Privacy Policy

Introduction

ShiftStreak ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application.

Information We Collect

Account Information

• Email address - for login and account identification
• Name - displayed within the app to your employer and teammates
• Password - stored securely using industry-standard hashing (bcrypt)

Work Data

• Time entries - clock in/out times, break duration, work date
• Work categories - type of shift (e.g., bar, kitchen, service)
• Notes - optional notes you add to entries

Gamification Data

• Streaks - consecutive days of on-time entries
• Points - earned from punctual time logging
• Badges - achievements earned through app usage

Technical Data

• Push notification tokens - to send you reminders (optional)
• Device information - operating system version for app compatibility
• Timezone - for accurate time calculations

How We Use Your Information

We use your data exclusively to:

• Provide the service - record and display your work hours
• Enable team features - show your entries to your employer/admin
• Calculate statistics - streaks, monthly summaries, leaderboards
• Send notifications - shift reminders (only if you enable them)
• Improve the app - aggregate, anonymized usage analytics

We do NOT:

• Sell your data to third parties
• Use your data for advertising
• Share your data with anyone outside your organization
• Track your location

Data Sharing

Your data is shared only with:

• Your employer/organization - admins can see your time entries
• Your teammates - only aggregated data on leaderboards (if enabled)
• Service providers:
  • Sentry (error reporting) - receives crash reports to help us fix bugs
  • Expo (push notifications) - processes notification delivery
  • Hosting provider (vshosting.cz) - stores data on EU servers

All service providers are GDPR compliant and process data only on our behalf.

Data Storage and Security

• Location: All data is stored on servers in the European Union (Czech Republic)
• Encryption: Data is encrypted in transit (TLS 1.3) and at rest
• Access control: Strict access controls limit who can access data
• Password security: Passwords are hashed using bcrypt and never stored in plain text

Data Retention

• Active accounts: Data is retained while your account is active
• Deleted accounts: Data is permanently deleted within 30 days of account deletion
• Time entries: Retained for the duration required by your employer for payroll/legal purposes

Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

• Access - request a copy of your personal data
• Rectification - correct inaccurate data
• Erasure - request deletion of your data ("right to be forgotten")
• Portability - receive your data in a machine-readable format
• Object - object to certain data processing
• Withdraw consent - disable push notifications at any time

To exercise these rights, contact us at privacy@shiftstreak.app.

Push Notifications

Push notifications are optional. You can:

• Choose not to enable them during onboarding
• Disable them in your device settings at any time
• Configure notification preferences in the app

We use push notifications only for shift logging reminders and important account updates.

Children's Privacy

ShiftStreak is not intended for users under 16 years of age. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via in-app notification or email. The "Last Updated" date at the top indicates when the policy was last revised.

Contact Us

Legal Basis for Processing