🔒 Privacy Policy

Privacy Policy

WorkShift LLC · Effective Date: May 6, 2026 · Last Updated: May 6, 2026

1. Introduction
WorkShift LLC ("WorkShift," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, web platform, and related services (collectively, the "Service").

By using WorkShift, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use the Service.
2. Information We Collect
2.1 Information You Provide Directly
  • Full name, email address, and phone number
  • Business name, address, and contact information
  • Employee roster information including names, roles, and contact details
  • Payment and billing information (processed securely through third-party payment processors — we do not store full credit card numbers)
  • Profile photos uploaded by users
  • Messages sent through the in-app chat feature
  • Time-off requests, shift swap requests, and other communications submitted through the Service
  • Any other information you voluntarily provide
2.2 Information Collected Automatically
  • Device information including device type, operating system, and unique device identifiers
  • IP address and general geographic location
  • App usage data including features accessed, screens viewed, and actions taken
  • Log data including access times, error reports, and performance data
  • Push notification tokens for delivering notifications to your device
2.3 Location Information
With your explicit permission, we collect:
  • Precise GPS location at the time of clock-in and clock-out
  • Background location data when enabled, used exclusively for geofence-based features including safety monitoring, smart clock-in suggestions, estimated arrival times, and safe departure confirmation
  • Location coordinates are stored only as part of attendance records and are not shared with third parties for advertising or marketing
3. How We Use Your Information
We use the information we collect to:
  • Provide, operate, and maintain the Service
  • Create and manage your account
  • Process payments and manage subscriptions
  • Send shift reminders, schedule notifications, and operational alerts via push notifications
  • Enable geofence-based attendance verification and employee safety features
  • Generate attendance reports and payroll data for business administrators
  • Respond to your support requests and communications
  • Detect, prevent, and address technical issues and security incidents
  • Comply with legal obligations
  • Improve and develop new features for the Service
We do not use your personal information for targeted advertising. We do not sell your personal information to third parties.
📍
4. Location Data — Detailed Disclosure
We take location privacy seriously

Location data is collected only when you have granted location permissions through your device settings. You may revoke permissions at any time, though this will disable location-based features.

Foreground Location: Used at the moment of clock-in and clock-out to verify the employee is within the designated workplace area.
Background Location — Safety Monitoring: Detects if an employee unexpectedly leaves the work area during a shift and sends a welfare check.
Background Location — Smart Clock-In: Notifies the employee when they arrive at the workplace so they can clock in with one tap.
Background Location — ETA to Shift: Calculates estimated arrival time up to 75 minutes before a shift begins.
Background Location — Safe Departure: Confirms employees have safely left the premises after a closing shift.
Employee Consent: Employees must explicitly opt in to location services. Employees may disable permissions at any time through their device settings.
🔒 Background location is never used for continuous employee surveillance. Location data is processed only when triggered by geofence entry/exit events. Location data associated with attendance records is retained for a maximum of 12 months.
5. How We Share Your Information
We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following limited circumstances:
5.1 Service Providers
Railway (hosting), Supabase (database), Expo / Apple Push Notification Service (notifications), and payment processors. All are contractually obligated to protect your information.
5.2 Business Administrators
If you are an employee, your attendance records, schedule, and location-based clock-in/out data are visible to your employer's administrators. This is an inherent and disclosed feature of the Service.
5.3 Legal Requirements
We may disclose your information if required by law, court order, or to protect the rights, property, or safety of WorkShift, our users, or the public.
5.4 Business Transfers
In the event of a merger or acquisition, your information may be transferred. We will notify you before your data becomes subject to a different privacy policy.
6. Data Security
We implement industry-standard security measures including:
  • Encryption of data in transit using TLS/SSL
  • Secure authentication with JSON Web Tokens (JWT)
  • Row Level Security (RLS) on all database tables
  • bcrypt password hashing
  • Access controls limiting employee access to user data
No method of transmission over the internet is 100% secure. In the event of a data breach, we will notify affected users within 72 hours of becoming aware.
7. Data Retention
  • Account information — retained until you delete your account
  • Attendance and payroll records — 12 months after the record is created
  • Chat messages — 6 months
  • Location data — 12 months
  • Payment records — 7 years as required by tax regulations
  • After account termination — data deleted or anonymized within 30 days, except where retention is required by law
8. Your Rights and Choices
  • Access — Request a copy of the personal information we hold about you.
  • Correction — Request correction of inaccurate or incomplete information.
  • Deletion — Request deletion of your personal information, subject to legal exceptions.
  • Portability — Request your data in a structured, machine-readable format.
  • Notifications — Disable push notifications at any time through your device settings.
  • Location — Revoke location permissions at any time through your device settings.
  • Account Deletion — Contact support@workshiftapps.com. Data will be removed within 30 days.
To exercise any of these rights, contact privacy@workshiftapps.com. We will respond within 30 days.
9. Children's Privacy
WorkShift is not directed at individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If you believe we have collected information from a minor, contact us at privacy@workshiftapps.com and we will delete it immediately.
10. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the CCPA:
  • The right to know what personal information we collect, use, disclose, and sell
  • The right to delete personal information we have collected
  • The right to opt out of the sale of personal information — WorkShift does not sell personal information
  • The right to non-discrimination for exercising your privacy rights
To exercise your California privacy rights, contact privacy@workshiftapps.com.
11. International Users — Latin America
WorkShift serves users in Puerto Rico and Latin America. If you are located outside the United States, your information may be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer.

For users in countries with specific data protection laws, including Brazil (LGPD) and Mexico (LFPDPPP), we are committed to complying with applicable local requirements. Contact privacy@workshiftapps.com for jurisdiction-specific inquiries.
12. Push Notifications
WorkShift uses push notifications to deliver shift reminders, schedule updates, task assignments, request approvals, and safety alerts. You may disable push notifications at any time through your device settings. Disabling notifications will not affect your ability to use core features but may cause you to miss important operational alerts.
13. Cookies and Tracking
The WorkShift web platform may use cookies to maintain your session, remember your preferences, and analyze usage patterns. You may control cookie settings through your browser. We do not use cookies for advertising or tracking across third-party websites.
14. Third-Party Links
The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies.
15. Changes to This Policy
We may update this Privacy Policy at any time. We will notify you of material changes by updating the "Last Updated" date and, for significant changes, by email or in-app notification at least 15 days before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.
16. Contact Us
WorkShift LLC · Puerto Rico, United States
Email: privacy@workshiftapps.com
Support: support@workshiftapps.com
Website: workshiftapps.com

For urgent privacy concerns, include "PRIVACY URGENT" in the subject line.

© 2026 WorkShift LLC · Puerto Rico · All Rights Reserved