ShiftRobin · Legal

Privacy Policy

Last updated: May 14, 2026

This Privacy Policy explains what data ShiftRobin collects, how we use it, and what choices you have. Short version: we collect what we need to run a dispatch product, we don't sell it, and your operational data lives in a small set of well-defined places. The longer version is below.

1. Who this applies to

We have two kinds of users: operators (the people and organizations that sign up for ShiftRobin to fill shifts) and workers (the people that operators add to their rosters and dispatch shifts to). For workers, we act as a data processor on behalf of the operator — the operator is the data controller. This policy describes both relationships.

2. What we collect

From operators at signup:

  • Name, work email, and (optionally) phone number.
  • Organization name, country, state or province, postal/ZIP code, timezone.
  • Industry and team-size estimate (used for product analytics and to suggest the right plan).
  • Password — stored as a bcrypt hash, never in plaintext.
  • UTM parameters from the signup URL if present — used for marketing attribution.

From operators during use:

  • Roster data (worker names, phone numbers, role/tag assignments, opt-in/opt-out state).
  • Shifts you create, dispatches you start, and the resulting accept/decline/timeout events.
  • SMS metadata — segment counts and delivery status — used for billing.
  • Optional info-packet content (extra context for offers and confirmations).

From workers automatically:

  • Phone number (provided by the operator).
  • Their inbound SMS replies (Y / N / STOP / etc.).
  • Response timing for the operator's dispatch metrics.

From everyone, automatically:

  • Standard server logs (IP address, user agent, request timing) for security and debugging.
  • One session cookie (HttpOnly, SameSite=Lax) to keep you logged in. No third-party tracking cookies on the app.
  • A localStorage flag on the marketing site for your theme preference.

3. Why we collect it

  • To run the Service. Sending SMS, ranking candidates, tracking who accepted what — all need the data above to function.
  • To bill you. Charges accrue based on placements and SMS segments.
  • To keep accounts secure. Logs help us detect abuse, debug issues, and verify identity for support requests.
  • To communicate with operators. Billing notices, security alerts, incident notifications, occasional product updates. Canadian operators give us express CASL consent for these at signup. You can opt out of non-essential email any time; billing and security messages are mandatory because they're operational, not marketing.
  • To improve the product. Aggregate, anonymized analytics about how the platform is used.

4. Who we share data with

We use a small set of third-party processors, each under a data-processing agreement that limits them to providing the relevant service:

  • Twilio — sends and receives the SMS on our behalf. They see worker phone numbers, message bodies, and delivery metadata.
  • Stripe — handles payment-method storage and processing. We never see your card number; Stripe does. They see your name, email, billing address, and payment amount.
  • Loops — sends transactional and operational email (verification, billing receipts, dispatch alerts). They see your email address and the message contents.
  • Fly.io (or our then-current cloud provider) — hosts the application and database. They see encrypted data at rest and traffic at the network layer.
  • GlitchTip — receives anonymized error reports for debugging. We scrub personally identifying information from the payload before send.

We do not sell your data. We do not use it to train AI models. We do not share it with advertising networks. We will disclose data to comply with a valid legal request (court order, subpoena) — we'll notify the affected operator unless legally prohibited.

5. Where data is stored

Our primary servers are in the United States (Chicago region) or Canada (Toronto region), depending on which performs best at our current scale. Backups stay in the same region. Stripe and Twilio operate globally and route data according to their own policies, which you can read on their sites.

6. How long we keep it

  • Active accounts: as long as you have an account and for a reasonable period after for support and audit purposes (typically 12 months).
  • Closed accounts: we delete most data within 90 days of account closure. Some records (billing history, tax records, abuse logs) are kept longer where legally required.
  • Worker consent records and opt-out state are retained for at least three years after the operator's account closes, because consent law requires us to honor an opt-out even if you ever rejoin.
  • Server logs are kept for 30 days unless they're flagged as part of an active investigation.

7. Your rights

Depending on where you live, you may have the right to:

  • Ask what data we hold about you (right of access);
  • Correct inaccurate data (right of rectification);
  • Ask us to delete your data (right of erasure) — subject to legal retention requirements;
  • Receive a copy of your data in a portable format;
  • Withdraw consent for non-essential communications at any time;
  • Complain to a data-protection authority (Privacy Commissioner of Canada, your state attorney general, etc.).

Email hello@shiftrobin.com to exercise any of these. We'll respond within 30 days. Workers exercising rights against an operator's roster data should contact the operator directly — we'll help facilitate.

8. Security

  • HTTPS everywhere; HTTP requests redirect to TLS.
  • Passwords stored as bcrypt hashes, never plaintext.
  • Session cookies are HttpOnly and SameSite=Lax.
  • Database backups encrypted at rest.
  • Principle of least privilege internally — engineers have access only to what they need to debug a specific issue.
  • We follow industry-standard incident response. If we discover a breach affecting your data, we'll notify you within 72 hours of confirming the scope.

9. Children

The Service is not directed at people under 18. We don't knowingly collect data from minors. If you believe we've collected data from someone under 18, contact us and we'll delete it.

10. Changes

We'll update this policy as the product evolves. Material changes will be announced by email and in-app at least 14 days before they take effect. Your continued use after the effective date is acceptance of the updated policy.

11. Contact

Privacy questions, data-rights requests, anything else: hello@shiftrobin.com.

← Back to ShiftRobin