Privacy Policy

Overview

ShiftFlow (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the ShiftFlow mobile application and related services (collectively, the “Service”).

By using ShiftFlow, you agree to the collection and use of information in accordance with this Policy. If you do not agree with the terms of this Policy, please do not use the Service.

Data We Collect

Information You Provide

• Account information: Email address, name, and authentication credentials
• Work information: Employer name, pay rate, shift times, break durations, and work schedule
• Financial data: Earnings, tips, mileage, tax information, and invoice data you create
• Payslip images: Photographs of payslips you choose to scan using our OCR feature
• Journal entries: Work notes, energy levels, mood logs, and shift reflections
• Support communications: Messages you send to our support team

Automatically Collected Information

• Device information: Device model, operating system version, unique device identifier, and app version
• Usage data: Features used, screens viewed, and interaction patterns (anonymized)
• Crash reports: Technical error logs to help us improve stability
• Analytics: Aggregated, anonymized usage statistics

Information We Do Not Collect

We do not collect your bank account numbers, credit card numbers, Social Security numbers, or government identification numbers. We do not access your contacts, camera roll, or location without your explicit permission.

How We Use Your Data

We use the information we collect to:

• Provide, operate, and maintain the ShiftFlow Service
• Process and verify your shift data and payroll calculations
• Generate payday forecasts, earnings reports, and financial insights
• Power the AI assistant to answer your financial and payroll questions
• Calculate burnout scores and wellness indicators
• Send you alerts about pay discrepancies, upcoming paydays, and important account events
• Improve the accuracy of our AI models (using anonymized, aggregated data only)
• Respond to your customer support requests
• Comply with legal obligations

We will never use your personal financial data for advertising, marketing profiling, or sale to third parties. Your payroll data belongs to you.

AI & OCR Processing

ShiftFlow uses AI models to power features including payroll verification, the AI financial assistant, and payslip scanning (OCR). Here is how we handle data in these contexts:

AI Financial Assistant

When you interact with the AI assistant, your queries and relevant account context are processed by our AI provider. Queries are not used to train AI models without your explicit consent. Conversation history is stored securely and associated with your account.

Payslip OCR Scanner

When you photograph a payslip, the image is transmitted securely to our OCR processing service. The extracted data is immediately associated with your account record. Original images may be retained for up to 30 days to allow for re-processing in case of errors, after which they are automatically deleted unless you have explicitly saved them.

Payroll Anomaly Detection

Your shift logs are processed by our anomaly detection engine to identify potential pay discrepancies. This processing occurs on our secure servers and the underlying model is trained on anonymized, aggregate data — never on individually identifiable payroll records.

Data Sharing

We do not sell your personal data. We share your information only in the following limited circumstances:

• Service providers: We use trusted third-party vendors (cloud hosting, analytics, AI processing) who are contractually bound to handle your data securely and only as instructed by us.
• Apple App Store: Subscription and purchase data is processed by Apple Inc. and governed by Apple's privacy policy.
• Legal requirements: We may disclose information if required by law, court order, or government authority.
• Business transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred. We will notify you before this occurs.
• With your consent: Any other sharing will only occur with your explicit consent.

Data Retention

We retain your personal data for as long as your account is active or as needed to provide you the Service. Specific retention periods:

• Shift logs and earnings: Retained for the lifetime of your account. Exported or deleted upon account deletion.
• AI chat history: Retained for 12 months, then automatically purged.
• Payslip images: Retained for 30 days after scan, then deleted (unless manually saved).
• Support communications: Retained for 3 years for legal and quality purposes.
• Anonymized analytics: May be retained indefinitely as they cannot identify you.

When you delete your account, we initiate deletion of your personal data within 30 days, except where we are required to retain certain records by law.

Security

We implement industry-standard security measures to protect your information:

• All data transmitted between your device and our servers is encrypted using TLS 1.3
• Data stored on our servers is encrypted at rest using AES-256
• Access to production data is restricted to authorized personnel only
• We conduct regular security audits and penetration testing
• Employees with data access undergo security training and background checks

No method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. If you suspect a security issue, please contact us immediately at support@shiftflowx.net.

GDPR & CCPA Rights

For EU/EEA Residents (GDPR)

You have the right to:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate personal data
• Erasure: Request deletion of your personal data (“right to be forgotten”)
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Request limitation of processing under certain circumstances
• Objection: Object to processing based on legitimate interests

For California Residents (CCPA)

You have the right to:

• Know what personal information we collect, use, disclose, and sell
• Request deletion of your personal information
• Opt out of the sale of your personal information (we do not sell data)
• Non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us at support@shiftflowx.net. We will respond within 30 days.

Account Deletion

You can delete your ShiftFlow account and all associated data at any time. To do so:

• In the app: Settings → Account → Delete Account
• Online: Visit shiftflowx.net/delete for step-by-step instructions
• By email: Contact support@shiftflowx.net

Deletion is permanent and irreversible. All your shift logs, earnings data, AI chat history, and personal information will be permanently removed from our systems within 30 days.

Children's Privacy

ShiftFlow is not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal information, please contact us and we will delete that information promptly.

Policy Changes

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new policy on this page with an updated effective date
• Sending an in-app notification for significant changes
• Emailing registered users for changes that materially affect their rights

Your continued use of ShiftFlow after changes become effective constitutes acceptance of the revised policy.

Contact

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: support@shiftflowx.net
• Website: shiftflowx.net/support