The Cleanup Crew

Privacy and Data Policy

Last updated: January 2025

This Privacy Policy explains how NST Media (FZC), operating Cleanup Crew, collects, uses, and protects your personal information. We're committed to transparency about our data practices and your privacy rights under GDPR, CCPA, and UAE data protection laws.

Personal Data We Collect

Account Information:

  • Email address, name, and Discord user ID when you sign up
  • Payment information processed securely by Stripe (we never store card details)
  • Subscription tier, billing history, and session usage counts

Technical Support Data:

  • Code files, error messages, and workspace context shared through MCP integration
  • Discord messages and conversation history in your support channel
  • System information (OS, development environment, timestamps)

Automatically Collected Data:

  • IP addresses, browser type, and device information
  • Service usage patterns and session analytics
  • Error logs and performance metrics

What we DON'T collect:

  • Sensitive files are automatically excluded (.env, .git, keys, credentials)
  • We don't access your full development environment, only shared context
  • No persistent monitoring of your coding activity outside help sessions

Cookies & Tracking

We use cookies and similar technologies to provide and improve our service:

CategoryPurposeOpt-out
Strictly NecessaryAuthentication, security, service functionalityCannot be disabled
AnalyticsUsage statistics, performance monitoring via Vercel AnalyticsUse cookie banner controls
FunctionalTheme preferences, dashboard settingsUse cookie banner controls

Cookie Consent: You can manage preferences through our cookie banner or contact us to opt-out of non-essential tracking.

Lawful Bases (GDPR Art. 6)

We process your personal data based on:

Contract Performance (Art. 6(1)(b)):

  • Providing technical support and help sessions
  • Processing payments and managing subscriptions
  • Discord integration and communication

Legitimate Interests (Art. 6(1)(f)):

  • Fraud prevention and security (including Stripe's fraud detection)
  • Service improvement and analytics
  • Communication about service updates and account status

Consent (Art. 6(1)(a)):

  • Marketing communications (you can withdraw anytime)
  • Non-essential cookies and analytics

How We Use Data

Primary Service Delivery:

  • Connecting you with expert developers via Discord
  • Analyzing code context to provide relevant technical assistance
  • Tracking session usage against your subscription limits

Account Management:

  • Processing payments and subscription changes
  • Sending billing notifications and renewal reminders
  • Managing trial periods and service access

Service Improvement:

  • Analyzing common technical issues to improve our knowledge base
  • Monitoring response times and SLA performance
  • Identifying areas where AI tools commonly struggle

Legal Compliance:

  • Maintaining records for accounting and tax purposes
  • Responding to legal requests and preventing fraud
  • Enforcing our Terms of Service

Sharing & Sub-Processors

We share data only as necessary to provide our service:

Sub-Processors:

  • Stripe: Payment processing and subscription management
  • Supabase: Database hosting and user authentication
  • Discord: Communication platform and user identity verification
  • Vercel: Application hosting and analytics
  • OpenAI: GPT assistance for support quality (anonymized contexts only)

Legal Disclosures: We may disclose data to comply with legal obligations, court orders, or to protect our rights and safety.

We only share your data with trusted services that help us deliver Cleanup Crew. We never sell your information or share it for marketing purposes.

International Transfers & SCCs

Your data may be transferred outside the UAE to our sub-processors in the US and EU. These transfers are protected by:

Standard Contractual Clauses (SCCs): EU-approved legal frameworks ensuring GDPR-level protection for data transferred to third countries.

Adequacy Decisions: Where available, we rely on European Commission adequacy decisions for certain jurisdictions.

Processor Agreements: All sub-processors sign data processing agreements requiring GDPR-compliant handling of your data.

Data Retention & Deletion

Help Session Data: Deleted automatically 90 days after session closure, unless you request earlier deletion.

Account Data: Retained while your account is active and for 12 months after cancellation for billing and legal purposes.

Payment Records: Kept for 7 years as required by UAE accounting laws.

Communication Records: Discord messages in your support channel are deleted with session data (90 days).

Early Deletion: You can request immediate deletion of your help session data by contacting support@cleanupcrew.ai.

Security Measures

Technical Safeguards:

  • TLS encryption for all data transmission
  • Database encryption at rest
  • Multi-factor authentication for admin access
  • Regular security audits and vulnerability assessments

Operational Security:

  • Employee privacy training and confidentiality agreements
  • Limited access to personal data on need-to-know basis
  • Incident response procedures for data breaches

Payment Security: All payment processing uses Stripe's PCI-DSS compliant infrastructure. We never handle or store payment card details.

Your Rights

Under GDPR, CCPA, and UAE PDPL, you have the right to:

Access: Request a copy of all personal data we hold about you
Rectification: Correct inaccurate or incomplete information
Erasure: Request deletion of your data (subject to legal retention requirements)
Portability: Receive your data in a machine-readable format
Restrict Processing: Limit how we use your data in certain circumstances
Object: Opt-out of processing based on legitimate interests
Withdraw Consent: Cancel consent for marketing and non-essential cookies

How to Exercise Your Rights:

  1. Email support@cleanupcrew.ai with "Privacy Request" in the subject
  2. Include your account email and specify which right you want to exercise
  3. We'll respond within 30 days (GDPR) or 45 days (CCPA)

You control your data. Ask us what we have, correct mistakes, or delete everything (except what we legally must keep for taxes and accounting).

Data Processing Addendum (DPA)

Enterprise customers requiring additional data protection commitments can request our Data Processing Addendum by emailing support@cleanupcrew.ai with "DPA Request."

DPA includes:

  • Detailed processing activities and categories
  • Sub-processor list with change notification procedures
  • Additional security and breach notification commitments
  • Standard Contractual Clauses for international transfers

Countersigning Process: We'll send a DPA draft within 7 business days. Once both parties sign, it becomes part of your service agreement.

Contact Information

Data Protection Inquiries:
NST Media (FZC)
Email: support@cleanupcrew.ai
Phone: +971 56 575 6806

Mailing Address:
SRTIP, University City, Block B
B21-009, Sharjah, AE

Response Times: We aim to respond to privacy requests within 72 hours and complete them within legal timeframes.