Back to Home

Privacy Policy

Last updated: 6 January 2026

1. Introduction

Hampton.io Ltd ("we", "our", or "us") operates the Crew Compliance platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. We are committed to protecting your privacy and ensuring GDPR compliance.

Data Controller: Hampton.io Ltd
Contact: privacy@crewcompliance.app

2. Information We Collect

We collect information you provide directly to us, including:

  • Account information: Name, email address, password (encrypted)
  • Professional credentials: Certificates, qualifications, training records, and identity documents
  • Document metadata: Expiry dates, reference numbers, issuing authorities
  • Device information: Passkey/biometric authentication device identifiers
  • Usage data: Login timestamps, credential access logs, project participation

3. AI-Powered Document Verification

We use artificial intelligence to verify the authenticity of uploaded credentials. By creating an account, you consent to this processing. Here's how it works:

  • Uploaded documents are analysed by AI to extract information (names, dates, document numbers)
  • AI assesses document quality and authenticity indicators
  • Results are used to auto-verify or flag documents for manual review
  • You can request human review of any AI decision

4. Third-Party Data Processors

We share your data with the following processors to deliver our services:

OpenAI (AI Document Analysis)

  • Purpose: Credential document verification and data extraction
  • Data shared: Uploaded credential images/documents
  • Location: United States
  • Safeguards: Standard Contractual Clauses (SCCs), zero data retention policy
  • Privacy Policy: openai.com/privacy

Supabase (Infrastructure & Authentication)

  • Purpose: Database hosting, file storage, user authentication
  • Data shared: All account data, credentials, and uploaded files
  • Location: EU (Ireland)
  • Safeguards: GDPR-compliant EU data centre, encryption at rest
  • Privacy Policy: supabase.com/privacy

MailerSend (Email Communications)

  • Purpose: Transactional emails (password resets, notifications)
  • Data shared: Email address, name
  • Location: EU
  • Safeguards: GDPR-compliant
  • Privacy Policy: mailersend.com/legal/privacy-policy

5. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), specifically the United States for AI processing. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data processing agreements with all third-party processors
  • Technical measures including encryption in transit and at rest

6. Data Retention

We retain your data according to the following schedule:

  • Account data: Until you delete your account
  • Credentials: Until you delete them or your account
  • Expired credentials: Archived after 90 days past expiry
  • Audit logs: Anonymised after 2 years, then retained for compliance
  • AI processing: Not retained by OpenAI (zero retention policy)

7. Your Rights

Under GDPR, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Delete your account and all associated data
  • Portability: Export your data in a machine-readable format
  • Objection: Object to certain processing activities
  • Restriction: Limit how we use your data

To exercise these rights, visit your account settings or contact us. For more details, see our GDPR Rights page.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal information:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Passwordless authentication via WebAuthn/passkeys
  • Role-based access controls
  • Comprehensive audit logging
  • Regular security assessments

9. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: privacy@crewcompliance.app

Data Protection Officer: dpo@hampton.io

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.