Privacy Policy

Overview

This Privacy Policy explains how Shiffy(“Shiffy,” “we,” “us,” or “our”) collects, uses, and discloses personal information in connection with the Shiffy shift-management platform, websites, and mobile applications (the “Services”). Shiffy is offered to businesses and their workers in the United States only. This Policy does not address the EU GDPR or other non-US data-protection laws.

The Services also include online ordering storefrontsthat operator businesses can publish to accept orders from the public. If you place an order or create a customer account on a Shiffy storefront, this Policy also explains how your information is handled—see Storefront Customer Accounts below.

Our Role: Controller vs. Processor

Our privacy responsibilities depend on whose data is involved.

Where Shiffy acts as a controller.For information we collect to run our own business—account registration by an operator business, the contact details of the person who signs up, billing and subscription information, marketing communications, and website analytics—Shiffy determines the purposes and means of processing and acts as a controller(or “business” under California law).

Where Shiffy acts as a processor. When an operator business (our customer) uses Shiffy to schedule and manage its workforce, that business is the controller of its employees’ personal information, and Shiffy acts as a processor(or “service provider” under California law) that processes workforce data only on the operator’s documented instructions. Workers should direct requests about their data first to their employer; Shiffy will support the operator in responding.

Where Shiffy acts as a controller for storefront customer accounts. When a member of the public creates a customer account to order from a Shiffy storefront, that account identity is global across all Shiffy storefronts and is operated by Shiffy as a platform. For the account identity and related sign-in and transactional account communications, Shiffy acts as a controller. The contents of any individual order are placed with, and are under the control of, the operator business that runs that storefront; that business is the controller of its order content. See Storefront Customer Accounts below.

Information We Collect

Information we collect as a controller (account & billing). Name, email address, phone number (optional), and a hashed password for the person who creates or administers an operator account; business name and details; and subscription, plan, and payment context. Card details are entered directly with our payment processor (Stripe) and are not stored on Shiffy servers.

Workforce information we process for operators.On behalf of operator businesses, we process worker names, email addresses, phone numbers, hashed passwords, employment data (schedules, shifts, wage/pay rates), time-clock records, and—where the time-clock feature is used—precise GPS location and geofence coordinates captured at clock-in/clock-out, plus order/payment context relevant to a shift. We do not collect Social Security numbers or biometric identifiers.

Storefront customer-account information. When you create a customer account to order from a Shiffy storefront, we collect your email address (your login identity, verified by a short-lived magic-link sign-in token), and optionally your name and phone number. We also keep your order history and account preferences (such as whether to receive order-status updates, which is on by default, and whether you have opted in to marketing email, which is off by default). Magic-link tokens are short-lived and used only to verify your email and sign you in. Guest checkout, without creating an account, remains available; a past guest order can later be associated with an account only by verified email match.

Information collected automatically. Device, log, and diagnostic data (including crash and performance telemetry) used to operate and improve the Services.

How We Use Information

• To provide, maintain, and secure the Services.
• To create and administer operator accounts and process subscription billing.
• To deliver scheduling, time-clock, notification, and communication features.
• To authenticate storefront customer accounts (passwordless magic-link sign-in), maintain customer order history, and send transactional order-status emails (such as “order received” and “order ready”), which are part of the ordering service and are on by default.
• To send service and transactional messages (and, with consent, marketing).
• To diagnose problems, prevent abuse, and improve reliability and performance.
• To comply with legal obligations and enforce our Terms of Service.

We process workforce data only to provide the Services to the operator business and on its instructions. We do not sell personal information and do not “share” it for cross-context behavioral advertising.

Storefront Customer Accounts

Operator businesses can publish online ordering storefronts on Shiffy. This section applies to members of the public who place orders or create customer accounts on those storefronts (“storefront customers”)—a distinct group from the operators and workers whose data is described elsewhere in this Policy.

Account and identity. A customer account uses your email address as your login identity, verified through a passwordless magic-link sent by email. You may optionally add your name and phone number. Your account identity is global across all Shiffy storefronts, so you can sign in once and order from any participating business; however, your order data is kept per business and is not shared between storefronts.

How customer information is used. We use your account information to sign you in, to maintain your order history, and to send transactional order-status emails (for example, when an order is received or ready). These status emails are part of the ordering service and are enabled by default. We send marketing email only if you expressly opt in (this is off by default), and you can withdraw that consent at any time.

Roles. For the customer account and identity and for the transactional account communications described above, Shiffy acts as the controller. The operator business that runs a storefront is the controller of the order content you place with it. Questions about a specific order should be directed to that business.

Claiming guest orders.If you previously checked out as a guest, those past orders may be associated with your account only when the order’s email matches your verified account email.

Your choices and rights. You may request access to, or a copy of, your customer-account information, and you may delete your accountat any time. When you delete your account, your customer record is removed (soft-deleted) and your prior orders are disassociated from you by clearing the customer reference; the underlying order record is retained by the operator business for its own recordkeeping. Eligible residents may also have rights under state privacy laws—see Oregon Privacy Rights and California Privacy Rights below. To exercise these choices, use your account settings or contact privacy@shiffy.app.

Location Data

When an operator enables the time-clock feature, the mobile app may collect precise location and geofence coordinates to verify that a worker is at an authorized work site when clocking in or out. Location is collected in connection with a clock-in/clock-out action and is processed on behalf of the operator business, which is the controller of that data. Workers can decline or revoke location permission through their device settings, though doing so may prevent location-verified time tracking. We do not use location data for advertising.

AI Features

Some optional features use third-party large language model (LLM) services provided by Anthropicto generate suggestions or summaries. When these features are used, relevant content—which may include workforce data—is transmitted to and processed by Anthropic to return a result. We use such providers under terms that restrict use of customer content to providing the service and that prohibit using it to train their foundation models. See the Subprocessor list for details.

Service Providers & Subprocessors

We engage trusted third parties to operate the Services, including payment processing (Stripe), push notifications (Firebase / Google Cloud Messaging), transactional email (AWS SES / SMTP), AI features (Anthropic), and error and performance monitoring (Sentry). These providers process personal information only to perform services for us under contract. A current list is available on our Subprocessors page.

Data Retention

We retain account and billing information for as long as an account is active and as needed to comply with legal, tax, and accounting obligations. Workforce data is retained for the operator business under our agreement with that business; on account termination, we delete or return workforce data within 30 days unless a longer period is required by law. Backups are purged on a rolling schedule.

Storefront customer accounts. We retain customer-account information for as long as the account is active. When you delete your account, your customer record is soft-deleted and your prior orders are disassociated from you; the operator business retains the underlying order record for its own legal, tax, and accounting purposes for the period it determines.

Security

We use administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit, hashed passwords, access controls, and continuous monitoring. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Workforce & Children’s Data

The Services are intended for businesses and their workers and are not directed to children under 13. We do not knowingly collect personal information from children under 13. Where an operator schedules minors who are lawfully employed, the operator is the controller of that data and is responsible for any consents required under applicable employment and privacy laws.

Oregon Privacy Rights (OCPA)

If you are an Oregon resident, the Oregon Consumer Privacy Act (OCPA) gives you the right to confirm whether we process your personal data and to access it; to obtain a list of specific third parties to which we have disclosed personal data; to correct inaccuracies; to delete your personal data; to obtain a portable copy; and to opt out of the sale of personal data, targeted advertising, and certain profiling. We do not sell personal data or use it for targeted advertising. To exercise these rights, contact us at privacy@shiffy.app. You may appeal a decision by replying to our response; if we deny your appeal, you may contact the Oregon Attorney General.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, the CCPA/CPRA gives you the right to know what personal information we collect, use, and disclose; to access and obtain a copy; to correct inaccurate information; to delete your information; and to opt out of the sale or sharing of personal information. We do not sell or share personal information as those terms are defined under the CCPA, and we do not use or disclose sensitive personal information for purposes beyond those permitted. We will not discriminate against you for exercising these rights. To exercise your rights, contact us at privacy@shiffy.app. You may use an authorized agent to submit a request on your behalf.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice.

Contact Us

Questions about this Policy or our privacy practices? Contact Shiffy at privacy@shiffy.app.