Legal
Privacy Policy
Last updated May 18, 2026. This policy explains what we collect, why, and how to control it.
⚠️ Placeholder notice
This is a starter privacy policy template intended for a US-based gig marketplace. It is not a substitute for legal review by an attorney. Before launch, have this reviewed and adapted to your specific business operations, applicable jurisdictions, and any state-specific addenda (CCPA, CPRA, VCDPA, etc.).
1. Information we collect
We collect information you provide directly:
- Account info: name, email, phone, password (hashed)
- Worker profile info: skills, work history, ratings, location preferences
- Employer profile info: business name, tax ID (encrypted), billing details
- Payment info: handled by Stripe; we never store full card or bank numbers
- Time-tracking data: GPS clock-in coordinates, photo verification
We collect information automatically:
- Device and browser information (IP, OS, browser version)
- Usage logs (pages visited, actions taken, timestamps)
- Cookies (for authentication and analytics; see Cookies section)
2. How we use information
- To operate the platform: matching workers to shifts, processing payments, sending notifications
- To verify identity and prevent fraud
- To improve the product (aggregated, anonymized analytics)
- To communicate with you (transactional emails, support, occasional product updates)
- To comply with legal obligations (1099 reporting, court orders, regulatory requests)
3. How we share information
We share information only when necessary:
- With other platform users: employers see worker profiles; workers see employer business names and shift details
- With service providers: Stripe (payments), Resend (email), Vercel (hosting), Neon (database), Sentry (error monitoring) — under data processing agreements
- For legal compliance: when required by law or to protect the safety of users
- In a business transfer: if FindShifts is acquired, your data may transfer to the acquirer under the same terms
We do not sell personal information. California residents have additional rights — see our Do Not Sell or Share My Personal Info page.
4. Your rights
Depending on your jurisdiction, you may have the right to:
- Access the data we hold about you
- Correct inaccurate data
- Delete your account and associated data (subject to legal retention)
- Opt out of marketing communications
- Port your data to another service
To exercise these rights, email privacy@findshifts.work. We respond within 30 days.
5. Security
We protect data with encryption at rest and in transit, role-based access controls, and routine security review. Despite this, no system is impenetrable; we encourage strong passwords and report any suspected compromise to security@findshifts.work.
6. Children
FindShifts is not for children under 16. We do not knowingly collect data from anyone under 18. If you believe we have, contact us immediately for deletion.
7. Changes
We may update this policy as our practices evolve. Material changes will be announced via email and a banner notice on the site at least 14 days before they take effect.
Contact
FindShifts Privacy Team
privacy@findshifts.work
