Privacy policy

Last updated April 05, 2026

This Privacy Notice for Shiftolic, Inc ("we," "us," or "our"), describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:

  • Visit our website at http://www.shiftolic.com or any website of ours that links to this Privacy Notice
  • Download and use our mobile application (Shiftolic), or any other application of ours that links to this Privacy Notice
  • Use Shiftolic — a shift management and marketplace platform for physicians and healthcare teams, bringing four core products into one system: a Physician Shift Marketplace, Scheduling Software, Workforce Management Workspace, and Analytics and Forecasting Tools
  • Engage with us in other related ways, including any marketing or events

Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. Contact us at support@shiftolic.com.

SUMMARY OF KEY POINTS

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use.

Do we process any sensitive personal information? Some of the information may be considered "special" or "sensitive" in certain jurisdictions, for example your racial or ethnic origins, sexual orientation, and religious beliefs. We may process sensitive personal information when necessary with your consent or as otherwise permitted by applicable law.

Do we collect any information from third parties? We may collect information from public databases, marketing partners, social media platforms, and other outside sources.

How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.

In what situations and with which parties do we share personal information? We may share information in specific situations and with specific third parties.

How do we keep your information safe? We have adequate organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure.

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information.

How do you exercise your rights? The easiest way to exercise your rights is by submitting a data subject access request, or by contacting us at support@shiftolic.com.

1. WHAT INFORMATION DO WE COLLECT?

Personal Information You Disclose to Us

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

The personal information we collect may include the following:

  • Names
  • Phone numbers
  • Email addresses
  • Job titles
  • Usernames
  • Passwords
  • Contact or authentication data
  • Debit/credit card numbers
  • Hospital information
  • Billing addresses
  • Contact preferences
  • Mailing addresses

Sensitive Information

When necessary, with your consent or as otherwise permitted by applicable law, we process the following categories of sensitive information:

  • Financial data
  • National Provider Identifier (NPI) numbers and government-issued identity documents uploaded for account verification purposes

Payment Data

We may collect data necessary to process your payment if you choose to make purchases, such as your payment instrument number and the security code associated with your payment instrument. All payment data is handled and stored by Stripe. You may find their privacy notice here: https://stripe.com/privacy.

Social Media Login Data

We may provide you with the option to register with us using your existing social media account details, like your Facebook, X, or other social media account. If you choose to register in this way, we will collect certain profile information about you from the social media provider.

Application Data

If you use our application(s), we also may collect the following information if you choose to provide us with access or permission:

  • Geolocation Information. We may request access or permission to track location-based information from your mobile device, either continuously or while you are using our mobile application(s), to provide certain location-based services.
  • Mobile Device Access. We may request access or permission to certain features from your mobile device, including your mobile device's calendar, camera, SMS messages, reminders, social media accounts, and other features.
  • Mobile Device Data. We automatically collect device information such as your mobile device ID, model, and manufacturer, operating system, version information, browser type and version, hardware model, Internet service provider and/or mobile carrier, and IP address.
  • Push Notifications. We may request to send you push notifications regarding your account or certain features of the application(s). You may turn them off in your device's settings.

Mobile Device Permissions — Specific Details

  • Camera. We access your camera solely so you can take a selfie to set or update your profile photo. We do not use your camera to capture identity documents or for any other purpose.
  • Photo Library. We access your photo library solely so you can select an existing photo to use as your profile picture. We do not access, read, or retain any other photos from your library.
  • Push Notifications. We send push notifications to alert you about new shift opportunities, shift updates, coverage confirmations, and important account activity. You can opt out at any time in your device settings.
  • Document Access. When using the identity verification or credentialing features, we access your device's file system through the system document picker so you can select and upload documents such as your government-issued ID, medical license, board certification, DEA certificate, malpractice insurance, or resume/CV. We do not retain access to your files beyond the upload.

Information Automatically Collected

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity but may include device and usage information such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, and other technical information.

The information we collect includes:

  • Log and Usage Data. Service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services.
  • Device Data. Information about your computer, phone, tablet, or other device you use to access the Services, including IP address, browser type, hardware model, and operating system.
  • Location Data. Information about your device's location, which can be either precise or imprecise. You can opt out by disabling your Location setting on your device.

Google API

Our use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Information Collected from Other Sources

We may obtain information about you from other sources, such as public databases, joint marketing partners, affiliate programs, data providers, and social media platforms. This information includes mailing addresses, job titles, email addresses, phone numbers, IP addresses, and social media profiles.

2. HOW DO WE PROCESS YOUR INFORMATION?

We process your personal information for a variety of reasons, including:

  • To facilitate account creation and authentication and otherwise manage user accounts
  • To deliver and facilitate delivery of services to the user
  • To respond to user inquiries and offer support to users
  • To send administrative information to you
  • To fulfill and manage your orders, payments, returns, and exchanges
  • To enable user-to-user communications
  • To request feedback about your use of our Services
  • To send you marketing and promotional communications (you can opt out at any time)
  • To protect our Services through fraud monitoring and prevention
  • To evaluate and improve our Services, products, marketing, and your experience
  • To identify usage trends and better understand how our Services are being used

3. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

We may need to share your personal information in the following situations:

  • Business Transfers. We may share or transfer your information in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business.
  • Business Partners. We may share your information with our business partners to offer you certain products, services, or promotions.
  • Other Users. When you share personal information or interact with public areas of the Services, such information may be viewed by all users and may be publicly available outside the Services.

4. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

We may use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with our Services. These help us maintain security, prevent crashes, fix bugs, save your preferences, and assist with basic site functions.

We also permit third parties and service providers to use online tracking technologies on our Services for analytics and advertising purposes. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice.

5. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?

As part of our Services, we offer products, features, or tools powered by artificial intelligence, machine learning, or similar technologies ("AI Products"). We provide the AI Products through third-party service providers, including OpenAI.

Our AI Products are designed for the following functions:

  • AI automation
  • AI predictive analytics
  • AI search
  • Text analysis
  • Natural language processing

When you upload an identity document for account verification, that document image is transmitted to OpenAI for automated identity verification processing. Credentialing documents (such as medical licenses, board certifications, DEA certificates, and malpractice insurance documents) are stored securely on our servers and are not processed by AI.

To opt out of AI processing, please contact us using the contact information provided below.

6. HOW DO WE HANDLE YOUR SOCIAL LOGINS?

Our Services offer you the ability to register and log in using your third-party social media account details (like your Facebook or X logins). The profile information we receive may vary depending on the social media provider but will often include your name, email address, friends list, and profile picture.

We will use the information we receive only for the purposes described in this Privacy Notice. We recommend that you review the privacy notice of your social media provider to understand how they collect, use, and share your personal information.

7. HOW LONG DO WE KEEP YOUR INFORMATION?

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required by law. No purpose in this notice will require us keeping your personal information for longer than 48 months past the termination of the user's account.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or securely store and isolate it from any further processing until deletion is possible.

8. HOW DO WE KEEP YOUR INFORMATION SAFE?

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. Transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

9. DO WE COLLECT INFORMATION FROM MINORS?

We do not knowingly collect, solicit data from, or market to children under 18 years of age. By using the Services, you represent that you are at least 18 years old. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data. Please contact us at support@shiftolic.com if you become aware of any such data.

10. WHAT ARE YOUR PRIVACY RIGHTS?

Withdrawing your consent: You have the right to withdraw your consent at any time by contacting us at support@shiftolic.com. Please note that this will not affect the lawfulness of the processing before its withdrawal.

Opting out of marketing communications: You can unsubscribe from our marketing and promotional communications at any time by:

  • Clicking the unsubscribe link in our emails
  • Replying "STOP" or "UNSUBSCRIBE" to our SMS messages
  • Contacting us directly at support@shiftolic.com

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes.

Account Information: To review or change the information in your account or terminate your account, please contact us. Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, or comply with applicable legal requirements.

If you have questions or comments about your privacy rights, you may email us at support@shiftolic.com.

11. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals.

California law requires us to let you know how we respond to web browser DNT signals. Because there currently is not an industry or legal standard for recognizing or honoring DNT signals, we do not respond to them at this time.

12. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have specific privacy rights.

Categories of Personal Information We Collect

In the past twelve (12) months, we have collected the following categories of personal information:

  • A. Identifiers (contact details, IP address, account name) — YES
  • B. Personal information as defined in the California Customer Records statute (name, contact info, employment, financial information) — YES
  • C. Protected classification characteristics (gender, age, race, ethnicity) — NO
  • D. Commercial information (purchase history, payment information) — NO
  • E. Biometric information (fingerprints, voiceprints) — NO
  • F. Internet or other similar network activity (browsing history, online behavior) — NO
  • G. Geolocation data (device location) — YES
  • H. Audio, electronic, sensory, or similar information — NO
  • I. Professional or employment-related information (job title, work history, professional qualifications) — YES
  • J. Education information (student records and directory information) — YES
  • K. Inferences drawn from collected personal information — NO
  • L. Sensitive personal information (account login, debit/credit card numbers, government IDs) — YES

We will use and retain the collected personal information as long as the user has an account with us (applies to Categories A, B, G, I, J, and L).

Your Rights

You have rights under certain US state data protection laws, including:

  • Right to know whether or not we are processing your personal data
  • Right to access your personal data
  • Right to correct inaccuracies in your personal data
  • Right to request the deletion of your personal data
  • Right to obtain a copy of the personal data you previously shared with us
  • Right to non-discrimination for exercising your rights
  • Right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling

Depending upon the state where you live, you may also have the following rights:

  • Right to access the categories of personal data being processed (Minnesota)
  • Right to obtain a list of the categories of third parties to which we have disclosed personal data (California, Delaware, Maryland)
  • Right to obtain a list of specific third parties to which we have disclosed personal data (Minnesota, Oregon)
  • Right to obtain a list of third parties to which we have sold personal data (Connecticut)
  • Right to review, understand, question, and correct how personal data has been profiled (Connecticut, Minnesota)
  • Right to limit use and disclosure of sensitive personal data (California)
  • Right to opt out of the collection of sensitive data collected through voice or facial recognition features (Florida)

How to Exercise Your Rights

To exercise these rights, please submit a data subject access request or email us at support@shiftolic.com.

Appeals

If we decline to take action regarding your request, you may appeal our decision by emailing us at support@shiftolic.com. If your appeal is denied, you may submit a complaint to your state attorney general.

California "Shine The Light" Law

California residents may request, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes. Please submit your request in writing using the contact details provided in section 16 below.

13. OTHER IMPORTANT PLATFORM ISSUES

Healthcare Information. Shiftolic is a workforce management and scheduling platform. The Services are not intended to collect, store, or process Protected Health Information ("PHI") as defined under HIPAA. Users should not upload or transmit patient-identifiable health information through the platform unless expressly permitted under a separate written agreement with us.

Platform Visibility. Certain profile and scheduling information you provide — such as your name, professional credentials, availability, organization affiliation, and shift activity — may be visible to other authorized users of the platform, including hospitals, physician groups, locum companies, and other healthcare professionals.

Service Providers. We may share personal information with trusted third-party service providers that help us operate and maintain our Services. These providers are contractually required to safeguard your information and may only use it to perform services on our behalf.

Account Deletion. Users can permanently delete their account directly within the app by navigating to Settings → Delete Account. Deleting your account will permanently remove your profile, groups, shift posts, conversations, messages, credentials, and all associated account data. This action cannot be undone. Users who signed up via Google SSO can delete their account without a password. Users who signed up with email and password will be required to confirm their password before deletion.

14. USE OF INFORMATION

Users provide express consent to receive SMS messages by selecting the SMS consent checkbox during account registration. If you provide your phone number and enable SMS notifications, you may receive transactional SMS messages related to:

  • Shift alerts
  • Shift confirmations
  • Schedule reminders
  • Shift cancellations
  • Other account-related updates

Message and data rates may apply. You can opt out at any time by replying STOP. For assistance, reply HELP or contact us at support@shiftolic.com. We do not share mobile phone numbers or SMS opt-in data with third parties for marketing or promotional purposes.

15. DO WE MAKE UPDATES TO THIS NOTICE?

Yes, we will update this notice as necessary to stay compliant with relevant laws. The updated version will be indicated by an updated date at the top of this Privacy Notice. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.

16. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may contact us at:

Email: support@shiftolic.com

Mail:Shiftolic, Inc131 Continental Dr, Suite 305Newark, DE 19713United States

17. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country or state of residence, you may have the right to request access to the personal information we collect from you, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. To submit a request, please contact us at support@hiftolic.com.