Privacy Policy

Effective date: November 5, 2024

This Privacy Policy applies to shiftkeeper.io and its subdomains (the "Website"), as well as related applications and other services provided by us (collectively, the "Service"), operated by Saadi Myftija ("Saadi Myftija", "we", "us", "our") as a sole proprietor.

This Privacy Policy describes how we treat the Personal Data we gather when you access or use our Service. It also describes your choices regarding use, access, correction, and deletion of your Personal Data. "Personal Data" refers to any information that identifies or relates to a particular individual and also includes information referred to as "personally identifiable information" or "personal information" under applicable data privacy laws, rules or regulations. This Privacy Policy does not cover the practices of companies we don't own or control or people we don't manage.

By using or accessing our Website or Service, you acknowledge that you have read this Privacy Policy. Where we rely on consent to process Personal Data, we will request it separately where required by law.

Your use of our Service is also subject to our Terms of Service. Where we process Personal Data on behalf of a customer, our Data Processing Agreement also applies.

We do our best to use your personal data in a fair and transparent manner, and we care about your understanding of how your personal data will be used.

In short:

  • We do not sell your personal information or any data you enter into our Service.
  • When you integrate your Communications Platform workspace, such as Slack, we access only the data needed to provide the Service's functionality.
  • Our Website uses only strictly necessary cookies for the core functionality of our Service.
  • From time to time, we may send you service-related communications, including updates, notifications, and important announcements about the Service.
  • We use Cloudflare Web Analytics to understand general Website usage without cookies or cross-site tracking.
  • Paddle acts as merchant of record and handles payments and subscriptions.
  • We use Sentry for reporting errors that might occur while you are using our Service.
  • We use third-party providers, including Google Cloud Platform, to process and store data needed to provide the Service.

1. Personal Data we Collect and Process

We collect both information you knowingly and actively provide us when using our Service, and any information automatically sent by your devices in the course of accessing our products and services.

We collect and use Personal Data only where we have a lawful basis and only to the extent reasonably necessary for the purposes described in this Privacy Policy.

We do not sell your personal information or any data you enter into our Services in any way.

1.1. Data Collected upon Registration When you link your Communications Platform workspace to Shiftkeeper, we collect some profile data in accordance with the permissions you consented to and the applicable terms of service of the specific Communications Platform. For example, in the case of Slack we collect: first name, last name, Slack display name, Slack ID, email, time zone and avatar URL.

1.2. Payment Data Paddle acts as our merchant of record and handles payments and subscriptions. Paddle provides us with transaction and subscription information such as your billing email and address, payment method type, card type and last four digits, subscription status, and invoice details. We do not receive your full payment card number or security code.

1.3. Information Collected Automatically When you visit our website, our servers automatically log standard data provided by your web browser. This may include your device's Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details about your visit.

Additionally, if you encounter certain errors while using the site, we may automatically collect data about the error and the circumstances surrounding its occurrence. This data may include technical details about your device, what you were trying to do when the error occurred, and other technical information related to the problem. You may or may not receive notice of such errors, even in the moment they occur, or what the nature of the error is.

Please be aware that while this information may not be personally identifying by itself, it may be possible to combine it with other data to personally identify individual persons.

1.4. How We Use your Personal Data We collect and process your personal information to:

  • Deliver and improve our Service and its features
  • Set up and maintain your account
  • Provide technical support and respond to your inquiries
  • Ensure proper functionality and performance of the Service

We may use your contact information to send you service-related communications, including updates, notifications about your use of our Service, and important announcements about the Service. These communications are not promotional in nature. If you decide at any time that you no longer wish to receive such information or communications from us, follow the unsubscribe link provided in any of the communications. You may also opt out from receiving such communications from us by sending your request to us by email at [email protected].

2. Data Security and Retention

We seek to protect your Personal Data from unauthorized access, use and disclosure using appropriate physical, technical, organizational and administrative security measures based on the type of Personal Data and how we are processing that data. You should also help protect your data by appropriately selecting and protecting your password and/or other sign-on mechanism; limiting access to your computer or device and browser; and signing off after you have finished accessing your account. Although we work to protect the security of your account and other data that we hold in our records, please be aware that no method of transmitting data over the internet or storing data is completely secure.

We retain Personal Data about you for as long as you have an open account with us or as otherwise necessary to provide you with our Services. In some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. We may further retain information in an anonymous or aggregated form where that information would not identify you personally.

2.1. Links to other websites Our Website may contain links to websites operated by third parties. We are not responsible for information on these websites or for the services or products that they offer. Your use of these websites, including the provision of personal data, is at your own risk. Therefore, we recommend that you review the privacy policies (and, if applicable, other terms) of these websites before you use them for the first time.

3. Third-party Providers and Subprocessors

We use third-party providers to operate the Website, provide the Service, communicate with you, and administer payments. Some providers act as our Subprocessors when processing Personal Data on our behalf; others process Personal Data under their own terms for their own purposes. We limit the data shared to what is reasonably necessary for each provider's function.

Cloudflare We use Cloudflare Pages to host and secure our public Website and Cloudflare Web Analytics to understand general usage patterns. Cloudflare may process IP addresses and technical request metadata. Web Analytics does not use cookies or track visitors across sites. Privacy Policy of Cloudflare

Google Cloud Platform We use Google Cloud Platform to host our application services, database, backups, networking, task processing, secrets, and infrastructure logs. Data processed may include account and workspace profile data, user and organization identifiers, team and channel data, schedules and on-call information, coverage requests, configuration data, IP addresses, and technical logs. Core application services and the primary database are hosted in Belgium (europe-west1), with production database backups in Frankfurt, Germany (europe-west3). Privacy Policy of Google Cloud Platform

Sentry We use Sentry for error reporting, diagnostics, and application performance monitoring. Sentry may process user and organization identifiers, IP addresses, request and device metadata, error context, and technical logs. Our Sentry data region is located in Germany. Privacy Policy of Sentry

Fastmail We use Fastmail as our email provider. Emails you send to us pass through Fastmail. Fastmail may process your name, email address, message content, email headers, and technical delivery metadata. Privacy Policy of Fastmail

Paddle Paddle acts as our merchant of record and handles payments, tax, invoicing, and subscription administration. Paddle processes your name, billing email and address, payment details, and transaction information under its own privacy policy. We receive limited billing and payment method metadata but do not receive your full payment card number or security code. Privacy Policy of Paddle

Slack and other Customer-selected integrations When you connect an integration, Personal Data is transferred between Shiftkeeper and that provider at your direction. The provider processes that data under its agreement and privacy policy with you or your organization.

4. Personal Data of Children

We do not knowingly collect or solicit Personal Information from anyone under the age of 13. If you are under 13, please do not attempt to register for the Service or send any personal information about yourself to us. If we learn that we have collected Personal Information from a child under age 13, we will delete that information as quickly as possible. If you believe that a child under 13 may have provided us Personal Information, please contact us at [email protected].

5. Your Rights and Options

You always retain the right to withhold personal information from us, with the understanding that your experience of our website may be affected. We will not discriminate against you for exercising any of your rights over your personal information. If you do provide us with personal information you understand that we will collect, hold, use and disclose it in accordance with this privacy policy. You retain the right to request details of any personal information we hold about you.

If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person's consent to provide the personal information to us.

If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time. We will provide you with the ability to unsubscribe from our email-database or opt out of communications. Please be aware we may need to request specific information from you to help us confirm your identity.

If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us using the details provided in this privacy policy. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading, or out of date.

If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with sufficient details to understand the issue. We will review and respond to complaints as required by Applicable Data Protection Law. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.

Your rights

  • Withdraw your consent at any time You have the right to withdraw consent where you have previously given consent to the processing of your Personal Data.
  • Object to processing of your Personal Data You have the right to object to processing where permitted by Applicable Data Protection Law.
  • Access your Personal Data You have the right to learn whether we process your Personal Data and to obtain a copy of that data.
  • Verify and seek rectification You have the right to verify the accuracy of your Personal Data and ask for it to be updated or corrected.
  • Restrict the processing of your Personal Data You have the right, in certain circumstances, to restrict the processing of your Personal Data.
  • Have your Personal Data deleted or otherwise removed You have the right, in certain circumstances, to obtain the erasure of your Personal Data.
  • Receive your Personal Data and have it transferred to another controller Where the legal requirements are met, you have the right to receive Personal Data you provided in a structured, commonly used, and machine-readable format and to have it transmitted to another controller where technically feasible.
  • Lodge a complaint You have the right to lodge a complaint with your competent data protection authority.

5.1. How to exercise these rights To exercise your rights, such as requesting or deleting your data, please contact us through the contact details provided below. We will respond within the period required by Applicable Data Protection Law. That period may be extended where permitted, including for complex or numerous requests. We may charge a reasonable fee or decline to act on manifestly unfounded or excessive requests where permitted by law, and we may request information reasonably necessary to verify your identity and authority.

6. Amendments to the Privacy Policy

We may update this Privacy Policy to reflect changes in law, our practices, or the Service. The current version will be available on the Website. Where required by law, we will provide additional notice using a method we consider appropriate to the circumstances. Updated versions apply from the date stated in the policy.

7. Contact

If you have any questions or concerns about our Privacy Policy, please contact us via email: [email protected].