Privacy Policy

Effective Date: April 9, 2026 · Last Updated: April 9, 2026

This Privacy Policy describes how Shiftd ("we," "us," or "our") collects, uses, stores, and protects your information when you use the Shiftd mobile application and related services (collectively, the "Service"). Shiftd is a staff scheduling platform used by departments and organizations to manage shift assignments, trades, and communications.

By using the Service, you agree to the collection and use of information as described in this policy.

1. Information We Collect

Information You Provide

• Account information: First name, last name, and email address. These are required to create and operate your account.
• Phone number: Optional. You may provide a phone number for contact purposes.
• Mailing address: Optional. You may provide an address for organizational records.
• Password: Used for authentication. Passwords are hashed using bcrypt and are never stored in plain text. No administrator can view or retrieve your password.

Information Collected Automatically

• Push notification tokens: If you enable push notifications, we receive a device token from Apple Push Notification service (APNs) via Expo Push API. This token is used solely to deliver notifications to your device.
• Authentication tokens: JSON Web Tokens (JWTs) are generated upon login and stored securely on your device using iOS Keychain (via expo-secure-store). These tokens authenticate your API requests.

Information Stored Locally on Your Device

• Biometric data (Face ID): If you enable Face ID for app unlock, biometric authentication is handled entirely by iOS on your device using Apple's LocalAuthentication framework. We never receive, transmit, or store your biometric data. The biometric check returns only a pass/fail result to the app. Your Face ID enrollment data remains in the iOS Secure Enclave and is never accessible to Shiftd or any third party.
• Theme preferences and session state: Stored locally on your device. Not transmitted to our servers.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Providing the Service: Displaying schedules, processing shift signups, trades, giveaways, and time-off requests.
• Authentication: Verifying your identity when you log in and securing your sessions.
• Communications: Sending schedule-related notifications via push notifications and email (e.g., schedule releases, shift changes, request decisions, manager broadcasts).
• Contact information display: Your name is visible to other staff in your department for scheduling purposes. Phone, email, and address visibility to peer staff is controlled by your privacy settings (see Section 5).
• Account management: Enabling profile updates, password resets, and account deletion.

We do not use your information for:

• Advertising or marketing to third parties
• User profiling or behavioral analytics
• Cross-app tracking
• Automated decision-making or profiling

3. Data Storage and Security

• Server infrastructure: Your data is stored in PostgreSQL using secured production infrastructure managed for availability, encryption, and operational reliability.
• Encryption in transit: All communication between the app and our servers is encrypted using HTTPS (TLS).
• Password security: Passwords are hashed with bcrypt before storage. Timing-safe comparisons prevent enumeration attacks.
• Token security: Access tokens have a 15-minute lifespan. Refresh tokens are rotated on each use and stored in iOS Keychain on your device.
• On-device storage: Sensitive data (tokens, credentials) is stored using expo-secure-store, which uses the iOS Keychain for hardware-backed encryption.
• Rate limiting: Authentication endpoints are rate-limited to prevent brute-force attacks.

While we implement industry-standard security measures, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

4. Data Sharing

We do not sell, rent, or share your personal information with third parties for their own purposes.

We share data only in the following limited circumstances:

• Within your organization: Your name, role, and tier are visible to other staff in your department for scheduling purposes. Visibility of your phone number, email, and address to peer staff is governed by your privacy settings. Administrators and schedulers can view your full profile for operational purposes.
• Service providers: We use the following services solely to operate the platform:
  • Resend: transactional email delivery, including schedule notifications, password resets, and account-related emails.
  • Expo Push API: push notification delivery to your device through Apple APNs.
  These providers process data only as necessary to perform their services and are bound by their own privacy policies.
• Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request.

5. Your Rights and Controls

Privacy Controls

You can control the visibility of your personal contact information to peer staff:

• Phone number visibility: default visible. Toggleable in your profile settings.
• Email visibility: default hidden. Toggleable in your profile settings.
• Address visibility: default hidden. Toggleable in your profile settings.

Administrators and schedulers always have access to your full profile for operational purposes.

Access and Correction

You can view and update your name, phone number, and address at any time through the Settings tab in the app. Email changes should be coordinated with your department administrator.

Account Deletion

You can request deletion of your account at any time through the Settings tab in the app:

• A 30-day grace period begins upon your request. You can continue to use the Service during this period.
• You can cancel the deletion request at any time during the grace period, either from the app or via a cancellation link sent to your email.
• After 30 days, your account and all associated data are permanently deleted, including your profile information, shift assignments, request history, notification preferences, and push tokens.
• Deletion is irreversible after the grace period expires.

Data Portability

To request a copy of your personal data, contact us at support@getshiftd.com.

6. Biometric Data

Shiftd offers optional Face ID authentication as a convenience feature for unlocking the app.

• Face ID is processed entirely on your device by Apple's iOS LocalAuthentication framework.
• No biometric data is ever collected, transmitted, or stored by Shiftd. The app receives only a pass/fail authentication result from iOS.
• Your biometric enrollment data remains in the iOS Secure Enclave, a hardware-isolated processor on your device.
• You can enable or disable Face ID at any time in the app's Settings tab.
• Disabling Face ID does not affect your account or any stored data.

7. Push Notifications

Push notifications inform you about scheduling events, including:

• Schedule releases and publications
• Signup window openings
• Shift changes affecting your assignments
• Request decisions (approvals, denials)
• Manager broadcasts
• Hours and unfilled shift alerts

You can control which types of push notifications you receive in the Notification Settings screen. Certain mandatory notification types (request decisions and hours warnings) cannot be disabled. You can disable all push notifications at any time through your iOS device settings.

8. Children's Privacy

Shiftd is a workplace application designed for employed staff members. The Service is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have, we will delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at support@getshiftd.com.

9. Data Retention

• Active accounts: Your data is retained for as long as your account is active and your organization maintains its Shiftd subscription.
• Deleted accounts: Upon completion of the 30-day deletion grace period, all personal data is permanently removed.
• Deactivated accounts: If your administrator deactivates your account, your data is retained in an inactive state. You may request permanent deletion by contacting support@getshiftd.com.
• Notification history: In-app notifications are automatically deleted after 30 days.
• Organizational departure: If you leave your organization, your administrator may deactivate your account. Contact support@getshiftd.com to request data deletion.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last Updated" date at the top of this document. For significant changes, we will notify you through the app or via email. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

11. Contact Information

If you have questions or concerns about this Privacy Policy or our data practices:

• General inquiries: info@getshiftd.com
• Support and privacy requests: support@getshiftd.com
• Website: getshiftd.com