Workspace isolation
Each company operates in a private workspace. Application queries scope customer and workforce records to that workspace rather than sharing records across tenants.
Security and trust
This page summarizes CrewLog’s product-level security and data practices. It is not a certification, audit report, or guarantee against every possible risk.
Each company operates in a private workspace. Application queries scope customer and workforce records to that workspace rather than sharing records across tenants.
Employees use email and password by default, with optional Google Sign-In or device passkeys. Passwords are stored as salted hashes rather than plaintext.
Worker, manager, administrator, and internal support capabilities are separated. Sensitive administrative actions are recorded in workspace or platform audit history.
QuickBooks access and refresh tokens are encrypted with authenticated encryption before database storage. OAuth state and webhook signatures are validated by the integration workflow.
Customers own the records they enter. Workspace administrators can request deletion and receive an export through the documented account workflow.
CrewLog supports time-record review but does not promise that software alone establishes labor-law, payroll, tax, or regulatory compliance.
Send a clear description and reproduction details to [email protected]. Do not include customer data or exploit a suspected issue beyond what is necessary to demonstrate it.