Last updated: June 8, 2026
Effective date: 2026-06-07 Last updated: 2026-06-07 Version: 1.1
This policy explains what personal data Crew handles, why we handle it, who we share it with, how long we keep it, and what choices and rights you have.
Crew is operated by ALETHEIA SYSTEMS HOLDINGS LIMITED, a company registered in England and Wales.
Company number: 17081867
Registered office: Office 15201, Initial Business Centre, Unit 7 Wilson Business Park, Manchester, England, M40 8WN
Privacy contact: privacy@crew-app.com
General support: support@crew-app.com
For the purposes of this Privacy Policy, “Crew”, “we”, “us”, and “our” mean ALETHEIA SYSTEMS HOLDINGS LIMITED, unless a specific feature, payment provider, app store, organizer, or third-party service acts as a separate controller for its own processing.
Crew is an events platform. We provide tools for event discovery, event creation, registration, payments, notifications, maps, messaging, moderation, customer support, and related platform operations.
This Privacy Policy applies to Crew websites, apps, dashboards, event pages, support channels, and related services that link to this policy.
If there is any conflict or ambiguity between the English version and any other translation version, the English version will control, unless applicable law requires otherwise.
Crew is for adults.
Crew is intended for users who are 18 years old or older.
You must not create an account, host an event, join an event, make a payment, receive a payout, or use Crew if you are under 18.
If we learn that an account belongs to a person under 18, or that content involves a minor in a way that is not allowed by law or Crew policy, we may restrict the account, remove content, request additional information, or delete relevant data.
A parent or legal guardian may contact privacy@crew-app.com if they believe Crew has handled data about a minor.
Crew controls the core platform data. Event organizers may also have their own privacy responsibilities when they receive or use participant information.
For most Crew platform activity, Crew acts as the data controller because we decide why and how the platform processes account, event, registration, payment, safety, support, and technical data.
Event organizers may also act as separate data controllers when they independently use participant information for their own event delivery, attendee management, local compliance, tax records, safety planning, customer communication, or legal obligations.
Organizers must only use participant information for legitimate event-related purposes and must not misuse, sell, expose, or repurpose participant information.
If Crew later provides a separate organizer data processing agreement, organizer terms, or data sharing notice, that document may explain additional role-specific responsibilities.
Where required under Article 27 GDPR, our representative in the European Economic Area is Zhongli Liu, located in Italy.
EEA users may contact our EEA representative about matters relating to Crew's processing of personal data under the GDPR. You may also contact Crew directly at privacy@crew-app.com.
Our EEA representative is a GDPR contact point. It does not handle general customer support, event disputes, refunds, payments, or account support unless Crew clearly says otherwise.
We collect the data needed to run an event platform, process payments, keep the service safe, provide support, and improve reliability.
Crew may handle the following categories of data, depending on which features you use.
| Data category | Examples |
|---|---|
| Account data | Name, email, user ID, login identifiers, account status, verification status, language, country or region, account settings |
| Profile data | Username, avatar, bio, preferences, follows, favorites, public profile details, organizer profile details |
| Event data | Event title, description, category, price, capacity, date, time, place, route information, requirements, organizer rules, visibility, registration status, attendance status, cancellation status, refund status |
| Registration data | Event joined, booking or registration ID, attendance status, participant status, cancellation history, check-in or access status where enabled |
| Location and map data | Precise device location when enabled, approximate location, selected places, coordinates, addresses, routes, route stops, map views, geocoding, reverse geocoding, timezone data |
| User content | Photos, videos, event media, comments, public posts, messages, reports, feedback, support content, attachments submitted in report or support flows |
| Messages and communications | Direct messages, group messages where enabled, support messages, organizer-participant communications, notification records |
| Payment and payout data | Payment status, purchase or registration history, Stripe identifiers, Stripe Connect status, payout status, subscription status, refund status, disputes, chargebacks, balances, platform fees, service fees, fraud-prevention records |
| Marketing and promotion data | Marketing preferences, email subscription status, push notification preferences, campaign engagement, promoted event interactions, sponsored placement interactions, ad or promotion measurement data where enabled |
| Device and app data | Device identifiers, app instance identifiers, push tokens, app version, operating system, crash logs, diagnostics, analytics events, performance data, security signals |
| Policy and audit records | Policy version accepted, language, source, timestamp, IP address, user agent, consent records, account deletion records, moderation records, enforcement records |
Crew does not store full card numbers when Stripe, an app store, or another payment provider processes the payment.
We use data to provide Crew, process event registrations and payments, keep users safe, comply with law, and improve the product.
Crew uses data to:
create, operate, verify, and secure accounts;
show events, public event pages, organizer profiles, and discovery surfaces;
support event creation, registration, attendance, communication, and notifications;
provide maps, route information, precise or approximate location features, addresses, geocoding, and timezone support;
process payments, platform fees, refunds, disputes, chargebacks, Stripe Connect onboarding, transfers, payouts, subscriptions, and future premium features;
send service messages, safety notices, payment updates, event updates, and account notices;
send marketing emails, promotional messages, push marketing, sponsored event notices, or product updates where allowed by law and your settings;
provide customer support and handle privacy requests;
handle reports, blocking, moderation, safety reviews, complaints, appeals, and policy enforcement;
prevent fraud, spam, abuse, account misuse, unsafe activity, payment circumvention, and platform manipulation;
measure performance, diagnose crashes, improve reliability, understand feature usage, and maintain security;
comply with legal, tax, accounting, payment, app-store, consumer protection, law-enforcement, and safety obligations.
For EU, EEA, and UK users, privacy law requires us to identify a lawful reason for each type of processing. This table explains our main legal bases.
| Purpose | Data usually involved | Legal basis | Notes |
|---|---|---|---|
| Create and manage your account | Account data, login identifiers, profile settings, policy records | Contract performance | Needed to provide your Crew account and core platform access. |
| Provide event discovery and event pages | Profile data, event data, public content, usage data, location or map preferences where enabled | Contract performance; legitimate interests | Needed to show events and operate discovery features. |
| Event registration and attendance | Account data, event data, registration data, messages, notifications | Contract performance | Needed so you can join, manage, cancel, or attend events. |
| Organizer event hosting | Account data, organizer profile data, event data, participant registration data, communications | Contract performance; legitimate interests | Needed to let organizers create and manage events. Organizers may also have separate responsibilities. |
| Payments, refunds, payouts, Stripe Connect, platform fees, disputes, and chargebacks | Account data, payment status, Stripe identifiers, payout status, refund records, dispute records, fraud-prevention records | Contract performance; legal obligation; legitimate interests | Needed to process paid registrations, organizer payouts, platform fees, refunds, disputes, and financial records. |
| Subscriptions and future premium features | Account data, subscription status, billing records, platform usage | Contract performance; legal obligation | Applies if Crew offers paid subscriptions or premium tools. |
| Maps, routes, addresses, and location features | Precise device location where permitted, approximate location, selected places, coordinates, route data, addresses, geocoding, timezone data | Contract performance; consent where required; legitimate interests | Device location permissions are controlled through your device and app settings. |
| Service notifications | Account data, device tokens, event data, registration data, payment status, safety or support records | Contract performance; legitimate interests; legal obligation | Includes event updates, safety notices, account notices, payment notices, and service messages. |
| Marketing emails, push marketing, promoted events, sponsored placements, or ads | Account data, marketing preferences, device tokens, usage data, event interests, promotion engagement, approximate location where allowed | Consent where required; legitimate interests where allowed | You can opt out of marketing. Service messages may still be sent when needed. |
| Support and user requests | Account data, support content, communications, attachments, diagnostic data | Contract performance; legitimate interests; legal obligation | Needed to respond to support, privacy, payment, and safety requests. |
| Reports, blocking, moderation, safety reviews, and appeals | User content, messages, reports, attachments, account context, event context, enforcement records | Legitimate interests; legal obligation; vital interests in limited urgent cases | Crew currently does not use automated image/video moderation, AI content moderation, or outsourced human moderation for user media. |
| Fraud, abuse, security, and payment integrity | Account data, device data, IP address, payment status, usage data, security signals, reports | Legitimate interests; legal obligation | Needed to protect users, organizers, payments, and the platform. |
| Analytics, diagnostics, crash reporting, and performance | Device and app data, analytics events, crash logs, performance data, approximate usage information | Legitimate interests; consent where required | Used to improve reliability and understand product performance. |
| Cookies and similar technologies | Cookies, local storage, SDK storage, consent records, device or browser information | Consent where required; legitimate interests; contract performance | Essential technologies support sign-in, security, language, and service reliability. Non-essential analytics or ads may require consent. |
| Legal, tax, accounting, compliance, and regulatory records | Account data, payment records, invoices, payout records, disputes, policy records, audit records | Legal obligation; legitimate interests | Needed to meet legal duties and defend or establish legal claims. |
We may rely on more than one legal basis depending on the specific feature, country, user role, or request.
Some parts of Crew are public or shareable. Do not post private information unless you are comfortable with the visibility of that feature.
Some Crew content may be public or shareable, including:
public event pages;
public organizer profiles;
public profile information;
public posts or moments where enabled;
event media;
usernames and avatars;
event titles, descriptions, dates, times, locations, routes, prices, capacity, rules, and public links.
Crew may show public content on Crew websites, in apps, in previews, in shared links, in notifications, and in search or discovery surfaces where the feature supports it.
Deleting, hiding, blocking, or changing visibility may not remove content already copied, cached, indexed, screenshotted, exported, or shared by other users or third-party services.
Do not publish personal information, private locations, images, videos, or messages unless you have the right to share them and are comfortable with the visibility of that feature.
Crew uses location and map data to help users find, create, route, and attend events. Precise device location is used only when you allow it.
Crew may process:
precise device location when you grant permission;
approximate location based on device, app, browser, network, or selected area;
event addresses and coordinates;
route start points, route stops, route paths, and end points;
map searches, selected places, map views, and map return state;
geocoding, reverse geocoding, and timezone data.
We use this data to show nearby events, event places, meeting points, routes, distance, maps, directions, safety context, and time zone support.
Crew may share relevant map and location data with Google Maps Platform or similar map providers to provide maps, places, routes, coordinates, addresses, geocoding, reverse geocoding, and related features.
You can manage location permissions through your device settings. Some location or map features may not work without the relevant permission.
Paid events and organizer payouts involve payment providers. Crew stores payment records and status, but not full card numbers.
Crew may use Stripe, Stripe Connect, app stores, payment networks, or other payment providers to process paid registrations, refunds, disputes, chargebacks, transfers, payouts, subscriptions, platform fees, service fees, and future premium features.
Stripe may receive information needed for payment, refund, dispute, chargeback, onboarding, identity checks, business checks, tax checks, transfer, payout, subscription, and compliance workflows.
Organizers may need to provide Stripe with identity, business, address, bank, tax, or compliance information. Sensitive onboarding information should be completed through Stripe. Crew will not ask you to send full card numbers, identity documents, verification codes, or private banking details in chat.
Crew may receive and store Stripe identifiers, Stripe Connect account status, payment status, refund status, payout status, dispute status, balance status, and related records needed to operate paid features and support users.
Crew may deduct or collect platform fees, service fees, commissions, subscription fees, promoted listing fees, advertising fees, or similar charges where disclosed in the product, purchase screen, organizer terms, or payment terms.
Crew may send marketing and show promoted content, but users should have clear controls where required.
Crew may send marketing emails, product updates, promotional messages, push marketing, event recommendations, sponsored event notices, promoted listings, or ads where allowed by law and your settings.
Crew may use account data, event interests, app usage, general location, marketing preferences, and promotion engagement to measure or personalize these communications, where allowed.
Where consent is required for marketing emails, push marketing, advertising cookies, personalized ads, retargeting, or similar technologies, Crew will ask for consent before using those technologies for that purpose.
You can opt out of marketing emails by using the unsubscribe link or contacting us. You can manage push notifications in the app or device settings.
Opting out of marketing does not stop essential service messages, such as account notices, event updates, payment notices, safety notices, policy notices, or support replies.
Crew does not sell personal information.
Crew uses trusted service providers to run the platform. We share data only where needed for the service, safety, payments, compliance, or user-requested features.
Crew may share data with:
Stripe and payment providers for payments, refunds, disputes, chargebacks, onboarding, transfers, payouts, subscriptions, platform fees, and compliance;
Google services, Firebase, cloud infrastructure, analytics, crash reporting, push notification, app integrity, and configuration providers, without listing every module in this policy;
Google Maps Platform or similar map providers for maps, places, routes, coordinates, addresses, geocoding, reverse geocoding, and timezone support;
app stores for app distribution, billing, review, platform compliance, refunds, and purchase records;
hosting, database, email, security, monitoring, customer support, and infrastructure providers;
organizers, where needed for event delivery, participant management, attendance, refunds, safety, and customer support;
professional advisers, insurers, banks, auditors, accountants, tax advisers, legal advisers, and compliance providers;
law enforcement, regulators, courts, or authorities where required by law or necessary to protect rights, safety, users, organizers, or the platform;
another company in connection with a merger, acquisition, financing, restructuring, or sale of assets, subject to appropriate safeguards.
Service providers may process data in accordance with their own terms, privacy notices, contracts, and legal obligations.
We may use technical systems to protect the platform, but we do not currently use AI or outsourced teams to moderate user images or videos.
Automated technical systems may help Crew detect fraud, spam, payment risk, suspicious sign-ins, service abuse, security incidents, crashes, and policy signals.
Crew does not currently use automated image or video moderation, AI content moderation, or outsourced human moderation teams for user media.
Reports and safety issues may be reviewed by authorized Crew personnel when needed to process a report, investigate abuse, handle payment or refund issues, enforce policy, comply with law, or keep audit records.
Where law requires human review for a significant decision, or where human review is appropriate for the situation, Crew does not rely only on automated systems for final decisions such as permanent account closure, long-term payout blocking, or final dispute handling.
Crew is a UK company and uses global service providers, so data may be processed outside your country.
Crew and its service providers may process data in the United Kingdom, the European Economic Area, the United States, and other countries.
Where required, Crew relies on appropriate safeguards such as provider contracts, standard contractual clauses, adequacy decisions, data transfer frameworks, supplementary measures, or other lawful transfer mechanisms.
Crew uses cookies and similar technologies for sign-in, security, preferences, maps, reliability, analytics, and marketing where allowed.
Crew may use cookies, local storage, session storage, device storage, SDK storage, and similar technologies in the website, dashboard, and app.
Crew uses these technologies for:
sign-in and account security;
fraud prevention and abuse detection;
language and region settings;
consent preferences;
map preferences, last map location, route state, and return viewport state;
dashboard theme and layout preferences;
service reliability and performance;
analytics, diagnostics, crash reporting, and product improvement;
marketing, promoted placements, ads, attribution, or measurement where enabled and allowed.
Blocking or deleting storage may affect sign-in, security, language preferences, maps, dashboard display, app download links, payments, or other features.
Where law requires consent for analytics, advertising, marketing, or non-essential cookies or storage, Crew will request consent before using those technologies for that purpose.
Depending on where you live, you may have rights to access, correct, delete, export, restrict, object, or withdraw consent.
Depending on where you live, you may have rights to:
access your personal data;
correct inaccurate data;
delete certain data;
export or receive a copy of certain data;
restrict certain processing;
object to certain processing;
withdraw consent where processing is based on consent;
complain to a data protection authority.
California residents may also have rights to know, delete, correct, opt out of sale or sharing, limit use of sensitive personal information, and not be discriminated against for exercising privacy rights.
Crew does not sell personal information.
To exercise privacy rights, contact privacy@crew-app.com or use in-app privacy tools where available.
We may need to verify your identity before handling a request. We may refuse or limit a request where allowed by law, for example where we need to keep records for payment integrity, legal compliance, tax, accounting, disputes, fraud prevention, safety, or security.
We use reasonable measures to protect Crew, but no online service is risk-free.
Crew uses technical, organizational, and access-control measures designed to protect personal data against unauthorized access, loss, misuse, alteration, and disclosure.
These measures may include access controls, logging, encryption in transit, provider security features, least-privilege access, review processes, and monitoring.
NO ONLINE SERVICE, APP, DATABASE, PAYMENT SYSTEM, OR TRANSMISSION METHOD IS COMPLETELY SECURE. YOU ARE RESPONSIBLE FOR KEEPING YOUR LOGIN CREDENTIALS, DEVICES, VERIFICATION CODES, AND PAYMENT ACCESS SECURE.
Contact us if you have privacy questions or want to use your privacy rights.
For privacy requests, account deletion help, or data-rights requests, contact:
For general support, contact:
You can also write to:
ALETHEIA SYSTEMS HOLDINGS LIMITED Office 15201, Initial Business Centre Unit 7 Wilson Business Park Manchester, England, M40 8WN
We do not keep personal data forever. Different records have different retention periods depending on why we need them. Crew keeps personal data only for as long as needed for the purposes described in this policy, unless a longer period is required or allowed by law. The table below sets our starting retention schedule. Some records may be kept for a shorter or longer period where required for tax, accounting, payment integrity, refunds, chargebacks, disputes, safety, fraud prevention, legal claims, backups, audits, or regulatory obligations. | Data type | Typical retention period | | --- | --- | | Account and profile data | For the life of the account. After account deletion is executed, account and profile data is deleted, deactivated, soft-deleted, or anonymized within a reasonable period where possible, except records that must be kept longer. | | Account deletion request records | Up to 3 years after completion or refusal of the request, to show how the request was handled. | | Public event pages and organizer content | Until removed, deleted, unpublished, or no longer needed. Records tied to payments, disputes, safety, or legal compliance may be kept longer. | | Event registration and attendance records | Up to 3 years after the event or account closure, or up to 6 years where linked to payment, contract, complaint, tax, accounting, or legal records. | | Payment, refund, chargeback, payout, platform fee, subscription, invoice, tax, and accounting records | Up to 6 years from the end of the relevant financial year, or longer where required by law, tax review, dispute, chargeback, fraud, audit, or legal claim. | | Stripe Connect status and payout-related records held by Crew | As long as needed to operate payouts, resolve disputes, comply with legal or payment obligations, and keep financial records, usually up to 6 years after the relevant relationship or transaction ends. | | Payment operational records, including idempotency records and webhook logs | Usually up to 90 to 180 days, unless the record becomes part of a payment, refund, dispute, chargeback, fraud, accounting, audit, or legal record that must be kept longer. | | Support messages and general support records | Up to 3 years after the support case closes, unless a longer period is needed for safety, payment, legal, or dispute reasons. | | Reports, moderation records, safety reviews, fraud records, abuse reports, and enforcement records | Usually up to 3 years after closure. Serious safety, fraud, legal, payment, or enforcement records may be kept up to 6 years or longer if legally required. | | Chat and messaging content | For the life of the account or conversation feature, unless deleted earlier. Messages linked to reports, safety, payments, or disputes may be kept longer. | | Chat attachments and temporary media | Usually removed earlier, such as after 90 days, unless needed for reports, safety reviews, payment issues, disputes, legal compliance, or platform integrity. | | Precise device location and map logs | Used to provide the relevant feature. Recent technical logs are usually kept up to 90 days, unless linked to safety, fraud, support, event records, or legal obligations. | | Analytics, diagnostics, crash, and performance data | Usually up to 14 months in identifiable or pseudonymous form where available, with aggregated or anonymized statistics kept longer. | | Marketing preference and consent records | Until you opt out or withdraw consent, and then kept as a suppression or consent record for up to 3 years or as long as needed to respect your choice. | | Cookie and consent preferences | Usually up to 12 months, unless refreshed or changed by you. Some session technologies expire earlier. | | Backups | Usually overwritten or deleted within 90 days, unless a longer backup retention period is required for security, disaster recovery, legal hold, or system integrity. |
The retention periods above describe our external privacy commitment. Some internal technical systems use operational cleanup windows, such as 90-day or 180-day cleanup periods for certain logs, attachments, idempotency records, webhook records, or temporary operational records. These operational windows do not override longer retention where records are needed for payments, disputes, fraud prevention, safety, tax, accounting, legal compliance, audit, or platform integrity. When we no longer need identifiable data, we may delete it, anonymize it, aggregate it, or put it beyond active use.
You can request account deletion. Some records may remain where needed for payments, disputes, safety, tax, accounting, or legal obligations. You can request account deletion in the app under Settings / Account & Security / Delete Account where available. If you cannot access the app, contact privacy@crew-app.com. Crew checks whether the account can be deleted before accepting a deletion request. If deletion is allowed, Crew creates a deletion request and applies a cooling-off period. The app currently describes this as a 7-day cooling-off period. You can withdraw the deletion request during the cooling-off period. After the execution window starts, withdrawal may be refused. While a deletion request is pending, Crew may restrict new event creation, event registration, paid registration, payout-account changes, payment-method changes, payout requests, and subscription changes. Deletion may be blocked or delayed if the account still has unresolved money, event, safety, subscription, or legal obligations. Examples include available earnings, negative balances, reserved balances, pending payouts, failed payout reversals, active hosted events, unsettled paid events, active registrations, pending refunds, payment releases, disputes, uncompleted expense settlements, or active subscriptions. Deletion may involve external cleanup, including Stripe customer, subscription, or payout-account cleanup where applicable. Crew may then deactivate, soft-delete, delete, or anonymize account data. Crew may keep records that are needed for payment integrity, fraud prevention, safety, dispute handling, chargebacks, tax, accounting, security, legal compliance, audit, backup, or enforcement.
We may update these Terms when Crew, the law, payment flows, or platform requirements change.
Crew may update these Terms and related policies when features, laws, service providers, payment flows, app-store rules, safety requirements, business models, fees, subscriptions, advertising, merchant features, or compliance requirements change.
For major updates, Crew may give notice in the app, on the website, by email, through a purchase flow, or through another suitable channel.
Some updates may require you to accept the updated Terms before you create events, join paid events, use payments, receive payouts, buy subscriptions, use premium features, publish public content, or use affected features.
When Crew records policy acceptance, the record may include user ID, document key, policy version, locale, source, acceptance time, IP address, and user agent.
If these general Terms conflict with a purchase screen, event-specific rule, refund policy, subscription term, advertising term, merchant term, app-store rule, payment-provider rule, privacy notice, or legally required notice, the more specific rule applies to that subject. Legally required notices control where the law requires them to control.
We may update this policy when Crew changes, when providers change, or when legal requirements change.
Crew may update this Privacy Policy when our features, data practices, service providers, payment flows, app-store requirements, or legal obligations change.
For material updates, Crew may provide notice in the app, on the website, by email, or through another suitable channel.
Some updates may require you to accept the updated policy or review new privacy choices before using affected features.
Current legal contact routes are listed in Crew Imprint and Contact.
For privacy and data-subject requests (such as access, correction, or deletion), contact privacy@crew-app.com.
For product questions and support, contact support@crew-app.com.
