Privacy Policy
Last updated: June 3, 2026
1. Who We Are
ShiftView is a shift management tool for retail and hospitality teams. The service is operated by the owner of the ShiftView account you sign in through. References to “we”, “us”, or “our” refer to that operator.
2. Information We Collect
| Email address | Used for authentication via Supabase Auth |
| Display name | Your name as it appears on shift cards and in messages |
| Shift and schedule data | Shift times and dates associated with your employee record |
| Clock records | Clock-in and clock-out timestamps, if punch tracking is enabled |
| Messages | Text messages sent between employees and managers within the app |
| Push tokens | Notification subscription tokens if you grant notification permission |
| Technical data | Session tokens (stored in your browser) and standard server logs retained by the hosting provider |
3. How We Use Your Information
| Schedule and coverage dashboard | Name, shift times |
| In-app and push notifications | Name, notification tokens, message content |
| Manager-to-employee messaging | Name, message content |
| Authentication and access control | Email, session token |
| Audit trail for schedule changes | User ID, timestamps |
We do not sell, rent, or share your personal information with third parties for marketing purposes.
4. Message Encryption
All messages are encrypted at rest using AES-256-GCM before being stored in the database. The server decrypts messages only when delivering them to an authorized recipient or when generating push notification previews. The database never stores plaintext message content. Messages in transit are protected by TLS (HTTPS).
5. Data Storage and Security
Data is stored in a PostgreSQL database managed by Supabase, hosted on AWS infrastructure. Row Level Security is enabled on all tables — users can only read and write records they are authorized to access. Passwords are never stored; authentication is handled entirely by Supabase Auth.
6. Data Retention
- Schedule and employee data is retained for as long as you have an active account.
- Messages are retained indefinitely unless deleted by an administrator.
- Push subscriptions are removed automatically when a device unsubscribes or the subscription becomes stale.
- On account deletion, your data is removed in accordance with Supabase's cascade delete policies.
7. Your Rights
Depending on where you are located, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate information
- Request deletion of your account and associated data
- Object to or restrict certain types of processing
To exercise any of these rights, contact your account administrator or reach out via the contact information below.
8. Cookies and Local Storage
ShiftView uses browser storage (cookies and localStorage) only to maintain your authentication session. No third-party tracking cookies are used.
9. Third-Party Services
| Supabase | Database, authentication, and real-time |
| Vercel | Hosting and edge delivery |
| Web Push (browser API) | Push notifications, handled by your browser/OS vendor |
10. Children's Privacy
ShiftView is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from minors.
11. Changes to This Policy
We may update this policy from time to time. When we do, the “Last updated” date at the top of this page will change. Continued use of the service after changes are posted constitutes acceptance of the updated policy.
12. Contact
If you have questions about this privacy policy or how your data is handled, please contact the administrator of your ShiftView account.