Privacy Policy

Last updated: February 27, 2026

1. Introduction

Crewnaut Tecnologia Ltda. ("Crewnaut", "we") values the privacy of its users. This Privacy Policy describes how we collect, use, store, and protect your personal data, in compliance with the General Data Protection Law (Law No. 13,709/2018 — LGPD).

2. Data We Collect

Data provided by you: name, email, password (stored with cryptographic hash), payment information (processed by Stripe — we do not store card data).

Usage data: access logs, IP address, browser type, pages visited, dashboard interactions.

Your customers' data (via agents): WhatsApp messages processed by your AI agents. These messages are temporarily stored (30 minutes) in Redis to maintain conversation context and are automatically deleted after the period.

3. How We Use Your Data

  • Service provision: create and manage your account, process payments, operate AI agents;
  • Service improvement: analyze usage patterns to enhance features;
  • Communication: send notifications about your account, terms changes, or service updates;
  • Security: detect and prevent fraud, unauthorized access, and abuse.

4. Data Sharing

We do not sell your personal data. We may share it with:

  • Infrastructure providers: Hetzner (hosting), Cloudflare (CDN and security);
  • Payment processor: Stripe;
  • AI providers: OpenRouter (language model intermediary) — messages are sent to generate agent responses;
  • Legal authorities: when required by law or court order.

5. Storage and Security

Your data is stored on secure servers in Germany (Hetzner). We use encryption in transit (TLS/SSL via Cloudflare), passwords are stored with bcrypt hash, and server access is restricted to SSH keys. We perform daily automated database backups.

6. Data Retention

We keep your personal data as long as your account is active. Agent conversation data is stored for 30 minutes for context and then automatically deleted. After account closure, your data will be removed within 30 days, except when legal retention obligations apply.

7. Your Rights (LGPD)

Under the LGPD, you have the right to:

  • Confirm the existence of data processing;
  • Access your personal data;
  • Correct incomplete, inaccurate, or outdated data;
  • Request anonymization, blocking, or deletion of unnecessary data;
  • Request data portability;
  • Revoke your consent at any time;
  • Request deletion of data processed based on consent.

To exercise any of these rights, contact us at [email protected].

8. Minors

The Service is not intended for individuals under 18 years of age. We do not intentionally collect data from minors. If we identify that we have collected data from a minor, we will take steps to delete it.

9. Changes to This Policy

This Policy may be updated periodically. Significant changes will be communicated by email or notification in the Service. We recommend revisiting this page regularly.

10. Contact

If you have questions about this Privacy Policy or the processing of your data, please contact:

Email: [email protected]