Privacy Policy

1. What We Collect

When you use SureShift, we may collect the following data:

• Account data: Name, email address, organisation name, and role.
• Shift verification data: GPS coordinates at check-in time only (not continuous tracking), QR scan timestamps, and task completion photos.
• Usage data: Browser type, device information, pages visited, and feature usage analytics.
• Cookies: Essential session cookies for authentication. No third-party tracking cookies.

2. How We Use It

We use collected data to:

• Provide, maintain, and improve the SureShift service.
• Verify shift attendance and task completion for your organisation.
• Generate reports and analytics for authorised managers within your organisation.
• Send transactional emails (e.g. password reset, shift reminders).
• Ensure security and prevent abuse.

We do not sell your data to third parties. We do not use your data for advertising purposes.

3. Data Storage & Security

All data is stored on encrypted servers within the United Kingdom and the European Economic Area (EEA). We use industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, and regular security audits.

GPS coordinates are only collected at the moment of shift check-in and are not used for continuous location tracking. Photos are stored in encrypted object storage and are accessible only to authorised users within your organisation.

4. Your Rights (GDPR)

Under the UK GDPR and the Data Protection Act 2018, you have the right to:

• Access your personal data.
• Rectify inaccurate data.
• Eraseyour data ("right to be forgotten").
• Restrict processing of your data.
• Data portability — receive your data in a structured, machine-readable format.
• Object to processing based on legitimate interests.

To exercise any of these rights, contact us at the address below. We will respond within 30 days.

5. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us: