Shifty Privacy Policy
Effective Date: March 29, 2025
At Shifty, we value your privacy and are committed to protecting your personal information. This Privacy Policy explains what information we collect through our mobile and web app, how we use and share it, and the choices you have. This policy applies to all users of Shifty, including both restaurants (business clients) and contractors (workers). Please read this policy carefully to understand our practices regarding your information.
1. Information We Collect
We collect personal information from you when you use the Shifty platform. This includes information you provide directly and information collected automatically:
• Information from Restaurants (Business Clients): When restaurants sign up or use Shifty, we collect details such as the restaurant/business name, the name and contact information of the authorized representative (first and last name, email address, phone number), and business address (physical/mailing address). We may also collect any other information you choose to provide on your profile or during communications with us (for example, details about shifts posted or preferences).
• Information from Contractors (Workers): When contractors create a profile or apply for shifts, we collect personal details including your first and last name, email address, phone number, and physical/mailing address. Contractors may also provide a profile picture, work qualifications or experience, and other details to help restaurants know more about you. In addition, contractors provide certain sensitive information for payment and verification purposes:
• Identity Verification: We may request the last four digits of your Social Security Number (SSN) to confirm your identity and for tax or compliance purposes. Note: We do not collect or store your full SSN – only the last four digits are used for verification.
• Payment Information: To enable payments for completed shifts, contractors will link their bank account. Shifty uses Stripe’s Financial Connections tool to collect and manage your financial information securely. This means you may provide your bank account number, routing number, and associated banking or financial institution information through a Stripe interface. We do not see or store your full bank account and routing details on Shifty’s servers – this sensitive financial data is transmitted directly to Stripe through an encrypted connection.
• Information from Stripe (Payment Processing): If you are a contractor receiving payments (or a restaurant making payments, if applicable), Stripe may collect additional information as required by financial regulations – for example, Stripe might require further identity information (such as full SSN or date of birth) if you hit certain payment thresholds. Any such information is collected by Stripe on our behalf. Shifty itself does not store full financial account numbers or full SSNs in our database; we rely on Stripe to handle that information securely.
• Information Collected Automatically: Like many online services, Shifty and our third-party service providers (such as Firebase and analytics providers) automatically collect some technical data when you use our app or website. This may include:
• Device and software information (e.g. your device type, operating system, browser type, app version).
• IP address and general location information (e.g. city or state, derived from the IP).
• Usage data and analytics: details about how you use our platform, such as pages or screens you view, features you use, dates and times of access, and referral information (how you reached our service).
• Cookies and similar technologies on our web app to remember your preferences, keep you logged in, and analyze site usage. (You can adjust browser settings to refuse cookies, but some features of Shifty might not function properly without them.)
We collect only the information needed to provide our services and improve them. You can always choose not to provide certain information, but it may limit your ability to use some of Shifty’s features (for example, contractors cannot receive payments without providing banking info).
2. How We Use Your Information
Shifty uses the collected information to operate, provide, improve, and secure our services. The main purposes for which we use your information include:
• Providing the Shifty Service: We use your information to create and manage your account, authenticate you when you log in, and enable you to use our platform features. For example, restaurants’ information is used to post shifts and review worker profiles, and contractors’ information is used to match you with available shifts and show your profile to potential restaurant clients.
• Connecting Restaurants and Workers: Your information allows Shifty to connect the right people. If you are a contractor, we use your profile information (like name, experience, and ratings if applicable) to display to restaurants seeking workers for shifts. If you are a restaurant, we use your provided details (like restaurant name and location of the shift) to inform potential workers about the opportunity. Once a restaurant selects a worker for a shift, we share the necessary contact information between the restaurant and the worker so they can coordinate (e.g. confirming shift details, where to report, whom to contact on arrival).
• Payment Processing and Compensation: We use Stripe to handle all payments. Contractors’ bank information (collected via Stripe) is used to deposit earnings for completed shifts, and restaurants’ payment information (if a restaurant pays through our platform) is used to process payments to workers or to pay any platform fees. Shifty facilitates these transactions by securely transmitting payment instructions to Stripe. We also use your information to generate payment records, receipts, or invoices and, where applicable, to assist with tax documentation (for example, preparing 1099 forms for contractors, which may require the last four digits of SSN and other identifying information).
• Communication: We use contact information (email address, phone number) to communicate with you about your account and our services. This includes:
• Service and Transactional Messages: We will send confirmations when you sign up, notifications about shift requests or approvals, updates on shift status, and important information about payments. For instance, contractors might receive notifications when a restaurant offers them a shift, and restaurants will be notified when a contractor accepts or completes a shift.
• Administrative and Security Alerts: We might contact you about important changes – for example, changes to our terms or this privacy policy, security alerts like suspicious login attempts, or notices about maintenance to our app.
• Marketing and Promotional Communication: We may occasionally send newsletters, offers, or other marketing communications to inform you about new features, promotions, or services that might interest you. You have the choice to opt out of these marketing communications at any time (see Your Rights and Choices below). We will not spam you, and we’ll only send what we believe is relevant or helpful.
• Improving and Analyzing Our Services: We use the information (including automatically collected usage data) to understand how our users interact with Shifty. This helps us troubleshoot issues, optimize user experience, and develop new features. For example, usage patterns might inform us which features are most popular or if the app is user-friendly, allowing us to make improvements. We also analyze data to monitor trends, such as the demand for certain shift times or roles, which helps us better tailor our services to user needs.
• Safety and Security: Your information is crucial for us to maintain a trusted platform. We may use personal data to verify identities (ensuring that contractors are who they claim to be and that businesses are legitimate). We also use data to detect and prevent fraud, abuse, or other harmful activities. For example, verifying the last four digits of a contractor’s SSN helps prevent identity theft or fake profiles. We may also use certain data to enforce our terms of service, to ensure contractors show up for shifts and restaurants pay on time, and to protect the rights and safety of our users and others.
• Legal Compliance and Obligations: We may use your information as necessary to comply with applicable laws and regulations. For instance, maintaining records of earnings for contractors (which may involve personal identifiers) to fulfill tax and accounting requirements, or using contact information to send required communications. If law enforcement or regulators require information and we are legally obligated, we may use and disclose information as needed (as described in How We Share Your Information below).
We will not use your personal information for purposes unrelated to the above without asking for your consent first. We also do not use any sensitive personal data (like SSN or bank details) for marketing or advertising purposes – those are strictly used for verification and payment.
3. How We Share Your Information
Shifty understands the importance of keeping your personal information private. We do not sell your personal information to third parties. However, we do share certain information with others in the following circumstances, in line with providing our services:
• Sharing Between Users (Restaurants and Contractors): Some information will be shared with other users by the nature of the service. If you are a contractor and apply for or accept a shift, the restaurant posting that shift will see certain details about you – typically your name, and potentially your public profile information such as work history or ratings, so they know who is coming to work. If you are selected for a shift, the restaurant may also receive your contact information (like phone number or email) to coordinate shift details (e.g., start time, meeting point, uniform requirements). Similarly, if you are a contractor looking at available shifts, you will see information about the restaurant or client (such as the restaurant’s name, location/address of the shift, and role or task details) so you can decide whether to accept the shift. We only share what is necessary for the job to be successfully filled and carried out.
• Service Providers and Partners: We share information with trusted third-party companies who perform services on our behalf to help us run Shifty. These service providers are contractually bound to protect your data and only use it for the specific tasks we request. Key service providers include:
• Stripe (Payment Processor): As mentioned, we use Stripe, Inc. to handle all payment-related functions. When you provide financial information for payments or payouts, that information goes directly to Stripe. Stripe processes payments between restaurants and contractors (and any fees to Shifty) and stores financial data securely. We may share with Stripe identifying information about you as needed for them to provide their services (for example, your name, email, and user ID to tie payments to your account). Stripe is a certified payment processor with high security standards, and your data is protected under Stripe’s Privacy Policy. (We encourage you to review Stripe’s privacy policy if you want more details on their data practices.)
• Firebase (Google Cloud Platform): Shifty uses Google’s Firebase platform for our application’s backend infrastructure. This means our database, authentication system, and servers are hosted on Firebase. Personal data you provide (like your profile information and communications through the app) is stored in Firebase’s secure cloud storage. Firebase acts as a processor of data for us, and Google’s security measures help safeguard your information. Firebase may also collect certain analytics and crash reports to help us keep the app running smoothly. Google’s privacy policy and Firebase’s terms govern how they handle any data on our behalf.
• Other Vendors: We might also use additional third-party services for functions such as email communication (for example, an email service to send out notifications or newsletters), customer support tools, or analytics (to better understand how users use Shifty). If we share any personal information with such providers, it will be only what is necessary for them to perform their services. For instance, if we use an email delivery service, we would provide your email address and name for the sole purpose of sending emails you opted to receive. All third-party providers are required to protect your data and cannot use it for their own unrelated purposes.
• Legal Compliance and Protection: We may disclose your information when required by law or when we believe that disclosure is necessary to protect our rights, protect your safety or the safety of others, or investigate fraud. This includes:
• Responding to lawful requests by public authorities, including to meet national security or law enforcement requirements. For example, if we receive a subpoena, court order, or a request from law enforcement investigating illegal activity, we might be compelled to provide relevant information.
• Using or disclosing information in connection with an investigation of fraud, harassment, or other violations of law or our Terms of Service. For instance, if a user is reported for engaging in misconduct or if there is a dispute involving misuse of payments, we may share data with law enforcement or relevant parties to resolve the issue.
• Protecting the rights, property, and safety of Shifty, our users, or the public. This could include sharing information with agencies or organizations for risk management or security purposes (such as detecting and preventing security incidents or other malicious activity).
• Business Transfers: If Shifty undergoes a business transaction such as a merger, acquisition by another company, restructuring, or sale of all or a portion of its assets, your personal information may be transferred as part of that deal. We would ensure the new owner continues to honor the privacy commitments we’ve made in this policy. We will notify you (for example, via email or a notice on our app/website) of any such change in ownership or control of your personal information, as well as any choices you may have regarding your information in that event.
In all cases where we share your information with third parties, we only share the minimum necessary data for the purpose at hand, and we ensure appropriate safeguards are in place. We do not share or disclose sensitive data like full Social Security Numbers or bank account login credentials to any unauthorized party – such sensitive details are handled solely by secure third-party providers (like Stripe) as described.
4. Data Security and Storage
We take the security of your personal information seriously. Shifty implements a variety of technical and organizational measures to protect your data from unauthorized access, loss, or misuse:
• Encryption: All communication between your device and our servers (and with third-party services like Stripe) is encrypted using industry-standard encryption protocols (SSL/TLS). This means that when you enter sensitive information (such as banking details via Stripe’s interface), the data is securely transmitted in an encrypted form. Stripe also encrypts any financial information it stores. In short, we strive to ensure that data in transit and at rest is protected.
• Secure Storage: Personal data that you provide to Shifty (other than the financial info handled by Stripe) is stored in secure cloud databases via Firebase/Google Cloud. Firebase provides security features like data encryption at rest and strict access controls. We restrict access to personal data within our organization – only authorized Shifty staff or contractors who need the information to perform their duties (for example, customer support or technical staff) have access, and they are bound by confidentiality obligations.
• No Storage of Full Financial Data: As noted, Shifty does not store full bank account numbers, full Social Security Numbers, or other highly sensitive financial information on our own systems. That information is collected and stored by Stripe, which specializes in secure financial data handling. Shifty may store tokens or identifiers provided by Stripe (for example, a Stripe customer ID or a bank account token) which allow us to reference your payment information in transactions without actually handling the sensitive details ourselves.
• Payment Security Compliance: Stripe is PCI-DSS compliant (Payment Card Industry Data Security Standard) and follows strict security protocols. By using Stripe for payments, we ensure that payment information is processed under high security standards. We trust Stripe to manage and safeguard your financial data.
• Monitoring and Testing: We regularly monitor our systems for vulnerabilities and attacks. We keep our software and security protocols up to date. In addition, we may use Firebase’s security features to detect unusual activity, and we employ firewalls and other standard security measures to protect our infrastructure.
• Data Retention: We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. For example, we may keep transaction records and related personal data for a certain number of years to comply with tax, accounting, or regulatory requirements. If you request deletion of your data (see Your Rights and Choices below), we will delete or anonymize your information, unless we are required to keep it for legal reasons. Even if we delete data from active databases, it might remain in backup archives for a period of time until those are purged, but we have processes to eventually purge or anonymize backups as well.
• Breach Notification: While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. In the unlikely event of a data breach that affects your personal information, we will notify you and the appropriate authorities as required by law, and we will take immediate steps to mitigate the impact and prevent further unauthorized access.
By using Shifty, you understand that we work hard to protect your information, but we cannot guarantee absolute security. You can help by keeping your account credentials (username and password) secure and notifying us immediately if you suspect any unauthorized access to your account.
5. Your Rights and Choices
You have control over your personal information. Shifty believes in transparency and giving users choices about their data. Depending on applicable laws and our policies, your rights include:
• Access and Correction: You have the right to access the personal information we hold about you. This means you can request a copy of the data you provided to us or that we have collected about you. You also have the right to request correction of any inaccuracies in your personal information. How to do this: If you have a Shifty account, you can review and update some information directly by logging in and editing your profile (for example, you can change your contact details or update your profile info). For any information not editable through the app, or to request a comprehensive data report, you can contact us at the email provided in the Contact section. We will provide you with the data or make corrections as required by law (after verifying your identity for security).
• Deletion of Data (“Right to be Forgotten”): You can request that we delete your personal information and/or your Shifty account. We understand that you might want to discontinue using our service and have your data removed. How to request deletion: You may be able to delete certain information via your account settings (for example, removing optional profile info). To delete your entire account and associated data, please contact us at our privacy contact email. Upon verification of your identity and request, we will delete or anonymize your personal information from our active databases. Keep in mind, we may need to retain certain information for a limited time for legal or operational reasons – for instance, records of payments or transactions may be kept to comply with financial regulations, and information in backups will be erased in the normal course of our backup cycle. We will inform you if any data must be retained and why. Once your account is deleted, you will no longer be able to log in or use Shifty without creating a new account.
• Opt-Out of Marketing Communications: If you prefer not to receive promotional or marketing emails from us, you have the right to opt out. How to opt out: Simply click the “unsubscribe” link in any marketing email we send, or adjust your email preferences in your account settings if that feature is available. You can also contact us to request removal from our marketing list. Please note that even if you opt out of marketing messages, we may still send you essential transactional or service-related communications (such as shift confirmations, payment receipts, or policy updates) that are necessary for the functioning of the service.
• Opt-Out of Notifications: For mobile app users, you can control push notifications through your device settings. If you no longer want to receive push notifications about new shifts or updates, you can disable these in your phone’s notification settings for the Shifty app. (However, this might mean you miss important alerts about shifts or payments, so use this with caution.)
• Non-Discrimination: Shifty will never discriminate against you for exercising any of these privacy rights. This means if you choose to exercise your rights (such as requesting deletion or opting out of marketing), we will not deny you services, give you a lower quality of service, or charge different prices simply because you exercised your privacy rights. We treat all users equally, regardless of their privacy choices.
If you would like to exercise any of your rights or have questions about your rights, please contact us (see Contact Us at the end of this policy). We will respond to your request as soon as reasonably possible, and at most within any timeframes required by law.
6. California Privacy Rights (CCPA)
If you are a resident of California, you are protected by additional rights under the California Consumer Privacy Act (CCPA) (as amended by the California Privacy Rights Act, “CPRA”). In compliance with CCPA, California residents should note:
• Categories of Personal Information Collected: In the preceding 12 months, we have collected the categories of personal information described in this policy – for example, identifiers (like name, email, address), personal information related to employment (for contractors, such as work qualifications), financial information (bank account details for payments), and internet or other electronic network activity information (usage data as you use the app). This information is collected for the business purposes outlined in How We Use Your Information (such as providing the service, processing payments, and security).
• Right to Know: You have the right to request that we disclose to you the specific pieces of personal information we have collected about you, as well as details about our information practices, such as the categories of information collected, the sources of that information, the business purposes for collection, and the categories of third parties with whom we share information. (Much of this is described in this Privacy Policy, but you can also request an individualized report.)
• Right to Delete: You have the right to request deletion of your personal information that we collected from you and retained, subject to certain exceptions (for example, if the information is needed to complete a transaction, detect security incidents, comply with legal obligations, etc.). This right is essentially the same as the deletion right described in Your Rights and Choices above. California law just specifies certain allowable reasons we might deny deletion (which we will communicate to you if applicable).
• Right to Correct: You have the right to request that we correct inaccurate personal information we hold about you. We already honor correction requests for all users as described above.
• Right to Opt-Out of Sale/Sharing: CCPA gives you the right to opt out of the “sale” of personal information. Shifty does not sell your personal information to third parties for monetary value. We also do not share your personal information for cross-context behavioral advertising (the CCPA’s definition of “sharing”). Because we don’t sell or share personal data in those ways, we do not offer a “Do Not Sell or Share My Info” link at this time. If this ever changes, we will update our practices and provide a clear way to opt out. rest assured, your data is used only for the purposes described in this policy.
• Shine the Light (California Civil Code \u00a7 1798.83): Separately from CCPA, California’s “Shine the Light” law allows users who are California residents to request certain information about our disclosure of personal information to third parties for their direct marketing purposes. Shifty does not disclose personal information to third parties for their own direct marketing purposes without your consent. Therefore, we believe we are in compliance, and you shouldn’t receive marketing from third parties due to using our service. If you have questions about this, you can contact us.
• No Discrimination: As stated, we will not discriminate against you for exercising any of your CCPA rights. California residents will receive the same quality of service and pricing whether or not they choose to exercise these rights.
Submitting CCPA Requests: If you are a California resident and wish to exercise your rights under CCPA, you (or an authorized agent acting on your behalf) can submit a request to us via the contact information below. Please indicate that you are making a “CCPA Request” and specify what you are requesting (access, deletion, etc.). We will need to verify your identity (or authorization) before fulfilling CCPA requests, which may involve asking you to provide additional information or confirm details we already have on file. We aim to respond to CCPA requests within 45 days as the law requires (or let you know if we need an extension).
7. Children’s Privacy
Shifty’s services are not directed to children under the age of 13, nor intended for anyone under 18 to work without appropriate authorization. We do not knowingly collect personal information from children under 13. Contractors must be adults (or legal working age) to use the platform, and restaurants’ representatives are assumed to be adults. If we become aware that we have inadvertently collected personal data from a child under 13, we will take steps to delete such information promptly. If you are a parent or guardian and believe a minor has provided us with personal information, please contact us so we can investigate and address the issue.
8. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will revise the Effective Date at the top of the policy. If the changes are significant, we will provide a more prominent notice – for example, we may notify you via the email address associated with your account or by placing a notice on our website or within the app. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.
Your continued use of Shifty after any updates to this policy become effective will constitute acceptance of those changes, to the extent permitted by law. If you do not agree with any changes to the Privacy Policy, you should stop using our services and, if you wish, contact us to request deletion of your data.
9. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please do not hesitate to contact us. We are here to help and will respond as promptly as we can.
Contact Information for Privacy Inquiries:
Email: support@gotshifty.com
Mail: Shifty Inc., Attn: Privacy Team, 47 Wood Ave # 2 Barrington, RI 02806-3503
You may also reach out to our support team through the Shifty app or website, or by phone at (123) 456-7890 (Mon-Fri, 9am-5pm EST), and request to speak about privacy or data issues.
Thank you for trusting Shifty with your information. We are dedicated to keeping that trust by maintaining the privacy and security of your data.