Cru Social Inc – Privacy Policy

Cru Social Inc ("Cru," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile application, and related services (collectively, the "Services").

By using the Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not use the Services.

1. Information We Collect

We collect information that you provide directly to us, information we collect automatically when you use the Services, and information from third-party sources.

A. Information You Provide Directly

• Account Information: Name, email address, username, password, profile photo and cover photo, date of birth (to verify age eligibility), phone number (optional), bio and professional headline.
• Professional and Aviation Information: Job title, employer, and employment history, Aviation certificates and ratings (e.g., Private Pilot, Commercial, ATP, CFI), Aircraft type ratings and endorsements, Medical certificate class and expiration, Educational background and training history, Professional affiliations and organizations.
• Logbook Data: Flight times (total time, PIC, SIC, cross-country, night, instrument, etc.), Aircraft make, model, and identification, Airports, routes, and flight dates, Approach types and landing counts, Endorsements and instructor signatures, Notes and remarks.
• User Content: Posts, photos, videos, and other media you share, Comments, likes, and reactions, Direct messages and communications, Connections and follows.
• Communications: Messages you send to us (support requests, feedback, reports), Responses to surveys or questionnaires, Email correspondence.
• Payment Information (if applicable): We use third-party payment processors and do not directly store credit card information. We may retain transaction history and billing information.

B. Information Collected Automatically

• Usage Data: Pages and features you access, Time spent on the Services, Posts you view and interact with, Search queries within the Services, Referral sources (how you found Cru).
• Device and Technical Information: Device type, model, and operating system, IP address and general location (city/region level), Browser type and version, Mobile carrier and network information, Unique device identifiers, Screen resolution and device settings.
• Location Information: Approximate location based on IP address, Precise location data if you grant location permissions (for features like flight tracking or airport check-ins), Location metadata in photos you upload.
• Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to remember your preferences and settings, analyze usage patterns and improve the Services, provide personalized content, and measure the effectiveness of our communications. You can control cookie preferences through your browser settings, though some features may not function properly if cookies are disabled.

C. Information from Third-Party Sources

• Social Media Integration: If you choose to link your account with social media platforms, we may receive profile information you've made publicly available.
• Third-Party Authentication: If you sign up or log in using third-party services (e.g., Apple Sign-In, Google), we receive basic profile information from those services.
• Publicly Available Information: We may supplement your profile with publicly available aviation data (e.g., FAA Airman Registry) to help verify credentials or improve user experience.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To Provide and Improve the Services: Create and manage your account, process your requests and transactions, personalize your experience and content feed, enable social features like following, messaging, and commenting, maintain and improve logbook functionality, develop new features and services, conduct research and analytics to improve user experience.
• To Communicate with You: Send you service-related notifications and updates, respond to your inquiries and support requests, send push notifications (if you've opted in), notify you about new features or changes to our Services, send promotional communications (with your consent, where required).
• To Ensure Safety and Security: Verify your identity and prevent fraud, detect and prevent abuse, spam, or violations of our Terms of Service and Community Guidelines, protect the rights, property, and safety of Cru, our users, and the public, enforce our legal rights and comply with our legal obligations, monitor and analyze security threats.
• To Comply with Legal Obligations: Respond to legal requests (subpoenas, court orders, government requests), comply with applicable laws and regulations, protect against legal liability, exercise or defend legal claims.
• For Business Operations: Process business transactions (mergers, acquisitions, asset sales), conduct internal audits and quality assurance, maintain business records and analytics.

3. How We Share Your Information

We do not sell your personal information to third parties. We may share your information in the following circumstances:

With Other Users (Based on Your Privacy Settings)

• Public Profile Information: Your name, username, profile photo, bio, and professional information are visible to other Cru users by default.
• Posts and Content: Content you share publicly is visible to all users and may appear in search results.
• Logbook Data: By default, your logbook is private. You may choose to share specific flights or summary statistics with other users.
• Connections and Activity: Other users can see who you follow, who follows you, and your engagement with public content.

With Service Providers and Partners

We share information with third-party service providers who perform services on our behalf, including:

• Infrastructure and Hosting: Supabase (database and backend services), Cloud storage providers for media and backups.
• Communication Services: OneSignal (push notifications), Resend (transactional emails).
• Analytics and Performance: Sentry (crash reporting and error tracking), Analytics providers to understand usage patterns.
• Security and Fraud Prevention: Security services to detect and prevent abuse.

All service providers are contractually obligated to protect your information and use it only for the purposes we specify.

For Legal and Safety Reasons

We may disclose your information if we believe it is necessary to:

• Comply with applicable laws, regulations, legal processes, or governmental requests.
• Enforce our Terms of Service, Community Guidelines, or other policies.
• Detect, prevent, or address fraud, security, or technical issues.
• Protect the rights, property, or safety of Cru, our users, or the public.
• Respond to emergencies involving potential harm to individuals.

In Connection with Business Transfers

If Cru is involved in a merger, acquisition, bankruptcy, reorganization, sale of assets, or similar business transaction, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Services of any such change in ownership or control of your personal information.

With Your Consent

We may share your information with third parties when you give us explicit consent to do so.

Aggregated and De-Identified Information

We may share aggregated or de-identified information that cannot reasonably be used to identify you, such as industry statistics about pilot demographics, aggregated flight time trends, or platform usage metrics.

4. Your Privacy Choices and Controls

You have various choices regarding how we collect and use your information:

Account Information

• Access and Update: You can access and update your account information through your profile settings.
• Profile Visibility: You can control whether your profile is public or limited to Cru users.
• Logbook Privacy: You can control who can view your logbook data.

Communications Preferences

• Email Communications: You can opt out of promotional emails by following the unsubscribe link in any marketing email.
• Push Notifications: You can disable push notifications through your device settings or in-app notification preferences.
• In-App Notifications: You can customize which activities trigger in-app notifications.

Location Data

• Precise Location: You can enable or disable location access through your device settings.
• Location in Posts: You can choose whether to include location information when creating posts.

Cookies and Tracking

• Browser Settings: You can configure your browser to reject cookies, though this may affect functionality.
• Do Not Track: We currently do not respond to Do Not Track signals, as there is no industry standard for how to respond to such signals.

Advertising (if applicable)

Currently, Cru does not display third-party advertising. If this changes, we will update this Privacy Policy and provide opt-out mechanisms.

5. Your Legal Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

General Rights

• Right to Access: Request a copy of the personal information we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete information.
• Right to Deletion: Request deletion of your personal information (subject to certain exceptions).
• Right to Restrict Processing: Request that we limit how we use your information.
• Right to Object: Object to our processing of your information for certain purposes.
• Right to Data Portability: Request a copy of your information in a structured, machine-readable format.
• Right to Withdraw Consent: If we process your information based on consent, you can withdraw that consent at any time.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to Know: You can request information about the categories and specific pieces of personal information we've collected, the sources of that information, our purposes for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale: We do not sell personal information. If this changes, we will provide an opt-out mechanism.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
• Right to Correct: You can request correction of inaccurate personal information.
• Right to Limit Use of Sensitive Personal Information: You can limit our use of sensitive personal information.

We will respond to verifiable requests within 45 days. To make a request, contact us at privacy@crus.co.

European Privacy Rights (GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation:

• Legal Basis for Processing: We process your information based on: Contract performance (to provide the Services you've requested), Legitimate interests (to improve and secure our Services), Consent (where we've asked for and received your consent), Legal obligations (to comply with applicable laws).
• Data Protection Officer: For GDPR-related inquiries, contact privacy@crus.co.
• Supervisory Authority: You have the right to lodge a complaint with your local data protection authority.
• International Transfers: We transfer data from the EEA to the United States using appropriate safeguards.

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

We may need to verify your identity before processing your request. We will respond to verifiable requests within the time period required by applicable law.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Specific Retention Periods:

• Account Data: Retained while your account is active and for a reasonable period after account closure for backup, archival, fraud prevention, and legal compliance purposes.
• Logbook Data: Retained while your account is active and for up to 7 years after account deletion to comply with aviation recordkeeping best practices (though you can request earlier deletion).
• Communications: Support tickets and communications retained for up to 3 years.
• Usage Data: Aggregated usage data may be retained indefinitely in de-identified form.
• Legal Compliance Data: Information required for legal or regulatory compliance may be retained for the period required by applicable law.

Account Deletion:

When you delete your account:

• Your profile and public content will be removed from the Services.
• Your logbook data will be permanently deleted after the retention period (unless you request immediate deletion).
• Some information may be retained in backups for up to 90 days.
• Certain information may be retained as required by law or for legitimate business purposes (e.g., fraud prevention).
• Information you've shared with others (like messages or comments) may remain visible to those users.

7. Data Security

We implement reasonable technical, administrative, and physical security measures designed to protect your information from unauthorized access, disclosure, alteration, and destruction.

Security Measures Include:

• Encryption of data in transit (TLS/SSL) and at rest
• Regular security assessments and penetration testing
• Access controls and authentication requirements
• Employee training on data protection and security
• Monitoring and logging of system access
• Regular backups and disaster recovery procedures
• Third-party security audits of critical service providers

Limitations:

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

Your Responsibilities:

• Use a strong, unique password for your Cru account
• Do not share your password with others
• Log out when using shared devices
• Enable two-factor authentication if available
• Report any suspected unauthorized access to your account immediately

8. Children's Privacy

Our Services are not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13.

If you are under 13, please do not use the Services or provide any information to us. If you are between 13 and 18, you may only use the Services with the consent and supervision of a parent or legal guardian.

If we learn that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information as quickly as possible.

If you believe we have collected information from a child under 13, please contact us immediately at privacy@crus.co.

9. Third-Party Links and Services

The Services may contain links to third-party websites, applications, or services that are not owned or controlled by Cru. This Privacy Policy does not apply to those third-party services.

Third-Party Services We Integrate With:

• Social media platforms (if you choose to share content)
• Authentication providers (Apple, Google)
• Payment processors (if applicable)
• External websites linked in user-generated content

We are not responsible for the privacy practices of third-party services. We encourage you to review the privacy policies of any third-party services before providing them with your information.

10. International Data Transfers

Cru is based in the United States, and our Services are operated from the United States. If you access the Services from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

For EEA/UK/Swiss Users:

We rely on appropriate safeguards for international data transfers, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions where applicable
• Your explicit consent where required

By using the Services, you consent to the transfer of your information to the United States and other countries where we or our service providers operate.

11. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify affected users without undue delay, and in accordance with applicable law
• Provide information about the nature of the breach, the data involved, and steps we're taking to address it
• Recommend actions you can take to protect yourself
• Notify applicable regulatory authorities as required by law

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, Services, legal requirements, or for other operational reasons.

How We Notify You:

• We will post the updated Privacy Policy on this page with a new "Effective Date"
• For material changes, we will provide additional notice by: Sending an email to the address associated with your account, Displaying a prominent notice within the Services, or Requesting your acceptance of the updated policy.

Your Continued Use:

Your continued use of the Services after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. If you do not agree to the updated Privacy Policy, you must stop using the Services and may delete your account.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Protection Requests:

To exercise your privacy rights (access, deletion, correction, etc.), please submit a request to support@crus.co with "Privacy Request" in the subject line. Include your full name, email address, and a description of your request.