CrewLAB is committed to protecting the privacy and security of user data.

Built on World-Class and Secure Infrastructure

Our infrastructure is fully hosted on Google Cloud Platform (GCP), which is one of the leading providers for secure and compliant cloud services. Here’s an overview of where and how data is stored:

• Application & APIs: CrewLAB’s backend services run on Google Cloud Functions and managed APIs. These are deployed within GCP’s secure environment, which automatically handles scaling, patching, and availability.
• Databases: We use Cloud SQL for MySQL. All databases are hosted in GCP data centers, encrypted at rest and in transit, and backed up according to Google’s managed service standards. Access is strictly controlled with role-based permissions.
• Authentication & Storage: Authentication is powered by Firebase Authentication, which manages secure sign-in and identity verification. Files such as media uploads are stored in Firebase Storage (backed by Google Cloud Storage), which is encrypted at rest and redundantly stored across multiple locations for durability.
• Data Protection:
  • All data is encrypted both in transit (TLS/SSL) and at rest (AES-256 by default).
  • Access to production systems follows the principle of least privilege.
  • GCP’s infrastructure provides built-in redundancy, backups, and disaster recovery.

Compliance & Best Practices

• CrewLAB leverages GCP’s compliance framework. Google Cloud is certified for SOC 1/2/3, ISO 27001, ISO 27017, ISO 27018, and GDPR, among others.
• While CrewLAB itself has not yet undergone its own SOC 2 audit, we inherit the security controls, certifications, and compliance standards of Google Cloud.
• Our practices align with industry standards for data security, privacy, and resilience, ensuring that your data is managed in line with widely accepted best practices.

In short, CrewLAB does not host or manage its own servers—everything is built on GCP’s infrastructure, which is widely recognized for its security, compliance, and reliability.

Internal Security Controls

Strict Access Control

• All access to data is authenticated through Google Firebase Authentication
• All users are assigned unique identifiers
• Passwords are obscured and encrypted. We can’t view passwords of users even if we wanted to.
• Access to data is strictly restricted to the appropriate users and teams. No data is shared between different teams on the platform