Terms & Conditions
Our website & services terms, plus the standing terms we incorporate by reference into engagements.
This page has three parts. Part 1 governs use of our website and services. Parts 2 and 3 are standing terms that apply only when we reference them — read here in isolation they bind no one. Part 2 (Data Protection) applies where a Statement of Work or other engagement document incorporates it. Part 3 (Shared Materials) applies whenever we share materials and point to these terms — including informally by email, for pre-engagement work, outside any contract.
Part 1
Website & Services Terms
1. Introduction
These Terms and Conditions ("Terms") govern your use of the CrewCreateAI website (crewcreate.co.uk and crewcreate.ai) and any services provided by CrewCreate Ltd ("we", "our", "us", "CrewCreateAI").
By accessing our website or engaging our services, you agree to be bound by these Terms. If you do not agree, please do not use our website or services.
CrewCreate Ltd is a company registered in England and Wales (Company No. 16770038).
Signed agreements take precedence. Where you have entered into a signed agreement with us — a Statement of Work, Master Services Agreement, order form, or other signed engagement document — that agreement governs the engagement it covers and prevails over these Terms (and over the Data Protection Terms and Shared Materials & Methodology Terms set out elsewhere on this page) to the extent of any conflict. These Terms govern your use of the website, and otherwise apply only where no signed agreement covers the matter in question.
2. Website Use
Permitted Use
You may use our website for lawful purposes to:
- Learn about our services
- Read our blog and insights
- Contact us and request information
- Book consultations
Prohibited Use
You must not:
- Use the website in any way that breaches applicable laws or regulations
- Use the website to transmit harmful, offensive, or illegal content
- Attempt to gain unauthorised access to our systems
- Interfere with the proper functioning of the website
- Scrape, copy, or reproduce our content without permission
- Use automated systems to access the website without our consent
3. Our Services
CrewCreateAI provides AI consulting, data engineering, and technology advisory services. This includes:
- AI strategy and implementation consulting
- Data platform architecture and engineering
- Machine learning and analytics solutions
- Technology advisory and training
Service Agreements
The specific terms of any consulting engagement will be outlined in a separate Statement of Work (SOW) or service agreement. These Terms apply in addition to any specific service agreement.
In the event of a conflict between these Terms and a signed Statement of Work, service agreement, or other signed contract, the signed agreement shall prevail (see "Signed agreements take precedence" in section 1).
No Professional Advice
Content on our website is for general information only and does not constitute professional advice. You should seek appropriate professional advice before making business decisions based on our content.
4. Intellectual Property
Our Content
All content on this website, including but not limited to:
- Text, articles, and blog posts
- Graphics, logos, and images
- Website design and layout
- Software and code
is owned by CrewCreate Ltd or our licensors and is protected by copyright, trademark, and other intellectual property laws.
Your Use
You may view, download, and print content for personal, non-commercial use only. You must not:
- Modify or adapt our content
- Reproduce, republish, or distribute our content
- Use our content for commercial purposes
- Remove any copyright or proprietary notices
Client Work
Intellectual property rights in work we create for clients are addressed in individual service agreements.
5. User Content
If you submit content to us (such as through contact forms, emails, or feedback), you grant us a non-exclusive, royalty-free licence to use, store, and process that content for the purpose of responding to and managing your enquiry.
You warrant that any content you submit:
- Is accurate and not misleading
- Does not infringe any third party's rights
- Is not unlawful, defamatory, or offensive
6. Third-Party Links
Our website may contain links to third-party websites. These links are provided for convenience only. We do not control or endorse these websites and are not responsible for their content or privacy practices.
7. Disclaimer of Warranties
Our website and content are provided "as is" without warranties of any kind, either express or implied, including but not limited to:
- Warranties of merchantability or fitness for a particular purpose
- Warranties that the website will be uninterrupted or error-free
- Warranties regarding the accuracy or completeness of content
We do not warrant that the website will be free from viruses or other harmful components.
8. Limitation of Liability
To the fullest extent permitted by law:
- We shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from your use of the website or services
- Our total liability for any claim shall not exceed the amount you paid us for services in the 12 months preceding the claim, or £100 if you have not paid for services
- Nothing in these Terms excludes or limits our liability for death or personal injury caused by negligence, fraud, or any other liability that cannot be excluded by law
9. Indemnification
You agree to indemnify and hold harmless CrewCreateAI, its directors, employees, and agents from any claims, damages, losses, or expenses (including legal fees) arising from:
- Your use of the website
- Your breach of these Terms
- Your violation of any third party's rights
10. Privacy
Your use of our website is also governed by our Privacy Policy, which explains how we collect, use, and protect your personal information.
11. Modifications
We reserve the right to modify these Terms at any time. Changes will be effective immediately upon posting to the website. Your continued use of the website after changes constitutes acceptance of the modified Terms.
We encourage you to review these Terms periodically.
12. Termination
We may suspend or terminate your access to the website at any time, without notice, for any reason, including breach of these Terms.
13. Governing Law and Jurisdiction
These Terms are governed by the laws of England and Wales.
Any disputes arising from these Terms or your use of the website shall be subject to the exclusive jurisdiction of the courts of England and Wales.
14. Severability
If any provision of these Terms is found to be unenforceable, the remaining provisions shall continue in full force and effect.
15. Entire Agreement
These Terms, together with our Privacy Policy and any applicable service agreements, constitute the entire agreement between you and CrewCreateAI regarding use of the website.
16. Contact Us
If you have questions about these Terms and Conditions, please contact us:
Email: legal@crewcreate.ai
Contact Form: crewcreate.co.uk/contact-us
Address: CrewCreate Ltd, United Kingdom
Part 2
Data Protection Terms
Version 1.0
Introduction
These are CrewCreate's standing Data Protection Terms ("DP Terms"). They govern the parties' obligations regarding the Processing of Personal Data where a Statement of Work, Order Form, or other engagement document between Crew Create Ltd ("CrewCreate", "we", "our") and a client ("Client", "you") expressly incorporates them by reference.
These DP Terms are drafted to be incorporated, not to stand alone. If you're reviewing them outside the context of a Statement of Work that incorporates them, they don't bind anyone — they're a public reference for how we handle Personal Data when engaged.
CrewCreate is a UK Ltd (Crew Create Ltd, company no. 16770038, registered at 20 Grange Road, Winchester, Hampshire SO23 9RT). Our processing operations are based in the United Kingdom, and we work across multiple cloud platforms — Amazon Web Services, Google Cloud Platform, Microsoft Azure, and others — typically delivering inside the client's or end-client's own cloud account.
Where these terms conflict with the Statement of Work that incorporates them, the Statement of Work prevails. Where the Statement of Work is silent, these DP Terms apply. The version of these DP Terms applicable to an engagement is the version in force at the date the Statement of Work is issued; subsequent amendments published here do not change the terms of an engagement that has already been issued, unless the parties agree otherwise in writing.
1. Roles
Where CrewCreate Processes Personal Data in performing services under a Statement of Work that incorporates these DP Terms:
1.1 CrewCreate acts as a processor of the Personal Data where the Client is itself the Controller, or as a sub-processor where the Client engages CrewCreate downstream of a controller / processor relationship the Client holds with a third party (typically an end client).
1.2 In either case, CrewCreate Processes Personal Data only on the documented instructions of the Client, which (where the Client is not the Controller) reflect the lawful instructions of the Controller.
1.3 The Client warrants that it has the lawful authority and an appropriate written agreement with any upstream Controller to engage CrewCreate in the capacity described in §1.1 and to give CrewCreate the instructions set out in the Statement of Work.
2. CrewCreate's standing Sub-processors
CrewCreate uses the following standing sub-processors to perform its services. Pre-authorisation of these sub-processors is conferred by the Client when the Client signs a Statement of Work that incorporates these DP Terms.
2.1 Cloud platforms
Where the engagement is delivered into a cloud account (the Client's, an end client's, or a CrewCreate-operated test environment), CrewCreate may use the following cloud platforms as sub-processors as the engagement requires:
- Amazon Web Services (Amazon Web Services EMEA SARL / Amazon Web Services, Inc.)
- Google Cloud Platform (Google Cloud EMEA Limited / Google LLC)
- Microsoft Azure (Microsoft Ireland Operations Limited / Microsoft Corporation)
- Anthropic (Anthropic UK Ltd / Anthropic PBC) — for direct Claude API usage during delivery, where the Statement of Work permits
Where delivery takes place inside an account the Client (or end client) controls, the cloud-platform vendor is already an established sub-processor or processor by virtue of the Client's existing cloud customer agreement; CrewCreate operates within that account boundary and does not bring the cloud-platform vendor into the chain as an additional CrewCreate sub-processor.
2.2 AI / language-model providers
Where the engagement uses generative-AI capabilities, CrewCreate may invoke one or more of the following model providers, only where the Statement of Work names the provider in scope or authorises generative-AI usage generally:
- Anthropic Claude — via Anthropic's API (Anthropic PBC), or via Claude hosted in AWS Bedrock, Google Cloud Vertex AI, or Microsoft Azure AI
- OpenAI — via OpenAI's API (OpenAI, LLC), or via Microsoft Azure OpenAI Service, where the engagement requires it (typically for comparative evaluation against a Client's existing baseline)
- AWS Bedrock-hosted models (Amazon-managed and third-party foundation models hosted by AWS)
- Google Cloud Vertex AI-hosted models
- Microsoft Azure AI Service-hosted models
The specific model providers and models in scope for an engagement are confirmed in the Statement of Work.
2.3 CrewCreate operational tools
The following are operational tools CrewCreate uses to run its business. They may incidentally Process Personal Data relating to an engagement (for example, a Client point-of-contact's email address may pass through CrewCreate's email system in the course of engagement correspondence). They are not used for Processing Client Personal Data outside that incidental scope, and Client data is not copied into them.
- Google Workspace (Google Cloud EMEA Limited) — email, calendar, shared documents
- GitHub (GitHub, Inc., a subsidiary of Microsoft Corporation) — source-code version control for engagement code, where applicable
- Claude Code (Anthropic PBC) — agentic developer assistant used by CrewCreate personnel during engagement delivery (code authoring, documentation, scripted analysis); invokes the Anthropic Claude API per §2.2, with training-data retention opted out
2.4 Engagement-specific sub-processors
Any sub-processor that is not named above and is required for a specific engagement is named in the Statement of Work for that engagement. The Client's signature on the Statement of Work constitutes authorisation of those engagement-specific sub-processors.
2.5 Adding a new sub-processor
Where CrewCreate proposes to engage an additional sub-processor not covered by §§2.1–2.4, we will give the Client written notice before the new sub-processor begins Processing. If the Client reasonably objects on data-protection grounds, the parties will discuss in good faith. If no acceptable resolution is reached, the Client may terminate the affected services on written notice, with CrewCreate entitled to invoice for hours consumed to the date of termination.
CrewCreate remains liable to the Client for the acts and omissions of its sub-processors in respect of their Processing of Personal Data on the Client's behalf.
3. Documented instructions
CrewCreate Processes Personal Data only on the documented instructions of the Client, including with regard to transfers outside the United Kingdom or the European Economic Area.
The Statement of Work (including any details-of-Processing table in it) is the Client's initial documented instruction. Further instructions during the engagement are to be given in writing (email is sufficient).
CrewCreate will not implement an instruction it reasonably believes would result in a breach of UK GDPR or DPA 2018, and will promptly notify the Client where it forms that view.
4. Confidentiality
CrewCreate ensures that personnel authorised to Process Personal Data are bound by enforceable obligations of confidentiality (whether contractual, professional, or statutory), and restricts access to Personal Data to those personnel who require such access for the performance of the engagement.
5. Security measures
CrewCreate implements appropriate technical and organisational measures to protect Personal Data against unauthorised or unlawful Processing and against accidental loss, destruction, damage, alteration, or disclosure, taking into account the state of the art, the cost of implementation, and the nature, scope, context, and purposes of Processing, as well as the risk to Data Subjects.
The measures applied to a typical engagement include, at minimum:
- Multi-factor authentication on accounts with access to Personal Data
- Encryption in transit (TLS 1.2 or higher) and at rest (AES-256 or cloud-provider-managed equivalent) for stored Personal Data
- Access logging and audit trails for systems Processing Personal Data
- Role-based access control with least-privilege defaults
- Segregation of any Personal Data from CrewCreate's general working environment (use of Client-provided cloud accounts where possible)
- A documented procedure for security-incident response and notification
- Periodic review of authorised personnel and rotation of secrets
Where the services are delivered into the Client's or end-client's cloud account, CrewCreate relies on the Client's account-level controls and Processes Personal Data only within the account boundary defined by the Client. CrewCreate does not export Personal Data to its own environment except as expressly required for the engagement and authorised in writing, or as permitted under the Local Processing exception below.
Local Processing exception. Where, exceptionally, the Services require temporary local Processing of Personal Data on CrewCreate-operated equipment outside the Client's cloud account boundary — for example, schema inspection of a delivered extract, or offline debugging of a transformation that cannot run in the Client's environment — such Processing is permitted only where: (i) the equipment is encrypted at rest under industry-standard full-disk encryption (Apple FileVault, BitLocker, LUKS or equivalent); (ii) the Personal Data is confined to a named local scratch location that is excluded from automatic synchronisation or backup services (including, where applicable, iCloud Drive, Time Machine, OneDrive and Google Drive); (iii) the Personal Data is securely purged within seventy-two (72) hours of the operational need ending, with overwrite of the underlying storage where the platform supports it; and (iv) the occurrence is recorded in CrewCreate's engagement notes as a documented exception, with timestamp, scope, and purge confirmation. Local Processing under this paragraph does not constitute a transfer of Personal Data outside the United Kingdom or the EEA for the purposes of §10, provided CrewCreate's equipment is located within the United Kingdom; where CrewCreate's equipment is temporarily located outside the United Kingdom, §10 applies in addition to this paragraph.
6. Data Subject rights
Taking into account the nature of the Processing, CrewCreate will provide reasonable assistance to the Client (or, via the Client, to the Controller) in fulfilling the obligation to respond to requests from Data Subjects exercising rights under UK GDPR or DPA 2018 (access, rectification, erasure, restriction, portability, objection, automated decision-making).
CrewCreate will not respond directly to any Data Subject request unless instructed in writing by the Client.
Assistance under this section is included in the engagement fee up to a reasonable threshold (typically up to two requests per engagement). Material additional effort is chargeable at CrewCreate's then-current rate via change order.
7. Personal Data Breach notification
CrewCreate notifies the Client without undue delay, and in any event within seventy-two (72) hours of becoming aware, of any Personal Data Breach affecting Personal Data Processed under the engagement. The notification will include, to the extent then known:
- The nature of the breach
- The categories and approximate number of Data Subjects and records affected
- The likely consequences
- The measures taken or proposed to address the breach and to mitigate its effects
CrewCreate will provide the Client with such reasonable further assistance as the Client requires to comply with its (or the Controller's) obligations under Articles 32–36 of UK GDPR (security, breach notification to the supervisory authority and Data Subjects, Data Protection Impact Assessments, prior consultation with the supervisory authority).
8. Records and audit
CrewCreate maintains a written record of Processing activities carried out on behalf of the Client in accordance with Article 30(2) UK GDPR.
CrewCreate makes available to the Client all information reasonably necessary to demonstrate compliance with these DP Terms on written request, with up to ten (10) business days for response on routine requests.
The Client may, on not less than thirty (30) days' prior written notice and not more than once in any twelve-month period (except following a confirmed Personal Data Breach affecting the engagement), audit CrewCreate's compliance with these DP Terms. Audits will be carried out during normal business hours, will not unreasonably disrupt CrewCreate's operations, and will be at the Client's cost (including reimbursement of CrewCreate's reasonable time at CrewCreate's then-current rate). CrewCreate's compliance with relevant industry certifications, where applicable, may be relied on in lieu of a physical audit at CrewCreate's reasonable election.
9. Return or deletion of Personal Data
On termination or expiry of the engagement, CrewCreate will, at the Client's election (notified within thirty (30) days of termination), either return all Personal Data to the Client or securely delete it, including from any backups except where retention is required by applicable law. CrewCreate will certify completion of return or deletion in writing within fourteen (14) days of the Client's election.
Where backups are subject to a scheduled overwrite cycle, CrewCreate may retain Personal Data in those backups for the standard retention period provided it is encrypted at rest and not further Processed.
CrewCreate may retain Personal Data after termination only to the extent required by applicable law (for example, tax records), and only for the period strictly required.
10. International transfers
CrewCreate's personnel and primary operations are based in the United Kingdom. CrewCreate does not transfer Personal Data outside the United Kingdom or the EEA except:
- Into the Client's or end-client's cloud account (AWS, Google Cloud, Microsoft Azure, or otherwise), in which case the transfer is governed by the Client's or end-client's existing cloud customer agreement and its associated data-transfer addendum; or
- With the Client's prior written authorisation and on the basis of an appropriate transfer mechanism (an Adequacy Decision, the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or equivalent).
Engagements that use generative-AI providers based outside the United Kingdom (Anthropic, OpenAI, and Google / Microsoft / Amazon model APIs) may, by virtue of the model provider's region availability, route Personal Data through facilities in the United States or other jurisdictions. Where this applies, it is identified in the Statement of Work and is subject to the model provider's own data-transfer commitments, which CrewCreate relies on as the basis for the transfer.
11. Costs of assistance
Reasonable assistance provided by CrewCreate under §§6 (Data Subject rights) and §7 (Personal Data Breach notification) is included in the engagement fee. Material additional effort triggered by Data Subject requests, security investigations, or Controller / supervisory-authority requests is chargeable at CrewCreate's then-current rate via written change order, except where the additional effort arises from a breach of these DP Terms by CrewCreate.
12. Liability
Each party's liability arising out of or in connection with these DP Terms is capped at 100% of the total fees payable under the relevant Statement of Work, in addition to and not as part of any general liability cap in the Statement of Work.
The cap above does not apply to:
- Either party's liability for fines imposed directly on it by a supervisory authority
- Either party's liability for fraud, fraudulent misrepresentation, or wilful default
- Either party's liability that cannot be limited by law (including liability for death or personal injury caused by negligence)
Each party indemnifies the other against losses arising from the indemnifying party's breach of these DP Terms, subject to the cap above.
The Statement of Work may specify a different liability framework for a given engagement, in which case the Statement of Work prevails per the precedence rule in the Introduction.
13. Survival
§4 (Confidentiality), §8 (Records and audit), §9 (Return or deletion), §10 (International transfers), §12 (Liability) and this §13 (Survival) survive termination of the engagement.
14. Definitions
For the purposes of these DP Terms:
- Controller, Processor, Personal Data, Processing, Personal Data Breach, and Data Subject bear the meanings given in UK GDPR
- UK GDPR means Regulation (EU) 2016/679 as retained, amended, and supplemented in UK law under the Data Protection Act 2018 and the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (SI 2019/419)
- DPA 2018 means the Data Protection Act 2018
- Sub-processor means a third party engaged by CrewCreate to Process Personal Data on the Client's behalf
15. Version history
| Version | Effective | Summary |
|---|---|---|
| 1.0 | 2026-05-29 | Initial publication |
Permalinks to earlier versions are made available alongside the current version where any have been superseded.
16. Contact
For data-protection questions, contact: Daren Howell, Director — daren.howell@crewcreate.co.uk.
Where you are a Data Subject and wish to exercise your rights in respect of Personal Data that CrewCreate Processes under an engagement, please contact the Client (the data controller) in the first instance.