Legal

Privacy Policy

Last Updated: May 25, 2026

1. Introduction

Shiftly Technologies, Inc. ("Shiftly," "we," "our," or "us") provides a job-matching platform for workers and employers via mobile apps and our website (collectively, the "Service").

This Privacy Policy explains what personal information we collect, how we use and share it, and the rights and choices you have. It applies to users of Shiftly worldwide. Region-specific rights and disclosures appear in Section 11.

2. Information We Collect

We collect information you provide directly to us and information collected automatically when you use the Service.

Information you provide

  • Identifiers: name, email address, phone number, date of birth.
  • Profile information: resume, work history, skills, education, photos, availability, job preferences.
  • Employer information: company name, industry, job postings.
  • Communications: messages, support requests, feedback.
  • Payment information (if applicable): processed by our payment processor; we do not store full card numbers.

Information collected automatically

  • Device data: device model, operating system, app version, browser, language, time zone.
  • Usage data: screens or pages viewed, in-app actions (taps, swipes, matches, messages, offers), feature usage.
  • Approximate location: derived from IP address.
  • Precise location: only if you grant permission, used to show nearby jobs.
  • Cookies and similar technologies on the website (see Section 10).

Information from third parties

  • Authentication providers (Apple, Google) — only the data you choose to share.
  • Service providers acting on our behalf (see Section 4).

3. How We Use Your Information

We use personal information to:

  • Create and manage your account and provide the Service.
  • Match workers with employers and facilitate hiring.
  • Verify your identity and phone number.
  • Send transactional communications (verification codes, match alerts, message notifications).
  • Improve, personalize, and secure the Service.
  • Detect, prevent, and respond to fraud, abuse, and security incidents.
  • Comply with legal obligations and enforce our Terms.

Messages and communications

Messages you send and receive through Shiftly, including their content, are processed, stored, and may be reviewed — by automated systems and, where necessary, trained personnel — to:

  • Provide and improve the in-app messaging feature.
  • Detect spam, fraud, harassment, scams, or other unsafe content.
  • Enforce our Terms of Service and Community Guidelines.
  • Respond to law-enforcement requests and other legal obligations.

Messages on Shiftly are not end-to-end encrypted. Do not share information you would not want Shiftly or a third party to access.

Lawful bases (EU/EEA/UK users)

  • Performance of a contract — to provide the Service you requested.
  • Legitimate interests — to improve, secure, and analyze the Service.
  • Consent — for optional features such as precise location, marketing, and non-essential cookies.
  • Legal obligation — to comply with applicable law.

You may withdraw consent at any time where consent is the basis of processing.

4. Information Sharing & Third-Party Processors

We share personal information only as described below.

With other users

When you match with a worker or employer, we share relevant profile information (such as name, skills, work history, or job details) to facilitate hiring.

With service providers (data processors), under contract

  • Supabase (United States) — authentication, database, file storage.
  • PostHog (United States) — product analytics. PostHog receives your account ID, email, role, screens viewed, in-app events, device model, OS, and approximate country from IP. PostHog does not track you across other apps or sites; we do not use advertising identifiers (IDFA / GAID). When you delete your account, associated PostHog identifiers are cleared automatically. See posthog.com/privacy.
  • AWS / Amazon CloudFront (United States) — application hosting and content delivery.
  • Vercel (United States) — website hosting and edge delivery.
  • Vonage (United States / global) — SMS delivery for phone-number verification.
  • Apple (United States) — push notifications, Sign in with Apple.
  • Google (United States) — push notifications, Sign in with Google, Google Maps.

For legal reasons

  • To comply with valid legal process, court orders, or government requests.
  • To protect the rights, safety, and property of Shiftly, our users, or the public.
  • In connection with a merger, acquisition, financing, or sale of business assets.

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising or targeted advertising. We do not use advertising identifiers (IDFA / GAID).

5. International Data Transfers

Shiftly is based in the United States, and our service providers process data primarily in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States or other countries where our service providers operate.

For users in the European Economic Area (EEA), United Kingdom, and Switzerland: where we transfer your data outside the EEA/UK/Switzerland to a country that has not received an adequacy decision, we rely on appropriate safeguards including the European Commission's Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum.

You can request a copy of the safeguards in place for transfers of your data by contacting support@shiftlyco.com.

6. Data Retention

We retain personal information for as long as your account is active and as needed to provide the Service. After account deletion:

  • Account profile data is deleted within 30 days.
  • Messages, matches, and analytics identifiers are deleted or anonymized within 30 days.
  • Records we are required to keep for legal, tax, accounting, or fraud-prevention purposes are retained for the period required by law (typically up to 7 years).
  • Aggregate, de-identified data may be retained indefinitely.

You may delete your account at any time from Settings > Account in the app, or by contacting support@shiftlyco.com.

7. Data Security

We use administrative, technical, and physical safeguards to protect your information, including encryption of data in transit (TLS) and at rest, access controls, and regular security review. No method of transmission or storage is 100% secure. If we become aware of a personal-data breach affecting you, we will notify you and the relevant supervisory authority as required by applicable law.

8. SMS / Text Messaging Consent

When you enter your phone number during sign-up in the Shiftly app and tap "Send Code," you expressly consent to receive SMS messages from Shiftly, including:

  • A one-time verification code to confirm your phone number.
  • Transactional messages related to your account (job match notifications, messages from employers or workers, interview or offer updates, and account alerts).

Message frequency varies based on your activity. Message and data rates may apply from your mobile carrier.

Reply HELP for assistance, or STOP to unsubscribe. Unsubscribing from SMS will not affect your ability to use other parts of the Service.

We do not sell or share your mobile phone number or SMS opt-in status with third parties or affiliates for their marketing purposes.

For SMS support: support@shiftlyco.com.

9. Analytics

We use PostHog (PostHog Inc., United States) to understand how users interact with Shiftly. The data PostHog receives is described in Section 4. PostHog does not track you across other apps or sites; we do not use advertising identifiers.

You can opt out of product analytics at any time from Settings > Privacy > Analytics in the app. Opting out stops PostHog event collection from your device on the next app launch.

10. Cookies and Similar Technologies

Our website uses cookies and similar technologies that are strictly necessary to operate the site (e.g., session, security, load-balancing). We currently do not use advertising or cross-site tracking cookies. If we add non-essential cookies in the future, EU/EEA/UK and California visitors will be asked for consent or given a clear opt-out.

You can manage cookies through your browser settings.

11. Your Rights & Region-Specific Disclosures

Depending on where you live, you may have rights to access, correct, delete, port, restrict, or object to the processing of your personal information; withdraw consent; opt out of sale or sharing (we do not sell or share for advertising); and lodge a complaint with your data-protection authority. To exercise rights, email support@shiftlyco.com from the email associated with your account, or use the in-app account-deletion option. We respond within the time required by applicable law (typically 30–45 days). We will not discriminate against you for exercising these rights.

EU/EEA, United Kingdom, and Switzerland (GDPR / UK GDPR)

You have the rights described above. The lawful bases we rely on are described in Section 3. You may lodge a complaint with your local data-protection authority (e.g., the UK ICO at ico.org.uk, or your country's authority listed at edpb.europa.eu).

Shiftly does not have an establishment in the EU. Our Article 27 GDPR representative can be contacted at support@shiftlyco.com (subject: "EU GDPR Article 27 Request"). We are appointing a formal EU representative; updated contact details will be published here.

California (CCPA / CPRA)

California residents have rights to know, access, delete, correct, and limit the use of sensitive personal information, plus the right to opt out of sale or sharing. We do not sell personal information and do not share it for cross-context behavioral advertising. Categories of personal information we collect, sources, business purposes, and recipients are described in Sections 2–4. To exercise rights, email support@shiftlyco.com. You may designate an authorized agent to make a request on your behalf.

Other U.S. States

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon, Montana, Tennessee, Indiana, Iowa, Delaware, Florida, New Hampshire, New Jersey, Minnesota, Maryland, Kentucky, Rhode Island, and other states with applicable privacy laws have rights similar to those listed above. We do not sell personal data, do not engage in targeted advertising, and do not profile users in furtherance of decisions producing legal or similarly significant effects. To exercise rights, email support@shiftlyco.com. You may appeal a denial by replying to our response.

Canada (PIPEDA, Quebec Law 25)

Canadian users may access and correct personal information and challenge our compliance under PIPEDA. Quebec residents have additional rights under Law 25 including the right to data portability and to be informed of automated decision-making. Complaints may be filed with the Office of the Privacy Commissioner of Canada (priv.gc.ca) or the Commission d'accès à l'information du Québec (cai.gouv.qc.ca).

Brazil (LGPD)

Brazilian users have the rights described above plus the right to request anonymization, blocking, or deletion of unnecessary data and information about public and private entities with which we have shared data. Complaints may be filed with the ANPD (gov.br/anpd).

Australia (Privacy Act 1988 / APPs)

Australian users may access and correct personal information and complain to the Office of the Australian Information Commissioner (oaic.gov.au) if dissatisfied with our handling of a complaint.

Japan (APPI)

Japanese users may request disclosure, correction, suspension of use, and deletion of personal data. Complaints may be filed with the Personal Information Protection Commission (ppc.go.jp).

South Korea (PIPA)

Korean users may request access, correction, deletion, and suspension of processing. Complaints may be filed with the Personal Information Protection Commission (pipc.go.kr).

Other Regions

We aim to provide the rights and protections described above globally. If your jurisdiction grants additional rights, please contact support@shiftlyco.com and we will respond in accordance with applicable law.

12. Age Restriction

Shiftly is intended for users 18 years of age or older. We do not knowingly collect personal information from anyone under 18. Workers are required to confirm their date of birth at sign-up; accounts found to belong to users under 18 will be removed. If you believe a person under 18 has provided us personal information, please contact support@shiftlyco.com and we will delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last Updated" date at the top reflects the most recent change. If we make material changes, we will notify you in-app or by email before they take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

14. Contact Us

If you have questions, requests, or complaints about this Privacy Policy, please contact us at: support@shiftlyco.com

Shiftly Technologies, Inc.
1111B South Governors Avenue
STE 41988
Dover, DE 19904
United States

EU GDPR Article 27 representative requests: support@shiftlyco.com (subject: "EU GDPR Article 27 Request").