Legal
Privacy Policy
Last updated: 2026-05-03 · Shifter, EU
We collect as little as necessary, store everything inside the EU, and give you full control over your data.
Who we are
Shifter is operated by Shifter, a company registered in the EU. Our DPA is available on request to enterprise customers.
What we store
Account data: your email, full name, tenant assignment and role.
Operational data: shifts, schedules, swap requests, accept timestamps, and a tamper-evident audit log of changes.
Where we store it
Hosted in the European Union. Database backups are encrypted at rest. Data never leaves the EU.
Your rights
Under the GDPR you can request a copy of your personal data, ask us to correct it, or request deletion. Email privacy@shifter.online — we respond inside 30 days.
Cookies
We use a single first-party session cookie for authentication and a CSRF cookie for form security. We do not run third-party tracking pixels.
Questions about this policy?
We're happy to explain anything in plain language.