Legal
Privacy Policy
Last updated: June 21, 2026
Draft privacy policy. This is a starting draft, not a jurisdiction-specific legal document. For GDPR/CCPA-grade compliance contact privacy@shyftforce.com for a counsel-reviewed version.
1. What we collect
We collect: account details (name, email, password hash), workspace data (employees, schedules, time entries), usage analytics (feature interactions, error logs), and — when enabled — geolocation and selfie data for clock-in verification.
2. How we use it
To operate shyftforce: schedule, clock in/out, payroll calculation, compliance auditing, customer support, billing, and product improvement. We do not sell personal data to third parties.
3. Your rights
Account owners can export or delete their workspace at any time from Settings → Billing. EU/UK/CA residents can request data subject access requests via privacy@shyftforce.com.
4. Subprocessors
- Neon (PostgreSQL hosting) — US East
- Vercel (web hosting + edge network)
- Anthropic (Claude API for AI Co-pilot)
- Stripe (billing)
- Resend (transactional email)
5. Contact
Questions? Email privacy@shyftforce.com.