Privacy Policy

1. Who we are

CrewTek is an aviation crew-operations and fatigue-compliance application for business and charter aircraft operators ("CrewTek", "we", "us"). This policy explains what personal information we handle, why, and the choices and rights available to you. It applies to the CrewTek iPad app and the CrewTek website and web application.

We handle personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), and, where it applies, the EU/UK General Data Protection Regulation (GDPR).

2. Our role: operators are the controller, CrewTek is the processor

CrewTek is supplied to aviation operators (our customers). When an operator uses CrewTek to record information about its crew and passengers, the operator decides what is collected and why — the operator is the data controller. CrewTek processes that information on the operator's behalf and under its instructions as the data processor.

This matters for passenger information in particular: the operator is responsible for having a lawful basis and any necessary consent to record passenger identity documents, and CrewTek provides the tools (including consent capture and deletion) to support that.

3. Information we handle

Account information. Name, email address, and an account identifier for each authorised user. Accounts are created by invitation from an operator — CrewTek does not offer public self-service sign-up.

Crew information. Professional details an operator records about its crew, such as licences and ratings, currency and check dates, duty and flight records, fatigue data, exam results, and — where the crew member provides them — passport details and a scan of the identity document.

Passenger information. For flights that require a manifest or general declaration, an operator may record passenger names, gender, nationality, and passport number, expiry and nationality, and may attach a scan of the passenger's passport. Passport scans are only stored after the operator confirms, in the app, that the passenger has consented and that the operator is responsible for compliance with applicable privacy laws.

Operational information. Trip, roster, aircraft, duty, fatigue, safety and related records used to run the compliance features of the app.

Technical information. Basic information needed to operate and secure the service (for example, authentication tokens and sync state). CrewTek does not track users across other companies' apps or websites, and does not use third-party advertising.

4. Sensitive information and identity documents

Passport and identity-document data is treated with particular care:

  • Passport scans are stored only after in-app confirmation of the passenger's (or crew member's) consent.
  • Scans are held in private, access-controlled storage and are never included in the manifest/general-declaration PDFs that leave the app — only the textual details required by customs and immigration (number, nationality, expiry) appear on those documents.
  • A passenger's or crew member's passport scans can be permanently deleted on request (see Your rights), including from cloud storage, while retaining only the minimum textual detail the operator is legally required to keep.

5. Why we handle this information

We handle personal information to provide the CrewTek service: authenticating users; recording and calculating crew duty, rest and fatigue compliance; generating passenger manifests and general declarations; tracking currencies, exams and safety records; and synchronising an operator's data across that operator's devices. We handle it for these operational purposes only — not for advertising or sale.

6. Where your information is stored

CrewTek's data is hosted with Supabase in Sydney, Australia (ap-southeast-2). For Australian operators and passengers, personal information is stored in Australia and is not transferred overseas in the ordinary course of using the service. Files such as passport scans are held in a private, per-operator storage area accessible only to authenticated users of that operator.

If an operator records information about individuals located in the EU/UK, storage in Australia may constitute a transfer to a "third country" under GDPR; operators handling EU/UK personal data should contact us to put appropriate safeguards in place.

7. Service providers we use

We share personal information only with the service providers needed to run CrewTek, under agreements that require them to protect it:

  • Supabase — database, authentication and file storage (hosted in Sydney, Australia).
  • Vercel — hosting of the CrewTek website and web application.
  • Resend — transactional email (for example, account invitations and notifications).

We do not sell personal information, and we do not disclose it for advertising. We may disclose information if required by law.

8. How long we keep it

We retain personal information for as long as an operator maintains its CrewTek account and as needed to provide the service, and thereafter as required to meet the operator's legal record-keeping obligations. Passport scans can be deleted at any time on request without affecting the operator's retained regulatory records.

9. Your rights

Depending on where you are and your relationship to the operator, you may ask to access, correct, or delete personal information about you, or to have a passport scan erased. Because operators control their own data in CrewTek:

  • If you are a crew member or passenger, please direct requests to the operator you flew with, who can action them in the app. You may also contact us and we will help facilitate the request with the operator.
  • If you are an operator, you can action access, correction and deletion (including passport-scan erasure) directly in the app, and can contact us for help.

To make a request or raise a privacy concern, contact us. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

10. Security

We protect personal information with authentication, row-level access controls that separate each operator's data, private file storage for documents, and encryption in transit. No system is perfectly secure, but we take reasonable steps appropriate to the sensitivity of the information — particularly identity documents.

11. Children

CrewTek is a professional tool for aviation operators and is not directed at children. We do not knowingly collect information from children, other than passenger details an operator may record for a flight, which are handled under the operator's responsibility.

12. Changes to this policy

We may update this policy from time to time. We will post the updated version at crewtekefb.com/privacy and change the date below. Material changes will be communicated to operators.

13. Contact

CrewTek — for any privacy enquiry, please get in touch through our contact page.

Last updated: 3 July 2026

← Back to CrewTek