Privacy Policy

Effective Date: June 9, 2026

Introduction and Scope

This Privacy Policy (the “Policy”) applies to the SHIFT mobile application for iOS and watchOS (the “App”) provided by Neel Software Solutions (“we,” “us,” or “our”), together with the cloud services we operate to enable account sign-in, synchronization, and sharing (the “Services”). It explains what information we process, how it is used, and the rights available to you. It does not apply to third-party services that maintain their own privacy policies, as described in the “Third-Party Services” section below.

In this Policy, “Personal Information” means information that identifies, relates to, or could reasonably be linked to an identifiable individual. By using the App, you acknowledge that you have read and understood this Policy.

Information You Provide

You may provide the following information when you use the App:

• Account information, such as the email address (or, where enabled, the phone number) you use to sign in, and an optional display name;
• Event details, such as titles, dates, venue names, and notes;
• Timeline data, such as blocks, durations, dependencies, and shift history;
• Vendor contact details that you enter, such as names, roles, telephone numbers, and email addresses;
• Venue selections that you search for and choose; and
• Voice recordings that you optionally create and attach to a block.

Account and Authentication

To sign in, the App uses Supabase Auth. You authenticate with a one-time passcode (OTP) sent to your email address; where this option is enabled, you may instead sign in with a one-time passcode sent by SMS to your phone number. We process your email address (and, if used, your phone number) to verify your identity, and we create a profile that stores your account identifier, the email or phone you signed in with, and your optional display name. We do not use passwords and do not store any.

Synchronization, Sharing, and Our Backend

When you are signed in, the content described above — your events, timelines, vendor details, sharing and acknowledgment state, and your profile — is synchronized to and stored on our backend, which is provided by Supabase, Inc. and hosted on cloud infrastructure operated by Amazon Web Services. This allows your data to be available across your devices and to be shared with collaborators you invite. Unlike earlier versions of the App, your event content is processed and stored on servers we operate through Supabase, and is no longer confined to your device.

When you invite a vendor or other collaborator to a timeline, we store the phone number or email address you addressed the invitation to, so that the invited person can claim the invitation when they sign in. A collaborator you invite receives read-only access to the timeline you shared, together with the contact and acknowledgment information necessary for that collaboration.

Push Notifications

If you enable notifications, the App registers a device push token with the Apple Push Notification service and stores that token on our backend. We use it, through a server function, to deliver timeline-change (“shift”) alerts to the devices of affected collaborators. You can disable notifications at any time in your device settings.

Information Collected Automatically

To understand how the App is used and to improve its functionality, the App collects limited, anonymous usage information through TelemetryDeck, a privacy-focused analytics provider. This information is aggregated and is not used to identify you.

Such information may include the frequency of feature usage (for example, creating an event, applying a timeline shift, or exporting a document), non-identifying event parameters (such as the magnitude of a shift), and general diagnostic information used to detect and resolve errors.

Information We Do Not Collect

The App does not:

• Sell or rent Personal Information;
• Collect advertising identifiers or engage in cross-application tracking;
• Access your device’s precise location in the background or track your movements;
• Access your contacts, photo library, or calendar; or
• Use your name, email address, or telephone number for advertising or analytics purposes.

How We Use Information

We use the information processed by the App and Services to:

• Provide, operate, and maintain the features of the App;
• Authenticate you and maintain your account;
• Synchronize your data across your devices through our backend;
• Enable read-only sharing of timelines with collaborators you invite, and deliver their acknowledgments back to you;
• Send push notifications about timeline changes to affected collaborators;
• Enrich timelines with sunset and weather information for venues you select;
• Analyze aggregate, anonymous usage in order to improve the App; and
• Comply with applicable legal obligations.

Data Storage

Your data is stored locally on your device using Apple SwiftData, so the App remains fully functional offline. When you sign in, your data is also synchronized to and stored on our backend (Supabase, hosted on Amazon Web Services) to enable synchronization and sharing. Voice recordings are stored locally on your device and are not uploaded to our backend.

Location and Venue Information

The App does not access your device’s GPS location and does not perform background location tracking. When you search for a venue, Apple MapKit returns location results from which you select the coordinates associated with your event.

The selected coordinates, together with the relevant event date, are transmitted to Apple WeatherKit to obtain a weather forecast and to sunrise-sunset.org to calculate sunset and golden-hour times. Only coordinates and a date are transmitted; no Personal Information is included in these requests.

Voice Recordings

If you choose to attach a voice memo to a timeline block, the App will request access to your device’s microphone. Recordings are stored locally on your device and are not transmitted to us or to any third party. You may delete recordings at any time and may revoke microphone access through your device settings.

Third-Party Services

The App relies on the following third-party services, each of which processes information solely for the purpose indicated and in accordance with its own terms and privacy policy:

• Supabase, Inc. — our cloud backend for account authentication, database storage, real-time synchronization, server functions, and the delivery of push notifications, hosted on Amazon Web Services;
• Apple Push Notification service (APNs) — delivery of push notifications to your device;
• Apple WeatherKit — weather forecasts for selected venues;
• Apple MapKit — venue search and location results;
• Apple App Store and StoreKit — processing of in-app purchases;
• TelemetryDeck — anonymous, aggregated usage analytics; and
• sunrise-sunset.org — calculation of sunset and golden-hour times.

We are not responsible for the privacy practices of these third parties and encourage you to review their respective policies.

Disclosure of Information

We do not sell, rent, or trade Personal Information. We may disclose information only: (a) with your consent or at your direction, such as when you invite a collaborator to a timeline; (b) to service providers, such as Supabase, that process information on our behalf and under our instructions to provide the Services; (c) to comply with applicable law, legal process, or a governmental request; or (d) to protect the rights, property, or safety of Neel Software Solutions, our users, or the public, as permitted by law.

Data Retention

Content you store on our backend is retained until you delete it — for example, by deleting an event, removing a vendor, or requesting deletion of your account by contacting us. Deleting the App removes its locally stored data from that device. Aggregate, anonymous analytics cannot be associated with you and are retained only in de-identified form.

Your Privacy Rights

Depending on your jurisdiction, you may have rights under data-protection laws such as the EU and UK General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”), including the rights to access, correct, delete, and port your Personal Information, and to object to or restrict certain processing.

Because your Personal Information is stored on our backend, you may exercise these rights by contacting us using the details in the “Contact Us” section below, and we will respond as required by applicable law. We do not sell Personal Information, and therefore no opt-out of sale is required.

International Transfers and Security

Our backend provider (Supabase) and the other third-party services described above may process information in the United States and other countries, which may have data-protection laws different from those of your own country. Those providers maintain their own safeguards for international data transfers.

We take reasonable measures to support the security of information processed by the App and Services; data is encrypted in transit using TLS and at rest by our backend provider. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Children’s Privacy

The App is intended for use by event professionals and is not directed to children under the age of 13, or the equivalent minimum age in your jurisdiction. We do not knowingly collect Personal Information from children. If you believe that a child has provided Personal Information, please contact us so that we may take appropriate action.

Changes to This Privacy Policy

We may update this Policy from time to time. When we do, we will revise the Effective Date shown above and, where the changes are material, provide notice within the App. Your continued use of the App after an update takes effect constitutes your acceptance of the revised Policy.

Contact Us

If you have questions or requests regarding this Policy, you may contact Neel Software Solutions at privacy@shift.app.