.3 Additional Rights for EEA/UK Residents (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have additional rights under the GDPR, including:

  • Right to Restrict Processing: You may request that we restrict the processing of your personal data in certain circumstances.
  • Right to Object: You may object to the processing of your personal data based on our legitimate interests.
  • Right to Withdraw Consent: Where we rely on your consent for processing, you may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority.

5.4 How to Exercise Your Rights

To exercise any of your privacy rights, please contact us at privacy@crewnest360.com. We will respond to verified requests within thirty (30) days (or forty-five (45) days for CCPA requests). We may require you to verify your identity before fulfilling your request to protect your privacy and security.

6. Cookies and Tracking Technologies

6.1 CrewNest uses only essential cookies that are strictly necessary for the operation of the Platform. These include:

  • Authentication Cookies: To maintain your login session and recognize you when you return to the Platform.
  • Security Cookies: To support security features and detect malicious activity.
  • Preference Cookies: To remember your settings and preferences (such as language or display preferences).

6.2 CrewNest does NOT use third-party advertising cookies or tracking pixels. We do not participate in ad networks or allow third-party advertisers to track our Users across the internet.

6.3 We may use privacy-first analytics tools to understand aggregate usage patterns on the Platform. These analytics are configured to respect user privacy, do not use persistent identifiers, and do not track individual users across websites.

6.4 You can control cookies through your browser settings. Disabling essential cookies may impair your ability to use certain features of the Platform.

7. Children's Privacy

7.1 The Platform is not directed to individuals under the age of eighteen (18). CrewNest does not knowingly collect personal information from children under 18. Given the professional nature of our service (airline crew housing), all Users must be adults with verified airline employment.

7.2 If we become aware that we have collected personal information from a child under 18, we will take immediate steps to delete such information from our records. If you believe that we may have collected information from a child under 18, please contact us at privacy@crewnest360.com.

8. International Users

8.1 CrewNest is headquartered in Miami, Florida, United States. If you access the Platform from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where our servers are located and our central database operates.

8.2 The data protection laws of the United States may differ from those of your country of residence. By using the Platform, you consent to the transfer of your information to the United States and acknowledge that your data will be subject to U.S. laws.

8.3 For transfers of personal data from the EEA/UK to the United States, we rely on appropriate legal mechanisms, including Standard Contractual Clauses approved by the European Commission, to ensure that your data receives adequate protection.

9. Data Retention

9.1 We retain your personal information for as long as your account remains active and as necessary to provide you with the Platform's services. Specific retention periods are as follows:

Active Account Data:Retained for the duration of your active account and for thirty (30) days following account deletion to allow for account recovery.
Verification Documents:Retained for three (3) years following account closure or last verification date for regulatory compliance and fraud prevention purposes.
Transaction Records:Retained for seven (7) years in accordance with U.S. tax law and IRS record-keeping requirements.
Messages:Retained for one (1) year after account deletion. Messages associated with active disputes are retained until the dispute is resolved.
Usage and Analytics Data:Aggregated and de-identified within ninety (90) days. De-identified data may be retained indefinitely for analytical purposes.

9.2 Upon account deletion, your personal data is removed from our active systems within thirty (30) days. Backup systems may retain encrypted copies for up to ninety (90) days before automatic purging. Data required for legal obligations, dispute resolution, or fraud prevention may be retained beyond these periods as permitted by law.

10. Changes to This Privacy Policy

10.1 We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will: (a) update the "Last updated" date at the top of this Privacy Policy; (b) notify you via email to the address associated with your account; and (c) post a prominent notice on the Platform.

10.2 Material changes will take effect thirty (30) days after notification. Your continued use of the Platform after the effective date constitutes acceptance of the updated Privacy Policy.

10.3 We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

CrewNest, Inc.

Privacy Department

Miami, FL

Email: privacy@crewnest360.com

For general support: support@crewnest360.com

Website: crewnest360.com

For CCPA requests, please include "CCPA Request" in your email subject line. For GDPR requests, please include "GDPR Request" in your email subject line. We will respond to verified requests within the timeframes required by applicable law.

Back to top

AI Assistant

Powered by Claude

Hi! I'm CrewNest's AI assistant. I can help you with:

• Finding crash pads near your base
• Understanding how booking works
• Payment and refund questions
• Host questions and setup
• Safety and verification

What can I help you with today?

AI responses may not always be accurate