Privacy Policy

Last updated: April 2026

What we collect

ShiftWell collects the information you provide directly:

  • Account information — your name and email address
  • Profile data — profession, shift type, union/organization type, chronotype, and primary wellness goal
  • Recovery check-ins — sleep quality and duration, energy level, stress, fatigue, emotional state, caffeine intake, movement, and free-text reflections
  • Shift schedule — your rotation pattern and individual shift overrides
  • Calendar events — personal events you add to your calendar
  • Wage information — pay rate, FTE, and shift premium configuration you enter voluntarily
  • Wearable data — if you connect an Oura Ring, we access sleep metrics from the Oura API on your behalf
  • Push notification consent — if you opt in, we store a push subscription token on your device

How we use it

Your data is used solely to power your ShiftWell experience — generating AI recovery insights, tracking your streaks, calculating pay estimates, and personalising recommendations. We do not sell your data. We do not share your data with third parties except the services required to operate the app, listed below.

Third-party services

ShiftWell uses the following third-party services. Each handles data under their own privacy policy:

  • Supabase — database, authentication, and file storage (US-hosted)
  • Anthropic (Claude API) — generates your AI recovery insights from your check-in data
  • Stripe — processes subscription payments. ShiftWell never sees or stores your card details — they go directly to Stripe
  • Vercel — hosts and serves the application
  • Resend — sends transactional and notification emails
  • Oura — if you connect your Oura Ring, Oura's own privacy policy governs how they handle your health data on their end

AI processing

Your check-in data is sent to Anthropic's Claude API to generate your personalised insights. This data is processed according to Anthropic's privacy policy and is not used to train their models. Only the data relevant to your current insight is sent — we do not transmit your full account history in a single request.

Groups and shared data

If you join a group, other members of that group can see your shift availability windows (morning, afternoon, evening free or busy). They cannot see your event titles, check-in data, recovery scores, or any personal health information. Only time-of-day availability is shared — the same information you would share when finding a mutual free time to meet.

Health-related data

Check-in data (sleep, stress, fatigue, emotional state) is health-adjacent information. We treat it with the same care as personal health data: it is encrypted at rest, transmitted over TLS, never sold, and only processed to generate your own insights. ShiftWell is a wellness tool, not a medical service. See our Terms of Service.

Data storage and security

Your data is stored in Supabase (PostgreSQL), hosted in the United States. All data is encrypted at rest and in transit. Row-level security policies in the database ensure only you — and services acting on your behalf — can access your records. Your device may also cache data locally (via the PWA service worker) to support offline use. This local cache is not accessible to other apps or users.

Push notifications

If you opt in to push notifications, your browser generates a push subscription token that is stored in our database and used only to deliver ShiftWell notifications to your device. You can revoke this at any time from your Profile page or your browser settings.

Email communications

We send transactional emails (account confirmation, password reset) and, with your consent, notification emails (post-shift reminders, streak alerts, weekly digest). Notification emails include a one-click unsubscribe link. ShiftWell complies with Canada's Anti-Spam Legislation (CASL).

Cookies

ShiftWell uses only the cookies required for authentication (session management via Supabase). We do not use advertising cookies or third-party tracking.

Your rights

You can delete your account and all associated data at any time from your Profile page. Deletion is permanent and irreversible. You may also:

  • Request a copy of your data
  • Request correction of inaccurate data
  • Withdraw consent for notifications at any time
  • Disconnect third-party integrations (Oura) from your Profile page

To exercise any of these rights, email us at hello@theshiftwell.ca.

Jurisdiction

ShiftWell is operated from British Columbia, Canada. This policy is governed by the laws of British Columbia and the applicable laws of Canada, including PIPEDA and CASL.

Contact

Questions about privacy? Email hello@theshiftwell.ca