Privacy Policy
Last updated: January 4, 2026
We collect information you provide directly to us, including:
- Account Information: Email address, name, organization details
- Usage Data: Agent configurations, experiment results, session logs
- Technical Data: IP addresses, browser type, device information
- Project Data: Git repository information, project metadata
When you use the crewkit CLI, we collect additional data to provide analytics and improve the service:
- Session Telemetry: Token counts (input/output), estimated costs, session duration, agent used, and outcome status
- Session Files: JSONL session files may be uploaded to provide session history and analytics features
- Error Reports: Crash reports and error details are sent to our error tracking service (Sentry) to help us fix bugs
- Git Metadata: Repository remote URL and branch information for project detection (not repository contents)
LLM Gateway (Optional): If enabled by your organization, the LLM Gateway feature routes AI requests through our servers. When active, prompts and responses are logged for cost tracking and analytics. This feature is opt-in and disabled by default.
We use collected information to:
- Provide, maintain, and improve crewkit services
- Process transactions and send related information
- Send technical notices, updates, and support messages
- Monitor and analyze usage patterns and trends
- Calculate and display cost analytics and session metrics
- Detect, prevent, and address technical issues and security threats
We use the following third-party services to process your data:
| Provider | Purpose | Location |
|---|---|---|
| Sentry | Error tracking and monitoring | USA |
| Amazon Web Services (S3) | Session file storage | USA |
| DigitalOcean | Application hosting and database | USA |
| ipapi.co | IP geolocation for analytics | EU |
For enterprise customers requiring a Data Processing Agreement (DPA), contact us at privacy@crewkit.io.
We do not sell your personal information. We may share information:
- With your consent: When you explicitly authorize sharing
- Within your organization: With team members in your organization
- Service providers: Third parties listed in our subprocessor list who perform services on our behalf
- Legal requirements: When required by law or to protect rights
We implement appropriate technical and organizational measures to protect your information:
- Encryption in transit (TLS) and at rest
- Regular security audits and vulnerability assessments
- Access controls and authentication requirements
- Secure data centers and infrastructure
However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
You have control over what data is collected by crewkit:
- Privacy Mode: Enable privacy mode in your organization settings to prevent logging of prompts and responses. Metrics like token counts, costs, and session duration are still collected to power analytics features.
- Session Uploads: JSONL session file uploads can be disabled in your organization settings. This will prevent session replay and detailed session history features.
- LLM Gateway: This feature is opt-in and must be explicitly enabled by your organization admin. When disabled, no prompts or responses are routed through crewkit servers.
Note: These settings only affect data collected by crewkit. Claude Code has its own telemetry which is governed by Anthropic's privacy policy.
We use cookies and similar technologies to:
- Maintain your session and authentication state
- Remember your preferences and settings
- Analyze site traffic and usage patterns
- Improve user experience and site functionality
You can control cookies through your browser settings. Disabling cookies may limit functionality.
We retain your information for as long as your account is active or as needed to provide services:
- Session data: Retained for 90 days by default, configurable per organization
- Error reports: Retained for 90 days
- Account data: Retained until account deletion
You may request deletion of your data by contacting us. Some information may be retained for legal or business purposes after deletion requests.
You have the right to:
- Access and review your personal information
- Correct inaccurate or incomplete data
- Request deletion of your data
- Object to processing of your information
- Export your data in a portable format
- Opt out of telemetry collection (see Privacy Controls)
For GDPR requests: Contact privacy@crewkit.io with your request. We will respond within 30 days.
We may update this privacy policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated "Last updated" date. Continued use after changes constitutes acceptance of the updated policy.
If you have questions about this privacy policy or our data practices, contact us at:
Email: privacy@crewkit.io
Data Protection: For DPA requests or GDPR inquiries, contact privacy@crewkit.io