Privacy Policy

This Privacy Policy explains how BetterShift collects and uses personal data when you visit the website, create an account, join a workspace, use the product, contact support, or interact with our billing and communication providers.

When an organization uses BetterShift to manage its workers, the organization usually acts as the data controller for workforce data entered into the workspace. BetterShift acts as a service provider or processor for that workforce data, except where we use data for our own account, security, billing, product, legal, or support purposes.

• Account data, including name, email address, password hash, locale, authentication session information, role, and workspace membership.
• Organization data, including company name, company type, country, timezone, locations, departments, roles, settings, and invite information.
• Workforce profile data, including worker names, emails, phone numbers, contract type, tags, assigned locations, departments, roles, notes, hourly cost fields, and membership status.
• Scheduling and work data, including availability, shifts, leave and sickness requests, substitution requests, time entries, time corrections, payroll export inputs, approval decisions, notifications, and audit logs.
• Uploaded document metadata and files, including document name, category, size, content type, storage path, uploader, and file URL when the document upload feature is used.
• Billing data, including selected plan, worker count, organization identifier, checkout status, and payment information handled by Stripe. We do not store full card numbers.
• Support and communication data, including support request messages, invite emails, transactional email delivery information, and replies sent to BetterShift support.
• Technical data, including IP-derived country or request headers where available, device and browser information, timestamps, logs, security events, and cookies or similar local storage used for sessions, preferences, security, and product operation.

We collect data directly from users, workspace owners and admins, invited workers, product forms, uploaded files, authentication flows, customer support messages, billing flows, and technical logs created when the service is used.

Admins may enter worker data before a worker creates an account, for example to prepare schedules, invite workers, or manage payroll handoff.

• To provide, maintain, secure, and troubleshoot BetterShift.
• To create accounts, authenticate users, manage workspaces, invite workers, and enforce permissions.
• To plan shifts, collect availability, manage leave, approve substitutions, track worked time, create payroll exports, and keep audit records.
• To send transactional emails, notifications, invite links, support replies, and service messages.
• To process subscriptions and checkout through Stripe.
• To detect misuse, protect accounts, prevent fraud, and comply with legal obligations.
• To understand product performance, improve the service, and develop new features.

Where the GDPR, UK GDPR, or similar laws apply, we rely on the following legal bases: performance of a contract, legitimate interests, compliance with legal obligations, consent where required, and instructions from the customer organization when we process workforce data as a processor.

Our legitimate interests include securing the service, providing customer support, improving product reliability, managing business operations, and preventing abuse.

We do not sell personal data. We do not use workforce data entered by customers to target third-party advertising.

• Within a workspace, data is shared with owners, admins, managers, and workers according to their roles and the product permissions.
• With service providers that host, store, secure, email, bill, monitor, or support BetterShift, including providers such as MongoDB, Vercel or Vercel Blob, Resend, Stripe, and authentication infrastructure.
• With professional advisers, authorities, courts, or regulators where required to comply with law, enforce rights, or protect BetterShift, customers, users, and others.
• With a successor organization if BetterShift is involved in a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate protections.

BetterShift and its service providers may process data in countries other than the country where a user or organization is located. Where required, we use appropriate safeguards such as standard contractual clauses, data processing agreements, and vendor security commitments.

BetterShift uses cookies and similar technologies that are necessary for authentication, session management, security, routing, and product operation. We also use a locale preference cookie so the interface can remember the selected language.

Browser settings may allow cookies to be blocked or deleted, but some required service features may stop working if necessary cookies are disabled.

We keep personal data for as long as needed to provide the service, maintain account and workspace records, comply with legal obligations, resolve disputes, enforce agreements, maintain security logs, and support backups.

Customer organizations control many workspace records. Deleting a user account or workspace may not immediately delete records that the organization must retain for payroll, labor, tax, audit, or legal reasons.

We use administrative, technical, and organizational measures designed to protect personal data, including password hashing, role-based access, audit records, managed infrastructure, and restricted access to production systems.

No online service can guarantee absolute security. Users are responsible for using strong passwords, protecting account credentials, and limiting workspace access to appropriate people.

Depending on your location, you may have rights to access, correct, delete, restrict, object to, or receive a copy of your personal data. You may also have the right to withdraw consent and complain to a data protection authority.

To exercise rights, contact support@bettershift.app. If your request concerns workforce data controlled by your employer or organization, we may direct the request to that organization or respond under its instructions.

BetterShift may provide scheduling suggestions, eligibility checks, conflict warnings, coverage indicators, and payroll summaries based on workspace data. These features are intended to assist human users. BetterShift does not make employment decisions that have legal or similarly significant effects without human involvement.

BetterShift is intended for business use and is not directed to children. Users must be old enough to use the service under applicable law and any workplace requirements set by their organization.

We may update this Privacy Policy from time to time. If changes are material, we will take reasonable steps to notify users or customer organizations through the product, by email, or by another appropriate method.

For privacy questions, data requests, or security concerns, contact BetterShift at support@bettershift.app.