Krewly

Privacy Policy

Last updated: July 16, 2026

1. What we collect

From business owners (providers): name, business details, email, password (stored as a salted hash), rate card, working hours, settings, and — if you connect SMS — your Twilio credentials (auth token encrypted at rest).

From your customers: the messages they send through your page's chat, email, or SMS, plus any contact details they share (name, email, phone). This data belongs to the conversation between them and your business; Krewly processes it to provide the Service.

2. How AI processing works

Customer messages, your rate card, and your calendar availability are sent to Anthropic's Claude API to draft replies. We record token usage for cost accounting. We don't use your data to train models.

3. Service providers

We share data only with the vendors that run the Service: Anthropic (AI drafting), Stripe (billing and your customer payments), our email delivery provider, our hosting and database providers, and — if you opt in — Twilio via your own credentials.

4. Administrative access

The Service's operator can view account data, conversations, and settings through a secured admin panel (two-factor authentication, per-action confirmation for sensitive operations, and a permanent audit log of every administrative action). This access is used for support, debugging, billing, and abuse prevention — not for any other purpose.

5. Retention & deletion

Data is kept while your account is active. Ask us to delete your account and we'll remove your data within 30 days, except records we must keep (e.g., billing records).

6. Security

Passwords are hashed, session tokens are stored only as hashes, secrets are encrypted at rest, and all traffic runs over HTTPS. No system is perfectly secure; we'll notify affected users of any breach as required by law.

7. Contact

Questions or requests: email the address on our home page.