Privacy Policy
Last Updated: March 23, 2026
1. Introduction
Welcome to ShiftRova, a platform strictly created, owned, and operated by T3CHMAN Software Pty Ltd (“ShiftRova”, “we”, “our”, or “us”). We are committed to protecting your personal information and your right to privacy. This policy describes how we collect, use, and share your personal information when you use our website, mobile applications, and workforce management services (collectively, the “Services”).
2. Information We Collect
We collect information that you voluntarily provide to us when registering for the Services, expressing an interest in obtaining information about us, or otherwise contacting us.
- Personal Information Provided by You: Names, phone numbers, email addresses, job titles, passwords, and organization details.
- Employee Data: Employers (our primary customers) input data regarding their employees, including shift schedules, hourly rates, GPS location data during clock-ins (if enabled), and employment compliance documentation.
- Payment Data: We collect data necessary to process your payment if you make purchases, such as your payment instrument number. All payment data is stored by our payment processor (Stripe).
- Usage Data: We automatically collect certain information when you visit, use or navigate the Services (e.g., IP address, browser characteristics).
3. How We Use Your Information
We use personal information collected via our Services for a variety of business purposes, including:
- To facilitate account creation and logon process.
- To provide and manage workforce scheduling, communications, and compliance tracking.
- To enforce our terms, conditions, and policies for business purposes.
- To respond to legal requests and prevent harm.
4. Location Tracking (GPS Geofencing)
If enabled by an organization administrator, the ShiftRova mobile app may collect precise geolocation data from employees when they explicitly use the “Clock In” or “Clock Out” functionalities. This data is used solely to verify attendance at the specified work site boundary. We do not continuously track employee locations in the background after they have clocked in.
5. Cookies & Local Storage
Cookies are small text files placed on your device by a website to help it function correctly and remember your preferences. In accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs), we are transparent about the cookies we use and the purpose of each one.
ShiftRova uses only strictly necessary and functional cookies. We do not use any advertising, tracking, or third-party analytics cookies.
| Cookie Name | Purpose | Type |
|---|---|---|
| next-auth.session-token __Secure-next-auth.session-token | Authenticates your login session, keeping you signed in while you use the platform. | Strictly Necessary |
| next-auth.csrf-token | Prevents cross-site request forgery (CSRF) attacks to protect your account security. | Strictly Necessary |
| next-auth.callback-url | Remembers where to redirect you after you have successfully logged in. | Strictly Necessary |
| sidebar_state | Remembers whether you have the navigation sidebar open or closed within the dashboard. | Functional |
| activeOrgId | Remembers which organisation account you last selected if you belong to multiple organisations. | Functional |
Because we only use strictly necessary and functional cookies, you can continue to use all features of the ShiftRova platform regardless of your cookie preferences. However, if you delete or block cookies via your browser settings, you will be required to log in again and your interface preferences will be reset.
You can manage or delete cookies at any time through your browser's settings. For more information, refer to your browser's help documentation.
7. Retention of Opt-out Preferences
In accordance with our legitimate business interests and to respect your communication preferences, we retain a record of email opt-out preferences (unsubscribes) tied to your email address for a minimum of 3 years following account deletion. This ensures that if you re-register, your preference to not receive marketing or non-essential communications is automatically respected. You may request the permanent removal of these records by contacting us.
8. Automated Decision-Making & AI
ShiftRova utilizes automated algorithms within our “Auto-Scheduler” feature to assist managers in creating efficient rosters based on employee availability, labor roles, and compliance rules.
While these tools provide suggestions, they do not make final, binding decisions regarding your employment or pay without human intervention (managerial review and approval). In accordance with the 2024 amendments to the Australian Privacy Act, you have the right to request information about how these automated processes impact your personal information.
9. Data Residency & Global Distribution
ShiftRova is an Australian-owned and operated company based in Adelaide, South Australia.
To provide the highest level of performance, availability, and security, our application infrastructure utilizes an Edge Computing network. This means your data is processed and stored across a globally distributed network of over 300+ data centers. While this ensures rapid access and redundancy, it involves the transfer and storage of data across a variety of jurisdictions.
Key third-party processors include:
- Stripe: For secure payment processing and subscription billing.
- Cloudflare: For global content delivery, security, and edge computing.
- SendGrid/Twilio: For delivering critical system notifications and shift alerts via email and SMS.
We take reasonable steps to ensure these providers adhere to privacy standards substantially similar to the Australian Privacy Principles.
10. Notifiable Data Breaches (NDB)
We comply with the Australian Notifiable Data Breaches scheme. In the event of an “eligible data breach” — where personal information is lost or subjected to unauthorized access or disclosure that is likely to result in serious harm to any of the individuals to whom the information relates — we will notify the affected individuals and the Australian Information Commissioner as soon as practicable.
11. Your Rights & Complaints
Under the Australian Privacy Principles, you have the right to:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request that we correct any inaccurate or out-of-date information.
- Deletion (Right to be Forgotten): Request the deletion of your personal account data (subject to our legal obligations for tax and labor record retention).
- Complaints: If you believe we have breached the Australian Privacy Principles, you may lodge a complaint with us via the contact details below. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
12. Contact Us
If you have questions or comments about this notice, you may email us at privacy@shiftrova.com