Security & trust

Crewsie, LLC builds Crewsie for teams that depend on customer and job data. This page summarizes how we think about security at an early-stage SaaS level. It is not a certification or audit report.

What we focus on

• Tenant isolation: The product is designed so organization data is scoped to the correct account in application logic. We also use defense-in-depth techniques such as database policies where applicable.
• Authentication: Industry-standard login through our authentication provider; protected app routes validate identity server-side.
• Transport security: The production site is served over HTTPS, with standard browser security headers configured for our deployment.
• Webhook integrity: Inbound SMS webhooks from our carrier partner are designed to verify request authenticity in production when signing is available.
• Rate limiting: Selected sensitive endpoints are rate limited to reduce abuse.
• Monitoring: We use error reporting to detect and fix operational issues.

What we do not claim

We do not claim SOC 2, ISO 27001, HIPAA, or other formal certifications unless we have completed them and published accurate, lawyer-reviewed statements. “Reasonable measures” does not mean “zero risk.”

Your responsibilities

You should use strong passwords, protect devices that access Crewsie, limit admin access, and follow your own policies for customer communications (including SMS consent where required).

Report a security issue

Email support@crewsie.com with enough detail to reproduce the issue. Do not access or modify data that does not belong to you. For general support, contact support@crewsie.com.