Privacy Policy

Last Updated: 2026年3月16日
We value your trust. Before diving into the details, here is the most critical information about how we protect your shift data.

Controller Information

The controller responsible for data processing under the General Data Protection Regulation (GDPR) is:

ShiftCal (independent developer)
Spain

Contact email for privacy matters:
[email protected]

Scope of this Policy

This Privacy Policy applies to the ShiftCal mobile application and the website shiftcal.app (the “Service”). It explains what data we collect, how we use it, and your rights under the GDPR.

Data You Provide

Offline Use

You can use ShiftCal without creating an account.
In this case, all your data (shifts, notes, calendars) is stored locally on your device and is not transmitted to us.

Account, Calendar Connections & Cloud Sync

If you create an account or enable calendar-related features, we may process:

  • Email address – used for authentication, account access, and essential service communication
  • Shift data, notes, and related schedule settings that belong to your ShiftCal account – used to display your schedule, calculate statistics, and, if you enable sync or backup, stored encrypted on secure servers to synchronize your data between devices
  • Connected or imported calendar information available on your device – such as calendars or calendar events you choose to display, import, export, or analyze locally in ShiftCal

ShiftCal may analyze the shift schedules, work hours, rest intervals, night shifts, late finishes, and calendar events that you create, import, or connect in order to generate optional in-app wellbeing insights.

These insights may include:

  • Rest and recovery metrics
  • Night work percentage
  • Quick turnaround alerts
  • Estimated sleep debt
  • Circadian disruption indicators
  • Recovery estimates
  • A schedule or health score shown inside the stats section

In the current version of the app, these calculations are generated locally on your device from the shift and calendar data available in the app.

ShiftCal does not access or import data from Google Fit, Health Connect, Apple Health, medical records, wearable devices, or biometric sensors.

Health-related insight values are not stored separately on our servers. They are recalculated locally from the schedule data available on your device whenever needed.

Data Collected Automatically

When you use the Service, some limited technical data may be processed to ensure functionality, reliability, and security, such as:

  • Device type and operating system version
  • Basic server logs (e.g., connection timestamps)
  • App version and technical diagnostics needed to maintain service stability
  • Crash logs and diagnostic data used to detect, investigate, and fix errors
  • Analytics events related to app usage, such as screen views, onboarding steps, login flows, purchases, and feature interactions
  • Pseudonymous identifiers or internal account identifiers needed for analytics, diagnostics, subscriptions, sync, or abuse prevention

This information is used to operate, secure, improve, and measure the Service. Where required by law, non-essential analytics or advertising-related processing is used only after obtaining the required consent.

Advertising

ShiftCal may display advertisements to support the development of the app.

We use third-party advertising providers such as Google AdMob.
These providers may process:

  • Device advertising identifiers
  • Approximate location derived from IP address
  • Basic device information required to serve ads

Where required by law, non-essential advertising technologies are only used after obtaining your consent via the system permission prompt or consent dialog.

You can manage or withdraw advertising consent at any time through your device privacy settings.

We process personal data on the following legal grounds:

  • Contract (Art. 6(1)(b) GDPR): To provide account, calendar, sync, backup, and requested schedule analysis features
  • Consent (Art. 6(1)(a) GDPR): For personalized advertising, analytics, or other non-essential technologies where consent is required
  • Legitimate Interests (Art. 6(1)(f) GDPR): To maintain service security, prevent abuse, ensure technical stability, investigate crashes, and improve core functionality where permitted

Data Sharing and Processors

We do not sell your personal data.

We may share data only with trusted service providers that process information on our behalf, such as:

  • Cloud hosting providers (for account and sync storage)
  • Analytics and crash reporting providers
  • Advertising providers (for displaying ads)
  • Infrastructure services required to operate the app

These providers process data only under contractual obligations and appropriate safeguards required by the GDPR.

International Data Transfers

Some service providers may process data outside the European Economic Area (EEA), including in the United States.

When this occurs, we rely on appropriate safeguards such as:

  • EU Standard Contractual Clauses (SCCs)
  • Providers participating in recognized data protection frameworks where applicable

Data Retention

  • Locally stored shift, calendar, and notes data remains on your device until you delete it
  • Account data is stored while your account remains active
  • If you delete your account, your personal data is deleted from active systems
  • Backup copies may remain for a limited period for security reasons and are automatically removed thereafter
  • Health-related insight values shown in the app are generated locally from your schedule data and are not stored separately on our servers

Your GDPR Rights

If you are located in the European Union, you have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your data
  • Request restriction of processing
  • Object to processing based on legitimate interests
  • Request data portability where applicable

You can exercise your rights by contacting:
[email protected]

You also have the right to lodge a complaint with your local data protection authority.
In Spain, this is the Agencia Española de Protección de Datos (AEPD).

Children’s Privacy

ShiftCal is not intended for children under the age of 14 in accordance with Spanish data protection law.
We do not knowingly collect personal data from children under this age.

Security Measures

We implement appropriate technical and organizational measures to protect your data, including:

  • Encrypted data transmission (HTTPS / TLS)
  • Secure authentication mechanisms
  • Access controls on infrastructure systems

Changes to this Policy

We may update this Privacy Policy from time to time.
If we make significant changes, we will notify users through the app or website and update the “Last updated” date above.

Contact

For any privacy or data protection questions, contact:

[email protected]

还有疑问?

找不到您想要的答案?我们的团队随时为您提供帮助。

联系支持