Privacy Policy

Last updated: February 14, 2026

ShiftSummary ("we," "us," or "our") operates the shiftsummary.io website and the ShiftSummary platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password. If you are invited to a team, we also collect your role and team affiliation.

Shift Summary Content

We store the content you and your team create within the Service, including shift summaries, daily briefings, follow-ups, maintenance logs, safety incidents, and any custom section data. This content belongs to your organization.

Billing Information

Payment processing is handled by Stripe. We do not store your full credit card number on our servers. Stripe may collect and store your payment information in accordance with their privacy policy.

Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, browser type, device information, and IP address.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Send shift summary notifications and daily briefing emails via Resend
  • Process payments and manage subscriptions via Stripe
  • Respond to support requests and communicate with you
  • Monitor usage patterns to improve performance and reliability
  • Enforce our Terms of Service and protect against misuse

3. Data Storage & Security

Your data is stored on Supabase infrastructure with encryption at rest and in transit (TLS 1.2+). We implement row-level security policies so team members can only access data belonging to their own venues and organization.

While we use commercially reasonable safeguards, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

4. Data Sharing

We do not sell your personal information. We share data only with:

  • Service providers: Supabase (database & auth), Resend (email delivery), Stripe (payments), Vercel (hosting)
  • Your organization: Team members within your venue can see shift summaries and related content as determined by your account administrator
  • Legal requirements: When required by law, subpoena, or to protect our rights

5. Data Retention

We retain your account and shift summary data for as long as your account is active. If you delete your account or your organization cancels its subscription, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., billing records).

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to or restrict certain processing

To exercise any of these rights, contact us at privacy@shiftsummary.io.

7. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

9. Contact Us

If you have questions about this Privacy Policy, contact us at privacy@shiftsummary.io.