Privacy Policy

Last updated: May 22, 2026

1. Introduction

Welcome to Shyftgrid ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our shift scheduling and attendance tracking platform.

By using Shyftgrid, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Personal Information You Provide

We collect personal information that you voluntarily provide when you:

  • Register for an account (name, email, phone number, business name)
  • Set up your location and business profile
  • Add employees to your team
  • Contact our support team
  • Subscribe to our paid services (payment information is processed by Stripe)

2.2 Automatically Collected Information

When you use Shyftgrid, we automatically collect:

  • Location Data: GPS coordinates for geofence clock-in verification
  • Device Information: Device type, operating system, browser type, IP address
  • Usage Data: Features used, pages visited, time spent on platform
  • WiFi Network Information: WiFi SSID for location-based clock-in verification (if enabled)

2.3 Face Data

Shyftgrid collects face data only in connection with workplace time-and-attendance verification, and only when an employer (the manager organization that owns your account) configures their work location to require it. The categories below describe every type of face data the app collects:

  • (a) Profile Photo Selfie (Onboarding). A single still photograph of the employee's face captured with the device's front camera the first time the employee signs in. This photo becomes the employee's account profile photo and the reference image used for later clock-in matching. It is reviewed and approved by a manager before it can be used for verified clock-in.
  • (b) Clock-In Selfie (Per Shift). A still photograph of the employee's face captured at the start of a shift when the employer has enabled selfie or face-match verification for that work location. The clock-in selfie is attached to the shift record as an attendance receipt.
  • (c) Numeric Similarity Score. When face-match verification is enabled, the app computes a single integer "similarity score" between 0 and 100 indicating how closely the clock-in selfie resembles the manager-approved profile photo. Only this numeric score is stored alongside the shift; we do not store face templates, embeddings, vectors, or other mathematical representations of a face.
  • (d) Liveness-Challenge Audit Record (Optional). If the employer enables liveness checks for a work location, the employee performs a short on-screen gesture (for example, blinking twice or turning their head). The video frames used for the gesture are processed in device memory and immediately discarded; we save only a boolean ("verified"), the names of the challenges that were issued (e.g. "blink_twice"), the duration in milliseconds, and the number of frames analyzed. We do not retain the video stream or any facial landmarks.
  • (e) Face ID / Touch ID for App Unlock (Optional). If the employee enables the in-app "biometric lock" feature, the app uses Apple's standard LocalAuthentication framework (Face ID or Touch ID) to unlock the app on shared devices. Shyftgrid never receives, accesses, or stores any face data in connection with Face ID. Apple's Secure Enclave performs the authentication entirely on-device and returns only a yes/no answer to the app.

How face data is processed. All face detection, landmark extraction, and similarity scoring are performed locally on the user's device using Apple's Vision framework (VNDetectFaceLandmarksRequest, VNFaceObservation). No face data is sent to any third-party face-recognition service. We do not use Amazon Rekognition, Google Cloud Vision, Microsoft Azure Face, Clearview AI, or any other external facial-recognition API.

What we never do. We never use face data for advertising, marketing, building advertising profiles, training third-party machine-learning models, identifying employees outside of clock-in events, or sale or rental to any third party. Face data is used solely for the purpose of confirming employee identity at clock-in (i.e. preventing "buddy punching" — one employee clocking in for another).

Opt-out. Face data is only collected if your employer enables face verification for your work location. If your employer enables it, employees may request that an alternative verification method (manager-approved manual clock-in) be used instead. To withdraw your consent or delete your face data at any time, email privacy@shyftgrid.io.

3. How We Use Your Information

We use your information to:

  • Provide Our Services: Facilitate shift scheduling, swapping, and attendance tracking
  • Verify Identity: Confirm employees are physically present at work locations during clock-in
  • Prevent Fraud: Detect and prevent time theft, buddy punching, and unauthorized access
  • Send Notifications: Alert managers and employees about shift changes, clock-in events, and attendance issues
  • Process Payments: Handle subscription billing (via Stripe)
  • Improve Our Platform: Analyze usage patterns to enhance features and user experience
  • Communicate: Send service updates, security alerts, and customer support messages
  • Comply with Law: Meet legal obligations and enforce our terms

4. How We Share Your Information

We do not sell your personal information. We may share your information with:

4.1 Service Providers

  • Google Firebase (Firebase Cloud Storage, Cloud Firestore, Firebase Authentication, Cloud Functions): Database, file storage, authentication, and serverless functions. Profile-photo selfies and clock-in selfies are stored as image files in Firebase Cloud Storage (paths profile-photos/{userId}.jpg and clock-in-selfies/{shiftId}/{timestamp}.jpg) located in Google Cloud data centers in the United States. Google Firebase acts solely as our hosting and storage infrastructure; it does not perform face recognition on these images and does not access them for its own purposes.
  • Stripe: Payment processing. Stripe never receives face data.
  • Vercel: Web-dashboard hosting. Vercel never receives face data.
  • Email Service Providers (Resend, SendGrid): Transactional emails and notifications. These providers never receive face data.

Face data is never shared with any third party for the purpose of face recognition, identification, profiling, advertising, or training machine-learning models. The only third party that ever touches face data is Google Firebase, in its role as our hosting infrastructure (it stores the image bytes at rest, encrypted with AES-256, and serves them back to authorized devices over TLS).

4.2 Business Transfers

If Shyftgrid is involved in a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before your information becomes subject to a different privacy policy.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect the rights, property, or safety of Shyftgrid, our users, or others.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
  • Access Controls: Role-based permissions and multi-factor authentication
  • Secure Storage: Facial recognition data stored in encrypted format with restricted access
  • Regular Audits: Security assessments and vulnerability scanning
  • Data Minimization: We only collect and retain data necessary for our services

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to:

  • Provide our services and maintain your account
  • Comply with legal obligations (tax records, employment records)
  • Resolve disputes and enforce our agreements

When you delete your account, we will delete or anonymize your personal information within 90 days, except where we are required by law to retain it longer (e.g., financial records for 7 years).

6.1 Face Data Retention

Face data is subject to the following specific retention rules:

  • Profile-photo selfie: Retained for as long as the employee's account is active. Deleted from Firebase Cloud Storage within 30 days after the employee's account is deactivated, deleted, or the employee revokes consent in writing.
  • Clock-in selfies: Retained as part of the shift attendance record for the lesser of (i) three (3) years from the date of the shift, or (ii) the deletion of the employer's organization. Three years matches the federal Fair Labor Standards Act recordkeeping window for time-and-attendance records (29 C.F.R. § 516.5).
  • Numeric similarity scores and liveness audit records: Retained for the same window as the associated shift record (see above).
  • Organization cancellation: If an employer cancels their Shyftgrid subscription, a 90-day grace period applies. After that grace period, all face data belonging to that organization — including every profile-photo selfie and every clock-in selfie — is permanently deleted.
  • User-initiated deletion: Any employee may request immediate deletion of their face data at any time by emailing privacy@shyftgrid.io. We will delete the requested data within 30 days and confirm in writing.
  • Face ID / Touch ID: Not applicable — Shyftgrid does not store or transmit any data related to the device's Face ID / Touch ID system. All such data remains in Apple's Secure Enclave.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your personal information
  • Opt-Out: Unsubscribe from marketing emails or disable facial recognition
  • Data Portability: Receive your data in a portable format
  • Restriction: Limit how we process your information

To exercise these rights, contact us at privacy@shyftgrid.io. We will respond within 30 days.

8. Face Data - Special Provisions

To the extent any of the face data described in Section 2.3 constitutes a "biometric identifier" or "biometric information" under U.S. state biometric-privacy laws — including the Illinois Biometric Information Privacy Act (740 ILCS 14, "BIPA"), the Texas Capture or Use of Biometric Identifier Act ("CUBI"), and the Washington Biometric Privacy Act (RCW 19.375) — Shyftgrid commits to the following:

  • Notice and written consent: Employees receive a clear in-app notice describing the face data being collected, the purpose, and the retention period before their first profile-photo selfie is captured. Employees affirmatively consent by tapping "Continue" on the on-screen disclosure; employers are contractually required to obtain additional written consent from their employees offline where required by law.
  • Purpose limitation: Face data is used solely to confirm employee identity at clock-in. It is never used for any other purpose.
  • Retention schedule: Face data is destroyed in accordance with Section 6.1 above, and in no event later than three (3) years after the employee's last interaction with Shyftgrid, the satisfaction of the purpose for which it was collected, or the cancellation of the employer's account (whichever occurs first).
  • Standard of care: Face data is stored at rest with AES-256 encryption, transmitted over TLS 1.2+, and protected by Firebase Authentication and role-based Firebase Security Rules that restrict read access to the employee themselves and authorized managers in their organization.
  • No sale, lease, trade, or other profit: Shyftgrid does not sell, lease, trade, or otherwise profit from face data, and has not done so since the launch of the service.
  • No disclosure without consent: Face data is not disclosed to any third party except (i) the employer's authorized managers in the course of attendance review, (ii) Google Firebase as a hosting subprocessor, or (iii) where required by valid legal process.

9. Children's Privacy

Shyftgrid is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@shyftgrid.io.

10. International Data Transfers

Your information may be transferred to and processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of Shyftgrid after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Shyftgrid

Email: privacy@shyftgrid.io

Support: support@shyftgrid.io

13. State-Specific Rights

California Residents (CCPA/CPRA)

You have the right to:

  • Know what personal information we collect and how it's used
  • Request deletion of your personal information
  • Opt-out of the sale of personal information (we do not sell your data)
  • Non-discrimination for exercising your privacy rights

Virginia, Colorado, and Connecticut Residents

You have rights to access, correct, delete, and obtain a copy of your personal data. You may also opt-out of targeted advertising and profiling (we do not engage in these activities).