Privacy Policy
Effective March 2024
1. Data collection
We collect account information (name, email), organization details, schedules, time entries, and paystub metadata to operate the service.
Diagnostic data from Sentry and product analytics from PostHog help improve reliability. You can opt out of analytics per organization.
2. Use of information
Operational data powers scheduling, approvals, paystub delivery, and email notifications sent through Resend.
Aggregated, anonymized usage trends may be used to improve ShiftBeacon. We never sell personal data to third parties.
3. Data retention
Account and organization records remain active while you are a customer. You can request deletion at any time and we will remove data within 30 days, excluding legally required backups.
Backups stored by Supabase follow their retention policies. We also recommend exporting CSVs for your own archives.
4. Security
Row-Level Security prevents cross-tenant access. File downloads use short-lived signed URLs and access logs feed into the audit trail.
Access to production systems is limited to authorized personnel with multi-factor authentication enabled.
5. Contact
Privacy questions can be emailed to privacy@shiftbeacon.ca.