Privacy Policy
Effective date: 2026-05-23. Version 1.1.
ShiftManagerAI ("the Service") is operated by IsraeliTech, Israel ("we", "us"). This policy explains what personal data we process, in what role, who we share it with, and what choices you have. It also covers visitors to our public website at shiftmanager.ai who do not have an account.
The Service is sold to employer organizations ("Customers") and used by their managers and employees. Where we say Manager we mean a Customer administrator with a ShiftManagerAI account; Employee means a person whose record was entered by a Manager into a Customer organization.
1. Our role: Controller and Processor
We act in two roles, depending on the data:
- Processor for Customer Data (employee records, shifts, schedules, availability, messages sent through the Service). The Customer organization is the Controller. We process Customer Data only on the Customer's documented instructions and in line with our Data Processing Agreement, available on request at privacy@shiftmanager.ai.
- Controller for Manager account data we collect for our own purposes: account creation, billing, support tickets, security logs, product analytics, waitlist sign-ups, and our own legal/compliance obligations.
2. Personal data we process
| Category | Examples | Our role |
|---|---|---|
| Manager identity | Name, email, password hash or Google OAuth ID | Controller |
| Customer organization | Org name, address, billing details, brand colors, working hours | Controller |
| Employee record | First name, last name, email, phone (E.164), employee type, weekly preferences | Processor |
| Operational | Shifts, assignments, schedule templates, availability/preferred dates, swap requests | Processor |
| Messaging | Telegram chat IDs (when an employee links the bot), WhatsApp recipient phone numbers, message content sent through the Service | Processor |
| AI assistant | User prompts, retrieved org data passed to the model, model responses | Processor (on Manager instruction) |
| Technical | Session cookies, IP address, user agent, device timezone, application logs | Controller |
| Usage analytics | Feature-usage events, page views, performance metrics, error reports — linked to a user/organization ID | Controller |
| Marketing | Email address submitted on our landing page to join the early-access waitlist | Controller |
Our usage analytics records how features are used and how the Service performs. These events are linked to an account identifier, so they are not fully anonymous — but we use them only to improve the product and fix problems, never to read or review the personal content stored in the Service.
We do not intentionally collect special categories of personal data (health, biometric, political, religious). Don't enter such data into the Service.
3. Purposes and legal bases
- Service delivery — generating schedules, sending availability surveys, sending shift notifications. Legal basis: contract with the Customer (Art. 6(1)(b) GDPR); Customer's documented instruction (Art. 28).
- AI assistant — running the manager-facing AI assistant. Legal basis: contract / instruction.
- Account management, billing, support — Legal basis: contract.
- Security, abuse detection, fraud prevention, debugging — Legal basis: legitimate interest (Art. 6(1)(f)).
- Product analytics and performance monitoring — understanding which features are used, monitoring performance, diagnosing errors. Legal basis: legitimate interest (Art. 6(1)(f)); where analytics cookies are used, your consent (Art. 6(1)(a)).
- Early-access waitlist — if you submit your email on our landing page, contacting you about beta availability. Legal basis: consent (Art. 6(1)(a)); withdraw any time by emailing privacy@shiftmanager.ai.
- Service announcements (security alerts, billing notices) — Legal basis: legitimate interest. We do not send marketing email without explicit opt-in.
- Legal compliance — Legal basis: legal obligation (Art. 6(1)(c)).
4. Cookies and tracking
We keep cookies to a minimum and use no advertising or cross-site tracking.
- Strictly-necessary cookies — a session cookie keeps you signed in, and a small flag remembers your cookie choice. These are always active, the Service cannot work without them, and no consent is required for them.
- Analytics cookies — our analytics provider can store a first-party cookie so we can recognize a returning visitor and measure how the Service and our public website are used. These are set only after you accept them on the cookie banner shown on your first visit. Until you accept, analytics runs in a cookieless mode that stores nothing on your device. You can change your choice any time by clearing your browser's site data, which makes the banner appear again.
- We do not use advertising cookies, cross-site tracking pixels, or behavioral-advertising trackers, and we do not sell data.
5. Sub-processors
We engage third-party Sub-Processors to operate the Service. Each is bound by a written agreement requiring at least the protections in our DPA. We will publish material changes to this list at least 14 days before a new Sub-Processor begins processing Customer Data; Customers can object via privacy@shiftmanager.ai.
| Sub-Processor | Location | Purpose | Categories shared |
|---|---|---|---|
| Vercel | USA | Application hosting | All in transit |
| Neon | USA (EU available) | Postgres database | All Customer Data at rest |
| Better-auth + Google OAuth | USA | Sign-in | Manager email, Google ID |
| Meta WhatsApp Cloud API | USA / Ireland | WhatsApp message delivery | Recipient phone, name, org name, survey URL |
| Telegram | UAE / EU | Telegram bot delivery | Telegram chat ID, message body |
| Resend | USA | Transactional email | Recipient email, message body |
| AI / LLM providers | USA | AI assistant (model inference) | Conversation messages + retrieved org context for the request |
| PostHog | EU (Germany) | Analytics, server logs, AI traces | User ID, org ID, event metadata, AI prompts/responses |
| Upstash | USA | Rate limiting, message-delivery throttling | IP address, anonymized request keys |
6. Messaging channels (Telegram, WhatsApp, email)
When a Manager configures a survey that sends messages over WhatsApp, Telegram, or email, the Manager (and the Customer organization) is the Controller of that messaging activity. We are the Customer's Processor, and the messaging vendor (Meta, Telegram, Resend) acts as our Sub-Processor under their respective business terms (e.g., the WhatsApp Business Data Processing Terms).
- Manager responsibility: ensure you have a lawful basis (contract, legitimate interest, or where required, consent) before sending automated messages to employees, and that recipient phone numbers and emails are accurate and consensually obtained. The Service does not collect such consent on your behalf.
- Recipient opt-out: employees can stop further messages by replying
STOPto any WhatsApp or Telegram message from the Service, by contacting their Manager, or by emailing privacy@shiftmanager.ai. - Delivery records: we store sent-at timestamps, message IDs, and status events for at least 90 days for delivery-debugging and abuse-prevention, then delete them.
7. AI assistant and AI training
We send conversation messages and the contextual data the assistant retrieves to answer your request to third-party AI / LLM providers, strictly to generate a response to that request. We do not use Customer Data to train any AI model, and we do not sell it. These providers process the data under their own commercial API terms.
AI outputs may be incomplete or incorrect. Review them before acting. The Service's AI assistant is a productivity tool, not a substitute for legal, employment, or compliance advice.
8. International transfers
Some Sub-Processors are located outside Israel and the European Economic Area (primarily in the United States). For transfers from the EEA, UK, and Switzerland we rely on the European Commission's Standard Contractual Clauses or equivalent approved mechanisms. For transfers from Israel we rely on the recipient's adequacy designation or written safeguards consistent with Privacy Protection Regulations (Transfer of Data to Databases Abroad), 5761-2001.
9. Retention
- Active Customer Data: for the lifetime of the Customer's account.
- Append-only audit logs (e.g., availability mark history): 24 months, then deleted.
- Server application logs: 90 days.
- AI conversation traces (PostHog): 90 days.
- Early-access waitlist emails: until you ask us to remove them, or until we open general availability.
- Backups: 35-day rolling window; deleted data is overwritten on the standard rotation.
- On account deletion: Customer Data is deleted or irreversibly anonymized within 30 days, except where law requires longer retention (financial records, regulator subpoenas, etc.).
- Messages already delivered over WhatsApp, Telegram, or email are governed by the recipient platform's retention policies, not ours.
10. Your rights
Subject to applicable law (GDPR, UK GDPR, Israel Privacy Protection Law as amended, California CCPA where applicable), you have the rights to: access, correction, deletion, restriction, portability, objection, and withdrawing consent (where consent was the basis). You can also lodge a complaint with a supervisory authority — in Israel, the Privacy Protection Authority.
If you are an employee, your data was likely entered by your employer, who is the Controller of that data. We will route your request to them. For requests we can act on directly, email privacy@shiftmanager.ai or use the deletion-request flow at /data-deletion.
11. Security
- TLS 1.2+ in transit; encryption at rest at the database layer.
- HMAC-SHA-256 hashing for messaging-link tokens at rest; plaintext tokens never stored.
- Per-organization data scoping enforced at the database query layer; cross-tenant access prevented by mandatory
organizationIdfilters. - Permanent access tokens for messaging providers stored as environment secrets; no long-lived secrets in client code.
- Production access limited to authorized engineers; access is logged.
- Periodic dependency scans and lint-enforced architectural rules to prevent common vulnerabilities.
No system is perfectly secure. If you suspect a vulnerability, please contact security@shiftmanager.ai.
12. Children
The Service is not directed to children under 16. If you become aware of a child's personal data in the Service, contact us and we will delete it.
13. Israel Privacy Protection Law
We comply with Israel's Privacy Protection Law, 5741-1981, as amended by Amendment 13 (effective 2025). If our processing reaches the regulatory thresholds, we will designate a Privacy Protection Officer and register the relevant database with the Privacy Protection Authority. Direct privacy queries to privacy@shiftmanager.ai.
14. Changes to this policy
We may update this policy. Material changes will be communicated to Managers by email at least 14 days before they take effect. The current version is always available at this URL with its effective date.
15. Contact
Privacy: privacy@shiftmanager.ai
Security: security@shiftmanager.ai
Operator: IsraeliTech, Israel.
See also our Terms of Service and Data Deletion page. עברית.