Privacy Policy

Effective Date / Last Updated: March 15, 2026

1. Introduction

SHIFT PSM LLC ("SHIFT," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the SHIFT platform ("Platform"), including our website, web application, and related services.

By accessing or using the Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree to this Privacy Policy, please do not use the Platform.

2. Information We Collect

Information You Provide

Account Information: Name, email address, phone number, and password when you create an account
Business Information: Business name, address, operating hours, services offered, and pricing (for providers)
Payment Information: Billing details and payment method information, processed and stored by Stripe (we do not store full credit card numbers)
Client Information: Names, phone numbers, email addresses, appointment history, and service preferences entered by providers into the CRM
Communications: Messages, support requests, and feedback you send to us

Information Collected Automatically

Device Information: Browser type, operating system, device identifiers, and screen resolution
Usage Data: Pages visited, features used, click patterns, session duration, and interaction data
Log Data: IP addresses, access times, referring URLs, and error logs
Location Data: Approximate location derived from IP address (we do not collect precise GPS data)

Information from Third Parties

Authentication Providers: If you sign in using a third-party OAuth provider (e.g., Google), we receive your name, email, and profile picture as permitted by your settings
Stripe: Payment status, transaction history, and onboarding verification status for connected accounts

3. How We Use Your Information

We use the information we collect to:

Provide, operate, and maintain the Platform and its features
Process payments and manage subscriptions
Send transactional communications, including appointment reminders and booking confirmations
Generate business analytics, reports, and AI-powered insights for providers
Improve, personalize, and optimize the Platform experience
Provide customer support and respond to your inquiries
Detect, prevent, and address fraud, abuse, and security issues
Comply with legal obligations and enforce our Terms of Service
Send product updates and service announcements (with opt-out options)

4. Data Storage and Infrastructure

Your data is stored and processed using the following infrastructure:

Firebase Authentication: Manages user identity, login sessions, and authentication tokens
Cloud Firestore: Stores application data including user profiles, business settings, appointments, client records, and CRM data
Cloud SQL (PostgreSQL): Powers the double-entry financial ledger and transactional financial records
Google Cloud Storage: Stores uploaded media files such as profile images and business photos

All data is stored on Google Cloud Platform (GCP) infrastructure located in the United States. Data is encrypted in transit using TLS and at rest using GCP's default encryption mechanisms.

5. Third-Party Service Providers

We share information with third-party service providers who assist us in operating the Platform:

Stripe: Processes payments, manages connected accounts, and handles financial data. Stripe's privacy policy governs their handling of payment information. See stripe.com/privacy.
Twilio: Sends SMS messages for appointment reminders and notifications. Phone numbers and message content are shared with Twilio for delivery purposes.
Google Cloud Platform: Provides cloud computing infrastructure, data storage, and processing services.
Sentry: Monitors application errors and performance. Sentry may collect technical data, including IP addresses, browser information, and user interaction data. Sentry Session Replay may record user interactions (clicks, navigation, form inputs) to help us diagnose errors — sensitive fields such as passwords and payment inputs are automatically masked.
Cloudflare Turnstile: Provides bot detection and abuse prevention. Turnstile collects device and browser signals to distinguish human users from automated traffic. No CAPTCHAs are displayed to users.

6. SMS Communications

When you provide your phone number and opt in to SMS communications, we may send you:

Appointment booking confirmations
Appointment reminders and schedule changes
Account verification codes
Payment and billing notifications

You may opt out of SMS messages at any time by replying STOP or adjusting your notification settings within the Platform. Opting out of transactional messages may affect your ability to receive important appointment and account notifications. We do not sell or share your phone number with third parties for marketing purposes.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

Essential Cookies: Required for authentication, session management, and security. These cannot be disabled.
Analytics Cookies: Help us understand how users interact with the Platform so we can improve the experience. You may opt out via our cookie consent banner.
Preference Cookies: Remember your settings, language, and display preferences across sessions.

We do not use advertising or third-party tracking cookies. You can manage cookie preferences through our cookie consent banner displayed on first visit, or through your browser settings.

We do not sell your personal information. We may share your information in the following circumstances:

Between Providers and Clients: When a client books an appointment, relevant contact and booking information is shared between the client and the provider
Service Providers: With the third-party service providers listed in Section 5, solely to operate and improve the Platform
Legal Requirements: When required by law, subpoena, court order, or to protect the rights, safety, or property of SHIFT, our users, or the public
Business Transfers: In connection with a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred to the acquiring entity
With Your Consent: When you have given explicit consent to share your information for a specific purpose

9. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Platform's services. After account deletion or deactivation:

Account data is deleted or anonymized within 90 days
Financial records may be retained for up to 7 years as required by tax and accounting regulations
Anonymized analytics data may be retained indefinitely for statistical and product improvement purposes
Backup copies are purged according to our standard backup rotation schedule

10. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate or incomplete information
Deletion: Request deletion of your personal information, subject to legal retention requirements
Data Portability: Request your data in a structured, machine-readable format
Opt-Out: Unsubscribe from non-essential communications and opt out of analytics tracking

To exercise any of these rights, please contact us at support@goingshift.com. We will respond to your request within 30 days.

11. Children's Privacy

The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe we have inadvertently collected information from a minor, please contact us immediately at support@goingshift.com.

12. Security Measures

We implement industry-standard security measures to protect your personal information, including:

Encryption of data in transit (TLS) and at rest
Firebase Security Rules and Firestore access controls
Role-based access control within the Platform
Regular security monitoring and vulnerability assessments
Secure authentication via Firebase Auth with support for multi-factor authentication
Cloudflare DDoS protection and Web Application Firewall (WAF)

While we take reasonable steps to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: You may request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for collecting it, and the categories of third parties with whom we share it.
Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
Do Not Sell: We do not sell personal information as defined by the CCPA. We do not share personal information for cross-context behavioral advertising.

To exercise your CCPA rights, contact us at support@goingshift.com. We will verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and notify you through the Platform or via email. We encourage you to review this policy periodically to stay informed about how we protect your information.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@goingshift.com
Website: goingshift.com/contact
Company: SHIFT PSM LLC, Lee County, Florida

Related policies: Terms of Service | Refund & Cancellation Policy