Crewshift Landing Page Privacy Policy
Last updated: 8 May 2026 Version: 2.11. Scope
This policy applies only to the Crewshift landing page available at `https://crewshift-app.com` and the Polish Zmianowo version available at `https://zmianowo-app.pl`.
It does not describe processing in the future production application. The application, user accounts, B2B agreements, payments, employee data, training data and customer application data will require separate documentation, including application terms, a data processing agreement or DPA where applicable.
2. Data controller
The controller of personal data is:
Brillnet - Piotr Adamskiul. Sienkiewicza 73/6
90-057 Lodz, Poland
Tax ID (NIP): 732-177-90-60
REGON: 101551294
Privacy contact: `hello@crewshift-app.com`
The controller does not list a separate Data Protection Officer for this landing page. If such contact is formally appointed, this document will be updated.
3. Data we process
Depending on how the page is used, we may process:
- technical request data, including IP address, source domain, HTTP headers, browser, device and event time,
- data submitted in the contact or demo form: full name, e-mail address, optional company name, subject and message,
- readiness assessment data: e-mail address, score, readiness tier, page language and source domain,
- form security data, including Cloudflare Turnstile token, IP address and anti-bot verification result,
- cookie and similar technology preferences stored in the browser,
- analytics data from Google Analytics 4 and Vercel Web Analytics, only after analytics consent,
- Crisp chat data, only after functional consent and only if the chat widget is enabled.
The page does not create user accounts, does not provide login, does not accept payments and does not store scheduling, HR or training records.
4. Purposes and legal bases
| Purpose | Data categories | Legal basis |
|---|---|---|
| Displaying and technically operating the page | technical request data, logs, source domain | Art. 6(1)(f) GDPR - legitimate interest |
| Security, spam prevention and abuse prevention | IP, headers, Turnstile token, verification result, rate limiting | Art. 6(1)(f) GDPR |
| Handling a contact or demo request | full name, e-mail, company, subject, message | Art. 6(1)(b) GDPR, including pre-contractual steps requested by the person |
| Handling the readiness assessment and follow-up | e-mail, score, readiness tier, language, source domain | Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR, depending on the request |
| Website analytics | GA4 identifiers, Vercel Web Analytics events, page events, device data | Art. 6(1)(a) GDPR - consent |
| Optional chat | chat session data, conversation content, device metadata | Art. 6(1)(a) GDPR to load the widget, then Art. 6(1)(b) or 6(1)(f) GDPR to handle the conversation |
| Establishing or defending claims | correspondence, logs, security metadata | Art. 6(1)(f) GDPR |
5. Forms
The contact form and readiness assessment are voluntary. Providing an e-mail address is necessary to respond to a request or continue the conversation after the assessment.
Forms are protected by:
- request rate limiting,
- a hidden honeypot field,
- Cloudflare Turnstile, if service keys are configured for the environment.
Form messages are delivered by e-mail through Brevo to the Brillnet contact mailbox.
6. Cookies, localStorage and similar technologies
Detailed information about browser storage technologies is available in the Cookie Policy.
Cookie settings are stored locally in the browser under the `cookie-consent` key. The record includes selected categories and the date of the choice. The page reads this record to avoid asking again on every visit and to load or block optional scripts.
The e-mail address provided in the readiness assessment may be stored locally under the `quiz_email` key to make the contact form easier to complete. This record stays in the user's browser and can be removed in browser settings.
7. Recipients and processors
For this landing page, we use only providers needed for hosting, security, e-mail delivery, optional analytics and optional chat.
| Provider | Role on the landing page | Data scope |
|---|---|---|
| Vercel Inc. | hosting, serverless functions, technical logs and Vercel Web Analytics only with analytics consent | request data, IP, headers, error and availability logs; analytics events and device data after analytics consent |
| Upstash Inc. | Redis for request rate limiting | technical rate-limit data, especially a key based on IP |
| Cloudflare Inc. | Turnstile, form anti-bot protection | verification token, IP, browser and device signals |
| Brevo / Sendinblue SAS | e-mail delivery for forms | contact details, message content, assessment result, message metadata |
| Google Ireland Ltd. / Google LLC | Google Analytics 4, only with analytics consent | cookie identifiers, page events, device data |
| Crisp IM SAS | chat widget, only with functional consent | chat session data, conversation content, IP and device metadata |
For this page we do not use payment processors, application login, the production application database or employee scheduling tools.
8. Transfers outside the EEA
Some providers may process data outside the European Economic Area or use subprocessors outside the EEA. In such cases, providers declare that they use appropriate transfer mechanisms, such as Standard Contractual Clauses, the Data Privacy Framework or other safeguards under the GDPR.
Transfers related to Google Analytics, Vercel Web Analytics or Crisp may occur only if the user consents to the relevant optional category and the service is configured on the page.
9. Retention periods
| Data category | Retention |
|---|---|
| Contact and demo requests | for the time needed to handle the request, then up to 3 years for contact history and claims |
| Readiness assessment data submitted by form | for the time needed to handle the follow-up, no longer than 3 years unless a further relationship justifies longer retention |
| Technical and security logs | according to hosting and provider configuration, usually for a limited technical period |
| Rate limiting data | for the rate-limit window and technical provider retention |
| Browser cookie preferences | up to 180 days or until removed by the user |
| Google Analytics and Vercel Web Analytics data | according to provider settings and user consent |
| Crisp chat data | according to Crisp settings and conversation history |
10. Data subject rights
You have the right to:
- access your data,
- rectify your data,
- erase your data,
- restrict processing,
- data portability where applicable,
- object to processing based on legitimate interest,
- withdraw consent at any time, without affecting processing before withdrawal,
- lodge a complaint with a competent supervisory authority.
Requests can be sent to: `hello@crewshift-app.com`.
11. Automated decisions
The landing page does not make automated decisions about users that produce legal effects or similarly significant effects.
The readiness assessment is informational and marketing-oriented. Its result is not legal, HR or audit advice.
12. Changes
This policy may be updated if the page scope, provider list, form operation, law or cookie configuration changes.
The current version is available at: `https://crewshift-app.com/en/privacy-policy`.
13. Contact
Brillnet - Piotr AdamskiE-mail: `hello@crewshift-app.com`
Address: ul. Sienkiewicza 73/6, 90-057 Lodz, Poland
Effective date: 8 May 2026