Privacy Policy for Shiftly

Last Updated: December 14, 2025

Introduction

Shiftly ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application.

Information We Collect

Personal Information

When you register for an account, we collect:

• Email address
• Full name
• Phone number (optional)
• Israeli ID number (optional, for payroll purposes)
• Date of birth (optional)

Work Data

The app stores:

• Workplace information (names, addresses, contact details)
• Shift schedules and attendance records
• Clock-in/clock-out timestamps
• Payroll settings and salary calculations
• Work hours and break durations

Automatically Collected Information

• Device information (OS version, device type)
• App usage statistics
• Error logs for debugging purposes

How We Use Your Information

We use your information to:

• Provide shift management and tracking services
• Calculate salary and payroll deductions
• Generate reports and export data
• Sync data across your devices
• Improve app functionality and user experience
• Provide customer support

Data Storage and Security

Storage

• All data is stored securely in Supabase (PostgreSQL database)
• Guest mode data is stored locally on your device using encrypted storage
• Passwords are hashed and never stored in plain text

Security Measures

• All data transmission is encrypted using SSL/TLS
• Row Level Security (RLS) policies ensure users can only access their own data
• Regular security audits and updates
• Secure authentication using Supabase Auth

Advertising

We use Google AdMob to display advertisements in the app.

Ad Data Collection

Google AdMob may collect and use:

• Device advertising ID
• IP address
• Device type and OS version
• App usage data
• Location data (if permitted)

Ad Personalization

• Ads may be personalized based on your interests
• You can opt out of personalized ads in your device settings:
  • Android: Settings → Google → Ads → Opt out of Ads Personalization
  • iOS: Settings → Privacy → Advertising → Limit Ad Tracking

Third-Party Ad Partners

Google AdMob may share data with third-party advertising partners. For more information:

• Google AdMob Privacy Policy
• Google Ads Settings

Data Sharing

Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your account and all associated data
• Export your data in CSV format
• Opt-out of data collection (by using guest mode)

Account Deletion

To delete your account:

1. Go to Settings → Profile
2. Scroll to bottom and tap "Delete Account"
3. Confirm deletion
4. All your data will be permanently deleted within 30 days

Data Retention

• Active accounts: Data is retained as long as your account is active
• Deleted accounts: Data is permanently deleted within 30 days
• Guest mode: Data is stored locally on your device and can be cleared anytime

Children's Privacy

Shiftly is not intended for users under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information.

Third-Party Services

Our app uses the following third-party services:

• Supabase: Database and authentication (https://supabase.com/privacy)
• Expo: App development framework (https://expo.dev/privacy)

These services have their own privacy policies. We encourage you to read them.

International Data Transfers

Your data may be transferred to and stored on servers located outside your country of residence. By using Shiftly, you consent to this transfer.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy in the app
• Updating the "Last Updated" date
• Sending you an email notification (if applicable)

Israeli Privacy Law Compliance

For users in Israel, we comply with the Protection of Privacy Law, 5741-1981. You have additional rights under Israeli law, including:

• Right to access your personal information
• Right to correction of inaccurate information
• Right to deletion of information
• Right to object to processing

Contact Us

Data Breach Notification

In the event of a data breach that may affect your personal information, we will:

• Notify affected users within 72 hours of becoming aware of the breach
• Notify relevant data protection authorities as required by law
• Take immediate steps to contain and remediate the breach
• Provide information about the nature of the breach and steps you can take to protect yourself

GDPR Compliance (EU Users)

If you are located in the European Union, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to Access: You can request a copy of all personal data we hold about you
• Right to Rectification: You can request correction of inaccurate data
• Right to Erasure: You can request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: You can request limitation of how we process your data
• Right to Data Portability: You can request your data in a machine-readable format
• Right to Object: You can object to processing of your personal data
• Right to Withdraw Consent: You can withdraw consent at any time

To exercise these rights, contact us at Shiftlyapp1@gmail.com. We will respond within 30 days.

Consent

By using Shiftly, you consent to this Privacy Policy and agree to its terms.

Note: This privacy policy is provided in English. For Hebrew speakers, please see the Hebrew section below.