Privacy Policy

Shift Craft acts as the Data Controller defined under the GDPR for account management purposes and as the Data Processor for operational roster data.

• Identity data (names and staff IDs)
• Contact data (email addresses and phone numbers)
• Operational data (shift patterns, roles and location assignments)
• Audit data (login history and modification logs)

We use this data solely to provide roster compliance validation, fatigue management and operational scheduling services. We do not share operational data with third parties for marketing purposes.

Operational data is retained according to the retention policies defined by the account owner. Audit logs are immutable and retained for the duration of the contract plus a mandatory statutory period.

You have the right to request access to your personal data, correction of inaccurate data and deletion of data where no legal override exists.

For data protection enquiries, please refer to your organisation's internal data protection officer in the first instance.