Last updated: July 16, 2026
From business owners (providers): name, business details, email, password (stored as a salted hash), rate card, working hours, settings, and — if you connect SMS — your Twilio credentials (auth token encrypted at rest).
From your customers: the messages they send through your page's chat, email, or SMS, plus any contact details they share (name, email, phone). This data belongs to the conversation between them and your business; Krewly processes it to provide the Service.
Customer messages, your rate card, and your calendar availability are sent to Anthropic's Claude API to draft replies. We record token usage for cost accounting. We don't use your data to train models.
We share data only with the vendors that run the Service: Anthropic (AI drafting), Stripe (billing and your customer payments), our email delivery provider, our hosting and database providers, and — if you opt in — Twilio via your own credentials.
The Service's operator can view account data, conversations, and settings through a secured admin panel (two-factor authentication, per-action confirmation for sensitive operations, and a permanent audit log of every administrative action). This access is used for support, debugging, billing, and abuse prevention — not for any other purpose.
Data is kept while your account is active. Ask us to delete your account and we'll remove your data within 30 days, except records we must keep (e.g., billing records).
Passwords are hashed, session tokens are stored only as hashes, secrets are encrypted at rest, and all traffic runs over HTTPS. No system is perfectly secure; we'll notify affected users of any breach as required by law.
Questions or requests: email the address on our home page.