General Terms and Conditions of Cinework Software GmbH for the use of crewser

Last updated: May 30, 2026

1. Scope

1.1. These General Terms and Conditions apply to all agreements concluded between Cinework Software GmbH ("Provider") and entrepreneurs ("Customer") regarding the use of the crewser software. Where crew members, employees, freelancers, or other project participants use crewser through access initiated by the Customer, these Terms also contain usage rules for that project-related access.

1.2. crewser is offered as software as a service (SaaS) and is a cloud-based software solution for workforce management and time tracking, specifically for film and media projects. Use of the software is subject to these Terms and Conditions and to any separately agreed service level agreements (SLAs).

1.3. Deviating terms and conditions of the Customer shall not become part of the contract unless the Provider expressly agrees to them in writing.

1.4. The paid contract for the provision of crewser is intended for entrepreneurs, in particular production companies, film and media companies, and comparable professional users. Crew members usually use crewser in connection with a Customer project and not as independent paying customers. If mandatory consumer, employment, data protection, or other protective rules apply in favor of a crew member in an individual case, those rules remain unaffected.

2. Contract conclusion and e-commerce

2.1. The contract is concluded via the Provider's online offer or in any legally permissible form.

2.2. In the case of online conclusion, premium access may be activated immediately. Payment is made using the payment methods stated in the order process, in particular by invoice, bank transfer, payment link, or an external payment service provider where used. The Customer receives the relevant payment information by email or in the software.

2.3. In the case of written or individually agreed conclusion, activation of premium functionality may take up to 5 business days because the process is handled manually. If activation after receipt of payment has been agreed or is required for risk reasons, activation takes place only after payment has been received.

2.4. If a payment fails or is not made within 7 days, the Provider reserves the right to block premium access until the outstanding amount has been settled.

2.5. In the event of an upgrade to a paid version (for example from free to premium), a 14-day refund period applies. Cancellation must be made by email and results in reimbursement of the fees paid. After 14 days, refunds are excluded.

3. Services and use

3.1. The Provider offers crewser in free and paid service packages. The specific scope of services, including available features, usage limits, term, fees, renewal, and cancellation, results from the relevant order process, offer, price sheet, or individual agreement. For existing contracts, the terms agreed at the time of conclusion apply; changes are governed by these Terms or a separate agreement.

3.2. Depending on the agreed service package, available functions, usage limits, project numbers, roles, and other usage options may differ. In the event of a package change, expiry, or termination, individual functions may be restricted or deactivated. The Customer's contractual, statutory, and data protection rights, in particular regarding retention, export, deletion, or return of data, remain unaffected.

3.3. Access rights depend on the relevant role, project assignment, Customer approvals, and the agreed service package. 3.3.1 Administrators (admins) Admins use crewser on the Customer side in particular to set up and manage projects, access rights, master data, working-time processes, reports, and other enabled functions. The specific scope of admin rights depends on the agreed service package, the project configuration, and the functions available in each case. Use of admin functions generally requires an admin account.

3.3.2 Crew members (workers) Through their project-related access, crew members may in particular enter, review, and manage their own master data, documents, and working times. Depending on the Customer's settings, they may also view project-related information, such as their own project assignment, released project documents, or other information required for collaboration. If the Customer enables a contact list feature, crew members may also view the names, phone numbers, departments, and email addresses of other crew members in the same team in order to support production handling and project-related communication. They have no access to administrative functions and no general access to working-time, payroll, or administrative data of other users. Access is provided through a personalized SMS link and is limited to the assigned projects and functions.

3.3.2.1 Security rules for personalized SMS access links: - The personalized access link sent by SMS is intended only for the relevant crew member and must not be forwarded or shared with third parties. - If the link is forwarded and used by unauthorized persons, the Provider assumes no liability unless the Provider is responsible for the misuse. - In cases of misuse, suspected misuse, or security risks, the Provider may block access for that user. In such a case, support must be contacted.

3.4 crewser SMS Terms

3.4.1. crewser may send transactional SMS messages to crew members, including project invitation links, secure access/login links, time-tracking reminders, and timesheet submission reminders. Message frequency varies based on project activity. Msg & data rates may apply.

3.4.2. The Customer and its admins must obtain the crew member's prior express consent to receive transactional SMS messages from crewser before requesting an SMS invitation through crewser. This consent must be collected outside crewser as part of crew onboarding, such as in a deal memo, project agreement, onboarding form, start paperwork, electronic contract, or equivalent written/electronic production document.

3.4.3. The Customer must ensure that the SMS consent language is clearly visible and includes at least the following: the program name crewser, transactional SMS messages related to the production project, message types, variable message frequency, msg & data rates may apply, unsubscribe option via support@crewser.app, and links to crewser's Terms and Privacy Policy.

3.4.4. The Customer must not request an SMS invitation for a crew member unless that crew member has first consented to receive transactional SMS messages from crewser. The Customer may add crew members to a project list without sending an SMS invitation. Admin acceptance of these Terms does not replace the crew member's SMS opt-in.

3.4.5. The standard crewser SMS program is transactional only and uses SMS texts or templates specified by the Provider. The Customer must not use crewser SMS messages for advertising, newsletters, cross-selling, product advertising, or other marketing communications. Where applicable law requires separate consent for promotional electronic communications, the Customer must obtain and document that consent outside the transactional crewser SMS program. Where input fields or project data are included in SMS messages, the Customer must ensure that such content remains factual and project-related and does not contain advertising.

3.4.6. The Customer must document SMS consent in a way that allows it to be proven in response to enquiries from crew members, network operators, authorities, or courts. The record should include in particular the consent text, timestamp, project reference, mobile phone number, identity of the crew member, and collection source.

3.4.7. Recommended crew-facing consent language: "By providing my mobile number, I agree to receive transactional SMS messages from crewser related to this production project, including project invitation links, secure access/login links, time-tracking reminders, and timesheet submission reminders. Message frequency varies based on project activity, typically one project invitation and occasional reminders while I am assigned to a project. Msg & data rates may apply. Unsubscribe at support@crewser.app. Terms: https://crewser.app/en/terms. Privacy Policy: https://crewser.app/en/privacy."

3.4.8. Crew members can opt out of crewser SMS messages at any time by contacting support@crewser.app. Each crewser SMS message contains the notice "Unsubscribe at support@crewser.app". After an opt-out, the Customer must not request further crewser SMS messages to the affected mobile phone number unless new valid consent exists or a message is technically or legally required.

3.4.9. For more information about SMS consent requirements, see https://crewser.app/en/sms-consent.

4. Misuse and blocking of users

4.1. The Provider reserves the right to block user accounts or email addresses if misuse of the platform is detected.

4.2. Misuse exists in particular in the case of: - violations of legal provisions or of these Terms and Conditions - manipulation of the software - misuse of the platform for impermissible or harmful activities - suspicion of fraudulent conduct - inviting persons to the application without their prior explicit consent

4.3. Blocking may be temporary or permanent. The Provider is not obliged to restore access.

5. Security and data protection

5.1. The Provider ensures appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or manipulation.

5.2. The Provider uses the server infrastructure of Hetzner Online GmbH as its hosting partner. The servers are located within the EU and are subject to the applicable data protection rules. Hetzner's terms and conditions also apply.

5.3. The Provider implements appropriate technical and organizational security measures in line with the state of the art. These include in particular encrypted data transmission, role- and permission-based access controls, logical tenant separation, protection of administrative access, logging of security-relevant events, backup and recovery measures, technical safeguards against misuse, and regular maintenance and updating of the systems used. Where appropriate, personal data are additionally protected by pseudonymization, encryption, or comparable measures.

5.4. Responsibility for data retention For project, crew, working-time, payroll, and document data processed by the Customer in crewser, the Customer as controller decides on permissible retention periods, export, deletion, and storage in accordance with applicable law. The Provider processes these data according to the Customer's instructions and deletes or returns them after contract end in accordance with section 5.12 unless statutory duties, security purposes, or legitimate evidentiary interests of the Provider require otherwise. For the Provider's own contract, invoice, support, security, and evidence data, the applicable statutory retention periods and limitation periods apply.

5.5. The Provider may use anonymized or aggregated data for software improvements or statistical purposes, provided that no conclusions can be drawn about individual persons.

5.6. Data processing on behalf of the Customer under Art. 28 GDPR Where the Provider processes personal data on behalf of the Customer, sections 5.6 to 5.16 constitute a data processing agreement within the meaning of Art. 28 GDPR. A separately concluded data processing agreement prevails over these provisions to the extent it contains deviating terms.

5.7. Roles: The Customer is the controller for personal data processed in crewser for its projects, admins, crew members, employees, or other project participants. The Provider processes these data as processor according to the Customer's instructions. For its own business purposes, in particular contract conclusion, billing for the services provided by the Provider to customers, invoicing, security, website operation, and its own communication with customers, the Provider acts as controller. Employment, payroll, and social security accounting for crew members remains the responsibility of the Customer or service providers engaged by the Customer.

5.8. Subject matter and duration of processing The subject matter of processing is the provision, maintenance, security, and further development of the crewser SaaS solution. Processing continues for the term of the contract and a subsequent technical wind-down, export, or deletion period unless statutory obligations or legitimate evidentiary interests require retention.

5.9. Nature and purpose of processing Processing includes in particular hosting, storage, display, export, backup, authentication, permission management, support, error analysis, security measures, system emails, transactional SMS, and technical logging. The purposes are project management, crew management, time tracking, working-time review, preparation of payroll data, communication, and provision of the contractually agreed functions.

5.10. Types of data and data subjects Processed data include in particular account, contact, project, role, working-time, compensation, payroll, document, communication, usage, log, and support data. Support data include in particular support requests, contact details of requesting persons, message content, submitted files, screenshots, error descriptions, technical metadata, and log data required for troubleshooting. Data subjects may include admins, customers, customer employees, crew members, project participants, suppliers, contact persons, and support contacts.

5.11. Instructions: The Provider processes customer data only on documented instructions from the Customer. Instructions arise from this contract, the settings and actions of admins in the software, and other written or electronic instructions from the Customer. The Provider may refuse or suspend an instruction if, in its opinion, it violates applicable data protection law, European Union law, the law of a Member State, or other law applicable in the individual case; in that case, the Provider informs the Customer where legally permitted.

5.12. Provider obligations: The Provider undertakes to maintain confidentiality, implement appropriate technical and organizational measures, and process customer data only in accordance with documented instructions. The Provider assists the Customer to the extent required by Art. 28 GDPR and reasonably possible, informs the Customer about relevant data protection incidents, and deletes or returns customer data after contract end according to instructions unless statutory duties, security purposes, or legitimate evidentiary interests require otherwise.

5.13. Evidence and audits: Upon request, the Provider provides the Customer with the information required under Art. 28 GDPR. Audits are primarily carried out through information, appropriate documentation, security information, certificates, or audit reports where available. Additional audits are permitted only to the extent required, with reasonable prior notice, and with due regard to business secrets, security, and the rights of other customers. Statutory inspection rights of authorities remain unaffected.

5.14. Subprocessors: The Customer authorizes the use of subprocessors where necessary to provide crewser. This includes in particular hosting, email delivery, newsletter delivery, SMS delivery, product analytics, support, and payment processing where the relevant function is used. Material current categories and providers include hosting/infrastructure through Hetzner Online GmbH in Germany, authentication and system emails through Amazon Web Services where used, newsletter delivery through Mailjet where newsletter features are used, transactional SMS through Twilio where SMS features are used, product analytics through PostHog only after consent, and payment service providers where used for payments. The Provider imposes data protection obligations on subprocessors that are materially equivalent to the Provider's obligations.

5.15. Changes to subprocessors: New or replaced material subprocessors will be announced to the Customer with reasonable notice by email, in the software, or through a publicly accessible list. The Customer may object for an important data protection reason. The parties will try to find an appropriate solution; if a material objection remains, the Customer may extraordinarily terminate the affected service or part of the contract.

5.16. Third-country transfers: Transfers to third countries or access from third countries take place only where an adequacy decision, EU Standard Contractual Clauses, additional safeguards, or another lawful basis under the GDPR applies. The Provider takes into account the requirements of the GDPR and the relevant case law of the Court of Justice of the European Union. These data protection provisions are governed by Austrian law unless mandatory EU data protection law or the data protection law of an applicable Member State provides otherwise.

6. Custom software development

6.1. The Customer may commission the development of individual additional features. These features are invoiced separately and are not part of the regular SaaS services.

6.2. The Provider reserves the right to integrate individually developed features into the standard software. Unless agreed otherwise, the rights to individually developed features remain with the Provider. The Customer receives a non-exclusive right to use the commissioned feature. The Provider may further develop or modify the feature for other customers.

6.3. After acceptance by the Customer, adjustments or bug fixes are only possible under a separate support or maintenance agreement. If no such agreement exists, required adjustments or bug fixes are billed according to actual effort at the customary market hourly rate.

6.4. The Customer shall provide all information, data, and, where applicable, access credentials required for developing the individual feature. Delays caused by missing or incomplete information from the Customer are not at the Provider's expense.

7. Disruptions and maintenance

7.1. The Provider makes reasonable efforts to keep crewser functional within the limits of technical feasibility and to remedy disruptions or technical problems appropriately. However, there is no claim to a specific response time.

7.2. Maintenance work that results in a longer unavailability of the software will be announced at least 48 hours in advance. The Provider will make reasonable efforts to schedule maintenance outside peak usage hours.

7.3. The Provider does not warrant that crewser will be available at all times, uninterrupted, fully secure, error-free, or free from technical limitations unless expressly agreed. Technical systems, networks, and third-party services may fail or be impaired. No express or implied warranties are assumed beyond what is expressly agreed or mandatory under law. Statutory warranty rights and mandatory liability remain unaffected.

8. Limitation of liability

8.1. The Provider is liable without limitation for damage arising from injury to life, body, or health, for damage caused intentionally or by gross negligence, under mandatory statutory liability rules, and under expressly assumed guarantees.

8.2. In cases of slight negligence, the Provider is liable only for breaches of material contractual obligations and only for the typical, foreseeable damage. Material contractual obligations are obligations whose fulfilment is necessary for the proper performance of the contract and on whose compliance the Customer may regularly rely. Where mandatory law imposes stricter requirements in an individual case, this liability clause applies only within the limits permitted there.

8.3. Otherwise, the Provider's liability is excluded to the extent legally permissible. For data loss, the Provider is liable, to the extent legally permissible, only for the restoration effort that would also have arisen if the Customer had made proper and regular backups. The Customer remains responsible for creating its own exports and backups of data that are particularly important to it.

8.4. The Provider ensures that time-tracking data entered by users (for example start time, end time, break times, or comments) are stored and displayed correctly. However, for calculations based on these data, in particular overtime, night surcharges, allowances, or other payroll-relevant factors, the Provider gives no warranty as to correctness, completeness, currentness, or legal usability where the calculation depends on statutory, collective bargaining, tariff, company-level, or individual requirements of the Customer. It is the Customer's responsibility to verify the correct calculation and application of those rules.

9. Right to amend

9.1. The Provider may amend or supplement these Terms where this is necessary due to legal, technical, security-related, organizational, or product-related developments and where the Customer is not unreasonably disadvantaged. Material changes to the main service obligations or agreed prices require the Customer's express consent unless they are legally mandatory or exclusively beneficial to the Customer.

9.2. Changes will be communicated to the Customer in text form (for example by email or via the platform) with reasonable notice, generally at least 30 days before they take effect. The Customer may object to the change within the notified period. The Provider will separately inform the Customer about the right to object and the consequences of failing to object. If a change materially disadvantages the Customer, the Customer may terminate the affected part of the contract before the change takes effect.

10. Final provisions

10.1. If individual provisions of these Terms and Conditions are or become invalid, the validity of the remaining provisions remains unaffected.

10.2. The contract between the Provider and the Customer is governed by Austrian law, excluding its conflict-of-law rules and the UN Convention on Contracts for the International Sale of Goods. Mandatory rules of European Union law and mandatory national rules that cannot be waived in an individual case remain unaffected. This applies in particular to data protection, telecommunications, unfair competition, consumer, employment, and social security law of an affected country. If crewser is made available in additional countries in a targeted way in the future, supplementary country-specific terms may be agreed or published; these prevail for their respective scope where they contain deviating provisions.

10.3. To the extent legally permissible, the place of performance and jurisdiction is the registered office of Cinework Software GmbH.