Privacy Policy
Effective Date: December 22, 2025
Optimal Shift LLC ("Optimal Shift," "we," "us," or "our") operates the Optimal Shift workforce scheduling platform. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our Services.
"Services" means the Optimal Shift mobile application, web application, administrative console, and related support channels. The same data practices generally apply across all platforms, with platform-specific differences noted where applicable.
1. Scope and Enterprise Context
The Services are business-to-business (B2B) enterprise applications provided to authorized users of healthcare organizations ("Organizations") that subscribe to Optimal Shift's workforce scheduling platform. Users can only access the Services if invited by their Organization's administrator.
Your Organization as the Customer: Your Organization is our customer and controls user provisioning, role assignments, scheduling rules, and access to your work-related data. Optimal Shift processes your data on behalf of your Organization under our customer agreement. Optimal Shift may also act as a data controller for limited information necessary for our own operations, such as billing contacts, security logs, and service administration. For questions about how your Organization uses your data within the scheduling system, please contact your Organization's administrator.
The Services are not intended for entering patient information. Please do not submit patient data or medical records through the Services.
The Services are intended for use by adults (18+) in a professional capacity. They are not directed at children.
The Services are intended for users in the United States and are not directed to individuals in the European Economic Area, United Kingdom, or Switzerland.
2. Information We Collect
2.1 Account Information
When you log in to the Services, we process:
- Email address: Used for authentication and account identification
- Name: Your first and last name as configured by your Organization
- Credentials: Authentication data such as password (hashed), SSO tokens, or similar
- Organization membership: Your association with your Organization and assigned roles
Your account is created by your Organization's administrator through the web platform. You do not create an account directly through the mobile app.
2.2 Device and Push Notification Information (Mobile)
To provide push notifications and ensure mobile app functionality, we collect:
- Push notification token: A unique identifier provided by Apple or Google to deliver notifications to your device
- Device platform: Whether you use iOS or Android
- Device identifiers: Platform-specific identifiers for notification delivery, session management, and detecting unusual login activity
- App version: The version of the Optimal Shift app installed on your device
2.3 Web App Data
When you use the web application, we collect:
- Cookies and local storage: Used for authentication, session management, CSRF protection, and user preferences. We do not use cookies for advertising or cross-site tracking.
- Browser and device metadata: User agent, browser version, operating system, language, and timezone
- IP address: Used for security monitoring, abuse prevention, and approximate location for timezone detection
2.4 Usage and Diagnostics
When you use the Services, we automatically collect:
- Authentication tokens: Securely stored credentials to keep you logged in
- Timestamps: When you access the Services and perform actions
- Diagnostics: Crash reports and error logs to identify and fix technical issues
- Event telemetry: Feature interactions and usage patterns, used to operate, secure, and improve the Services. Screen views and notification interactions may be collected depending on platform configuration.
- Scheduling data: Your shift assignments, time-off requests, and scheduling preferences
2.5 Marketing Website
If you contact us through our public website (e.g., to request a demo or sign up for updates), we collect the information you provide (such as your name, email address, organization, and role) and use it to respond to your inquiry and for related business communications.
We also automatically collect the following when you interact with our public website:
- IP address and approximate location: Country and region derived from your IP address, used for analytics and fraud prevention
- Browser and device metadata: User agent, browser type, operating system, device type, and preferred language
- Referral information: Referring URL and campaign parameters (e.g., UTM tags) to understand how you found us
This information is used to operate and improve the website, understand how visitors find us, and prevent abuse. We do not use it for advertising or cross-site tracking.
2.6 Information We Do NOT Collect
- Precise location data: We do not collect GPS or precise location information
- Contacts or address book: We do not access your device contacts
- Photos, videos, or files: We do not access your device media or files
- Health or patient data: We do not collect personal health information or patient data through the Services
- Advertising identifiers: We do not collect device advertising IDs (mobile) or use advertising cookies (web)
- Cross-app/cross-site tracking: We do not track you across other apps or websites
- Third-party AI processing: We do not send your personal data to third-party AI services
3. How We Use Your Information
We use the information we collect to:
| Purpose | Data Used |
|---|---|
| Authenticate your identity | Email, credentials, authentication tokens |
| Display your work schedule | Organization membership, shift assignments |
| Send push notifications | Push notification token, device platform |
| Process scheduling requests | Account info, scheduling data, request details |
| Provide customer support | Account info, support communications |
| Maintain security and prevent abuse | IP address, authentication logs, device identifiers |
| Diagnose and fix technical issues | Crash reports, error logs, diagnostics |
| Improve the Services | Event telemetry, feature usage |
| Respond to inquiries | Contact info from marketing website |
We do not use your information for:
- Advertising or marketing to third parties
- Selling, renting, or "sharing" (as defined by US privacy laws) your personal data
- Profiling for purposes unrelated to workforce scheduling
4. How We Share Your Information
4.1 With Your Organization
Your Organization has access to:
- Your account information and role assignments
- Your shift assignments and schedule
- Scheduling requests you submit or receive (e.g., shift changes, time off, preferences)
- Notification delivery status
Organizations do not receive raw product analytics such as generalized screen-view metrics or feature usage statistics. These are used only by Optimal Shift to improve the Services.
4.2 With Service Providers (Subprocessors)
We use service providers to help operate the Services. These providers process information on our behalf and under contractual obligations designed to protect your data.
| Category | Purpose |
|---|---|
| Cloud infrastructure | Hosting, data storage, backups, monitoring |
| Push notification services | Delivering notifications (e.g., Apple Push Notification service and Google Firebase Cloud Messaging) |
| Email services | Sending transactional emails and support communications |
| Error tracking / analytics / monitoring | Crash reporting, performance monitoring, and service reliability analytics |
We maintain a list of subprocessors available upon request. We do not use advertising networks and we do not permit our service providers to use your data for their own marketing or advertising purposes.
4.3 Legal Requirements
We may disclose your information if required by law, such as:
- To comply with a subpoena, court order, or legal process
- To protect the rights, property, or safety of Optimal Shift, our users, or others
- To enforce our terms of service
4.4 Business Transfers
If Optimal Shift is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify affected users before their information becomes subject to a different privacy policy.
5. Data Retention
We retain your information for as long as necessary to provide our services and comply with legal obligations:
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion or Organization offboarding |
| Authentication tokens | Short-lived (access) or until logout (refresh) |
| Push notification tokens | Until logout, disabled, or invalidated |
| Shift and schedule data | Duration of Organization subscription |
| Diagnostics, logs, and telemetry | Retained for a limited period as configured; longer for security/legal needs |
| Audit/security logs | As required by contract, security, or law |
| Backups | Up to 6 months after primary data deletion |
When data is no longer needed, it is securely deleted or anonymized.
Organization termination: When an Organization's subscription ends, we provide a data export window (typically 30 days), after which Organization data is deleted according to the retention periods above.
6. Data Security
We use administrative, technical, and physical safeguards designed to protect personal information. These measures may include, for example:
- using encryption in transit for communications between your device and our services;
- access controls and logging designed to limit and monitor employee access; and
- security monitoring and periodic reviews.
No security measure is perfect. Despite our safeguards, we cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately.
7. Your Choices and Rights
7.1 Access Your Information
You can view your personal information within the Services, including your profile, schedule, and request history.
7.2 Correct Your Information
If your account information is incorrect, contact your Organization's administrator to request corrections.
7.3 Request Account Deletion
Because accounts are provisioned and managed by your Organization, account changes (including deactivation or deletion) are typically handled by your Organization's administrator. If you need assistance, you may also contact us at and we will coordinate with your Organization as appropriate.
Data associated with your account, including scheduling history and request records, is retained according to your Organization's policies and our retention schedule in Section 5.
7.4 Push Notifications
You can disable push notifications through your device's notification settings.
7.5 Analytics
Some event collection is necessary to operate and secure the Services. We do not share your activity with your Organization or third parties for advertising purposes.
7.6 Response Timing and Appeals
We respond to privacy rights requests within 45 days. If we deny your request, you may appeal by emailing with "Appeal" in the subject line. We will respond to appeals within 45 days.
8. U.S. State Privacy Rights
If you are a U.S. resident, you may have additional rights under state privacy laws, including California and other state privacy laws.
Your Rights May Include:
- Right to Know/Access: Request information about the personal data we collect about you
- Right to Delete: Request deletion of your personal data, subject to certain exceptions
- Right to Correct: Request correction of inaccurate personal data
- Right to Opt-Out: Opt out of the "sale" or "sharing" of personal data for targeted advertising
Our Practices: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising or targeted advertising purposes.
How to Exercise Your Rights: Contact your Organization's administrator or email us at . We may need to verify your identity before processing your request.
Authorized Agents: You may designate an authorized agent to submit requests on your behalf. Authorized agents must provide written authorization or a power of attorney. We may contact you directly to verify your identity and confirm the request.
Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
Tracking Signals: We honor Global Privacy Control (GPC) signals. Because we do not sell or share personal information for targeted advertising, a GPC signal will not change the Services you receive. The legacy "Do Not Track" (DNT) browser header has been deprecated by the W3C and removed by major browsers; we do not process it.
9. International Data Transfers
We are based in the United States. We (and our service providers) may process, store, and transfer personal information in the United States and other countries where we or our service providers operate, such as Canada. Data protection laws in those locations may differ from those in your state or country.
If you use the Services from outside the United States, you understand that your information may be processed and stored in the United States and other jurisdictions.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy in the Services and at https://www.optimalshift.ai/legal/privacy
- Updating the Effective Date at the top of this policy
Your continued use of the Services after changes become effective constitutes acceptance of the updated policy.
11. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email:
Mailing address:
Optimal Shift LLC
5101 14th Ave NW
Suite 200 #525
Seattle WA 98107
For account-specific inquiries, please contact your Organization's administrator.
Appendix: Platform-Specific Disclosures
Mobile App Store Disclosures
We provide required privacy disclosures in our App Store and Google Play listings. The information below summarizes our data practices for those platforms. This Privacy Policy provides complete details; app store disclosures are summaries for quick reference.
Data Collected: Contact info (name, email), identifiers (user ID, device ID), usage data, diagnostics.
Data Use: App functionality, analytics and diagnostics, security.
Data NOT Used For: Third-party advertising, tracking across apps/websites.
Security: Data encrypted in transit.
Policy Availability
This Privacy Policy is available at:
- Public URL: https://www.optimalshift.ai/legal/privacy
- Mobile app: Help > Privacy Policy
- Web app: Footer link on all pages