Privacy Policy

Last updated: September 1, 2025

This Privacy Policy explains how Shiftly (“we”, “us”, or “our”) collects, uses, and shares information when you use our websites, products, and services (collectively, the “Services”). By using the Services, you agree to the practices described below.

1. Information We Collect

  • Account & Profile: name, email, password hash, phone number, trade/role, ZIP code, skills, organization membership and access level.
  • Organization Data: company name, org code, plan status, trial dates, billing status.
  • Scheduling & Usage: job/assignment details, availability, activity within the app, device/browser info, and diagnostic logs.
  • Billing: processed via Stripe; we receive non-sensitive metadata (plan, status, current_period_end). Card details are handled by Stripe, not Shiftly.
  • Communications: email and SMS metadata for notifications (e.g., assignment updates). Email may be sent via Resend; SMS may be sent via Textbelt/Twilio.

2. How We Use Information

  • Provide, secure, and improve the Services.
  • Authenticate users and enforce entitlements (e.g., trials/paywall).
  • Create and manage organizations and employee records.
  • Schedule work and send notifications about assignments and changes.
  • Process billing, trials, renewals, and account status updates.
  • Communicate with you about service updates and support.
  • Comply with legal obligations and prevent abuse.

3. Legal Bases (EEA/UK)

We process personal data under these legal bases: performance of a contract (providing the Services), legitimate interests (security, product improvement), consent (where required, e.g., marketing/SMS), and legal obligations (e.g., tax, accounting).

4. Sharing & Service Providers

We share information with vendors that help operate the Services: Supabase (hosting/auth/database), Stripe (billing), Resend (email), and Textbelt/Twilio (SMS). These providers process data on our behalf under appropriate agreements. We may disclose information to comply with law, protect rights, or in connection with a merger, acquisition, or similar event.

5. Data Retention

We retain data while your account is active or as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. We may anonymize or aggregate data for analytics.

6. Security

We use technical and organizational measures appropriate to the risk (e.g., TLS in transit, access controls, row-level security in our database). No system is 100% secure; please use strong passwords and protect your account credentials.

7. International Transfers

If you access the Services from outside the United States, your information may be transferred to and processed in the U.S. and other countries. We take steps to ensure appropriate safeguards are in place for such transfers.

8. Your Rights

  • EEA/UK: You can request access, correction, deletion, restriction, or portability of your data, and object to processing where applicable. You may also lodge a complaint with your local supervisory authority.
  • California (CCPA/CPRA): You have rights to know, delete, correct, and opt-out of “sharing/sale” of personal information (we do not sell personal information). You can use an authorized agent to make requests.

9. Communications & SMS

By providing your phone number, you consent to receive SMS related to assignments and account notifications. Message frequency varies. Message & data rates may apply. Reply STOP to opt out or HELP for help. You can manage email/SMS preferences in your profile or by contacting us.

10. Children

The Services are not intended for children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect data from children.

11. Changes to This Policy

We may update this Privacy Policy. We will post the new effective date above and, when required, notify you by email or in-app.

12. Contact Us

Questions or requests? Email nick@shiftlyio.com .