ShiftLock
Home

Privacy Policy

Version 2026.04.26 · Effective April 26, 2026 · Aligned with PIPEDA and PHIPA (New Brunswick)

1. Who we are

ShiftLock Inc. ("ShiftLock", "we") operates a nurse-staffing platform connecting Canadian-licensed nurses, nurse practitioners, and personal support workers with healthcare facilities. This policy describes what personal information we collect, how we use it, and the choices you have.

2. Personal information we collect

  • Account & profile data — name, contact info, role, work eligibility, employment status.
  • Credential records — licence numbers (RN/LPN/NP/PSW), expiry dates, registry verification results.
  • Shift & timesheet data — shifts worked, hours, premiums, pay events.
  • Payment data — Stripe tokens only. Card numbers and full bank numbers are never stored on ShiftLock systems (PCI-DSS scope handled by Stripe).
  • Privacy log — every consent grant/withdrawal, data export, deletion request, and access to credential records.
  • Marketing & product analytics — non-PHI usage events.

What we do NOT collect

ShiftLock is not a clinical record system. Patient names, conditions, chart notes, or any other Protected Health Information (PHI) under PHIPA must not be uploaded to the platform. Uploads are validated and any detected PHI is rejected.

3. Why we collect it (purpose)

Per PIPEDA, we collect personal information for these documented purposes only: scheduling and dispatch of nursing shifts, payroll and tax remittance, credential verification with provincial registries (ANBLPN, NANB), platform safety and abuse prevention, and — only with consent — product improvement and marketing.

4. Where your data lives (data residency)

Our target backend stores all personal information in AWS Canadian regions (ca-central-1, Montreal). During the migration window (April–June 2026), Firebase Authentication metadata is hosted in the United States; this is being phased out. The current migration status is published live at /admin/data-residency.

5. How long we keep it (retention schedule)

CategoryRetentionLegal basis
Account & profile data7 yearsCRA 6-year retention; +1 year buffer
Credential & licence records10 yearsProfessional regulatory recordkeeping (ANBLPN/NANB guidance)
Shift & timesheet records7 yearsEmployment Standards Act NB + CRA payroll
Payment records (tokens only — no PAN)7 yearsCRA + PCI-DSS scope (handled by Stripe)
Privacy & consent log10 yearsPIPEDA accountability principle
Marketing & analytics2 yearsPIPEDA minimization
PHI uploads (DISALLOWED)Not storedOut of scope — enforced via Terms of Service + upload validation

6. Your rights

  • Right to access — request a JSON export of everything we hold about you at /account/privacy.
  • Right to correction — update your profile or contact our privacy officer for fields you can't edit yourself.
  • Right to deletion — request account deletion at /account/privacy. We confirm within 30 days and complete within 60 unless a legal hold applies (payroll, regulatory).
  • Right to withdraw consent — at any time for optional uses (marketing, surveys). Required uses end when the account is closed.
  • Right to complain — to the Office of the Privacy Commissioner of Canada and, for health information, to the New Brunswick Office of the Access to Information and Privacy Commissioner.

7. Security

  • TLS 1.3 in transit, AES-256 at rest.
  • Multi-factor authentication available for facility and admin accounts.
  • Least-privilege access; every credential view is logged in the privacy log.
  • Annual third-party security review — designed to support; first audit scheduled when paying customer threshold is reached.

8. Third parties

We use Stripe (payments — PCI-DSS Level 1), Supabase (database & auth — AWS ca-central-1), and Vercel/Cloudflare (hosting). Each receives only the data needed to perform its function.

9. Contact

Privacy Officer: privacy@shiftlock.ca. We respond within 5 business days.

10. Changes

Material changes will be posted on this page with an updated version number. Active users will be prompted to re-consent on the next sign-in following a material change. Prior versions are archived.

See also: Privacy & Your Data · Data residency status