ShiftSync

Privacy Policy

Version 1.0 — Last updated 14 March 2026

Privacy Policy

Effective Date: March 2026

ShiftSync Pty Ltd (ABN pending) ("ShiftSync", "we", "us", "our") is committed to protecting the privacy of your personal information. This Privacy Policy explains how we collect, use, disclose and safeguard your information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. Information We Collect

We collect the following types of personal information:

  • Identity information: Full name, email address, phone number, date of birth
  • Employment information: Job title, role, department, employment status, pay rates
  • Time and attendance data: Clock-in/clock-out times, shift schedules, break records
  • Leave records: Leave requests, leave balances, leave types
  • Account credentials: Email address and securely hashed password
  • Billing information: Organisation name, ABN, billing address (payment card details are processed directly by Stripe and are not stored by ShiftSync)
  • Device and usage data: IP address, browser type, pages visited, and feature usage for improving our service

2. How We Use Your Information

We use your personal information for the following purposes:

  • Providing workforce management, rostering, and scheduling services
  • Processing time and attendance records
  • Managing leave requests and balances
  • Generating reports for employers and administrators
  • Processing subscription billing and payments via Stripe
  • Communicating service updates, notifications, and support responses
  • Improving and developing our platform
  • Complying with legal obligations

3. Third-Party Services

We use the following third-party service providers who may process your data:

  • Stripe (United States): Payment processing and subscription billing. Stripe's privacy policy is available at https://stripe.com/au/privacy
  • Supabase (United States): Database hosting and authentication infrastructure. Supabase's privacy policy is available at https://supabase.com/privacy
  • Vercel (United States): Application hosting and deployment

4. Cross-Border Disclosure (APP 8)

Your personal information may be disclosed to and processed by service providers located outside Australia, primarily in the United States. Before disclosing your information overseas, we take reasonable steps to ensure that the overseas recipient handles your information in accordance with the APPs. By using ShiftSync, you consent to this cross-border transfer of your information.

5. Data Security (APP 11)

We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. Our security measures include:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure password hashing using industry-standard algorithms
  • Role-based access controls limiting data access to authorised personnel
  • Regular security reviews and updates
  • Secure session management with httpOnly cookies
  • Audit logging of administrative actions

6. Right of Access (APP 12)

You have the right to request access to the personal information we hold about you. To make an access request, please contact us at privacy@shiftsync.com.au. We will respond to your request within 30 days. We may charge a reasonable fee to cover the cost of providing access if the request is complex.

7. Right to Correction (APP 13)

You have the right to request correction of personal information we hold about you that is inaccurate, out-of-date, incomplete, irrelevant, or misleading. To request a correction, please contact us at privacy@shiftsync.com.au. We will respond within 30 days.

8. Data Retention

We retain your personal information for as long as your account or your organisation's account remains active. After account closure, we retain data for a period of 7 years to comply with Australian tax and employment record-keeping requirements. After this retention period, personal information is securely deleted or de-identified.

9. Cookies

We use essential cookies to maintain your authentication session. For full details, please refer to our Cookie Policy.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Effective Date" above.

11. Complaints

If you believe we have breached the APPs, you may lodge a complaint with us at privacy@shiftsync.com.au. We will investigate and respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

12. Contact Us

If you have questions about this Privacy Policy, please contact us:

  • Email: privacy@shiftsync.com.au
  • Website: www.shiftsync.com.au
ShiftSync Assistant

G'day! I'm the ShiftSync assistant. How can I help you today? You can ask me about pricing, features, compliance, or anything else.