← Back

Privacy Notice

Last updated: 5/13/2026

1. Who we are

Rafael Abrams (trading as Shiftly) ("we") provides the Shiftly service. We are the data controller for personal data we collect about you. Contact: support@shiftly.app.

2. What we collect

  • Account data — name, email, login credentials.
  • Workspace content — staff names, departments, areas, and shifts you enter into the Service.
  • Support communications — messages you send us.
  • Usage & device data — log records, IP address, browser type, basic telemetry needed to operate and secure the Service.

3. Why we use it

  • To create and operate your account (contract performance).
  • To provide and improve the Service (legitimate interests).
  • For security, fraud prevention, and abuse detection (legitimate interests / legal obligation).
  • To respond to support requests (contract performance / legitimate interests).
  • To comply with applicable law (legal obligation).

4. Who we share data with

  • Service providers / subprocessors — hosting, database, email delivery, analytics, error monitoring.
  • Paddle.com — our Merchant of Record, who handles payments, subscription management, tax compliance, and invoicing. See Paddle's privacy notice.
  • Professional advisers (legal, accounting) where needed.
  • Authorities where required by law.

We do not sell your personal data.

5. International transfers

Where data leaves the UK/EEA, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

6. Retention

We keep account and workspace data for as long as your account is active and for a reasonable period afterwards to handle disputes and meet legal obligations. We delete or anonymise data when it's no longer needed.

7. Your rights

Depending on your location you have rights to access, correct, delete, restrict, port, or object to processing of your personal data, and to withdraw consent. EU/UK users may complain to a supervisory authority. We aim to respond within one month. To exercise rights, email support@shiftly.app.

8. Security

We use appropriate technical and organisational measures including encryption in transit, access controls, and audit logging.

9. Cookies

We use essential cookies to keep you signed in and to operate the Service. We do not use third-party advertising cookies.

10. Changes

We'll post material changes here and, where appropriate, notify you by email.