Subprocessors
A subprocessor is a third-party vendor that may process customer data on RunMyCrew’s behalf. We use the minimum viable set. Each has a Data Processing Agreement in place.
| Vendor | Service | Data processed | Region | DPA |
|---|---|---|---|---|
| DigitalOcean | VPS hosting + block storage | All product data (in-memory + at-rest disk). | EU (Frankfurt) | link |
| Cloudflare | DNS + TLS edge + bot mitigation | IP address, request metadata. No request body inspection. | Global edge | link |
| GitHub | Source code repository + container registry (GHCR) | Source code + built container images. No customer data. | US | link |
| Stripe | Payment processing | Email, name, card details (held by Stripe — never on our servers). | US / EU | link |
| Google (LLC) | Optional: Google Sign-In OIDC, Gemini LLM (Crew AI), connected-account APIs | OpenID profile fields; LLM prompts only when Crew AI uses Gemini; user data only via connectors you authorized. | US / EU | link |
| Anthropic | Optional: Claude LLM (Crew AI) | LLM prompts only when Crew AI uses Claude. Anthropic does not train on API inputs by default. | US | link |
| OpenAI | Optional: GPT LLM (Crew AI) | LLM prompts only when Crew AI uses GPT. API inputs are not used for training. | US | link |
| Meta Platforms | Optional: Meta API (Facebook / Instagram / WhatsApp / Ads) | Only data your workflows explicitly read or write. | US / EU | link |
| Sentry / GlitchTip (optional) | Error tracking | Stack traces, request paths, sanitized error context. No request bodies. | EU (self-hosted on same VPS when GLITCHTIP_DSN unset) | link |
When we add or change a subprocessor we publish the change here at least 30 days in advance. Object via privacy@runmycrew.com.
Data retention schedule
| Data class | Retention | After retention |
|---|---|---|
| Account profile | While account is active | Deleted within 30 days of account deletion |
| Workflow definitions, knowledge bases | While account is active | Deleted on user action / account deletion |
| Run history (free) | 7 days | Hard-deleted |
| Run history (pro) | 30 days | Hard-deleted |
| Run history (enterprise) | Configurable, up to 1 year | Hard-deleted |
| OAuth tokens, API keys | Until disconnected by user | Encryption key destroyed |
| Operational logs (IP, UA, request path) | 30 days | Rolled off automatically |
| Encrypted database backups | 14 days rolling | Overwritten |
| Invoices (tax compliance) | Up to 10 years per jurisdiction | Retained for legal obligation only |
| Support correspondence | 24 months | Deleted |
Where data is processed
The primary production region is the European Union (Frankfurt). LLM API calls reach the provider’s nearest region (typically US). Meta and Google API calls follow the connected account’s home region.
Disclosed incidents
None to date. Any future incident that meaningfully affects customer data will be disclosed here and notified to affected users by email within 72 hours of discovery, as required by GDPR Art. 33.
Government & law-enforcement requests
None to date. If we receive a request that requires us to hand over customer data, we will notify the affected customer immediately unless legally prohibited.
Contact
Privacy / DPA / subprocessor questions: privacy@runmycrew.com