Privacy Policy

Last updated: April 10, 2026

1. Introduction

Welcome to ShiftSwap ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our shift scheduling and attendance tracking platform.

By using ShiftSwap, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Personal Information You Provide

We collect personal information that you voluntarily provide when you:

  • Register for an account (name, email, phone number, business name)
  • Set up your location and business profile
  • Add employees to your team
  • Contact our support team
  • Subscribe to our paid services (payment information is processed by Stripe)

2.2 Automatically Collected Information

When you use ShiftSwap, we automatically collect:

  • Location Data: GPS coordinates for geofence clock-in verification
  • Device Information: Device type, operating system, browser type, IP address
  • Usage Data: Features used, pages visited, time spent on platform
  • WiFi Network Information: WiFi SSID for location-based clock-in verification (if enabled)

2.3 Biometric Information

If you enable facial recognition features (Enterprise plan only), we collect:

  • Selfie Photos: Live selfie captures taken during clock-in
  • Facial Recognition Data: Encrypted facial feature mappings for identity verification

Important: Facial recognition processing happens on-device when possible. Biometric data is encrypted, stored securely, and never sold to third parties. You have the right to opt out of facial recognition at any time.

3. How We Use Your Information

We use your information to:

  • Provide Our Services: Facilitate shift scheduling, swapping, and attendance tracking
  • Verify Identity: Confirm employees are physically present at work locations during clock-in
  • Prevent Fraud: Detect and prevent time theft, buddy punching, and unauthorized access
  • Send Notifications: Alert managers and employees about shift changes, clock-in events, and attendance issues
  • Process Payments: Handle subscription billing (via Stripe)
  • Improve Our Platform: Analyze usage patterns to enhance features and user experience
  • Communicate: Send service updates, security alerts, and customer support messages
  • Comply with Law: Meet legal obligations and enforce our terms

4. How We Share Your Information

We do not sell your personal information. We may share your information with:

4.1 Service Providers

  • Firebase/Google Cloud: Database hosting and authentication
  • Stripe: Payment processing
  • Vercel: Web hosting and infrastructure
  • Email Service Providers: Transactional emails and notifications

4.2 Business Transfers

If ShiftSwap is involved in a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before your information becomes subject to a different privacy policy.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect the rights, property, or safety of ShiftSwap, our users, or others.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
  • Access Controls: Role-based permissions and multi-factor authentication
  • Secure Storage: Facial recognition data stored in encrypted format with restricted access
  • Regular Audits: Security assessments and vulnerability scanning
  • Data Minimization: We only collect and retain data necessary for our services

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to:

  • Provide our services and maintain your account
  • Comply with legal obligations (tax records, employment records)
  • Resolve disputes and enforce our agreements

When you delete your account, we will delete or anonymize your personal information within 90 days, except where we are required by law to retain it longer (e.g., financial records for 7 years).

7. Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your personal information
  • Opt-Out: Unsubscribe from marketing emails or disable facial recognition
  • Data Portability: Receive your data in a portable format
  • Restriction: Limit how we process your information

To exercise these rights, contact us at privacy@shiftswap.app. We will respond within 30 days.

8. Biometric Data - Special Provisions

For Illinois Residents (BIPA Compliance): If you are in Illinois, we comply with the Biometric Information Privacy Act (BIPA):

  • We obtain written consent before collecting biometric data
  • We publish retention and deletion policies (biometric data deleted within 3 years of last interaction or account deletion, whichever comes first)
  • We use a reasonable standard of care to protect biometric data
  • We never sell, lease, or trade biometric information

9. Children's Privacy

ShiftSwap is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@shiftswap.app.

10. International Data Transfers

Your information may be transferred to and processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of ShiftSwap after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

ShiftSwap

Email: privacy@shiftswap.app

Support: support@shiftswap.app

13. State-Specific Rights

California Residents (CCPA/CPRA)

You have the right to:

  • Know what personal information we collect and how it's used
  • Request deletion of your personal information
  • Opt-out of the sale of personal information (we do not sell your data)
  • Non-discrimination for exercising your privacy rights

Virginia, Colorado, and Connecticut Residents

You have rights to access, correct, delete, and obtain a copy of your personal data. You may also opt-out of targeted advertising and profiling (we do not engage in these activities).