AI Data Controls & Transparency
Detailed information about how AI processes your data.
ShiftCare AI supports your team. Humans always decide.
Data Handling Principles
AI only processes data for features you have enabled
AI is used to summarise, highlight patterns, and reduce admin workload
AI does not make decisions or take actions on your behalf
All AI-generated content is clearly labelled for transparency and audit
All AI activity is logged and auditable
Data Protection
Data is processed within secure, compliant infrastructure
Personal identifiers are automatically removed where possible before AI processing
Your data is never shared with other customers
Your data remains owned and controlled by your organisation
About note anonymisation
Before support notes are scanned by AI, ShiftCare automatically removes names, email addresses, phone numbers, and physical addresses. This reduces the amount of identifiable information processed by AI.
Note: Anonymisation covers the most common patterns but is not perfect. Edge cases exist. If your organisation has heightened data sensitivity requirements, speak to your account manager about additional controls.
Model Training
- Your data is never used to train AI models — this is off by default
- Your data is not used to improve models for other customers
- AI models do not learn from or retain your organisation’s data between sessions
✓ Opting out of model training is separate from using AI features.
You don’t need to turn AI off to protect your data. The model training opt-out is a standalone control — you stay in full control of your data without losing access to any AI features.
Data Retention
AI-generated summaries and signals are retained for up to 90 days
Original clinical and operational data is never modified by AI features
You can request deletion of AI-generated content at any time
AI Feature Controls
Your organisation administrator can enable or disable AI features individually. You don’t have to take an all-or-nothing approach.
| Feature | Default | Notes |
|---|---|---|
| All AI features (master switch) | On | Disable all AI across your account instantly. Admin setting. |
| Smart Match | On | Surfaces the best-fit workers for each shift. Can disable per org. |
| AI Notes | On | Summarises and flags key information in support notes. Can disable per org. |
| AI Classifier (Smart Notes) | On | Uses an AI model to classify note content. Can switch to keyword-only. |
| Keyword Scanner (Smart Notes) | Always on | Rule-based matching; always runs without AI involvement. Cannot be disabled. |
| AI Model Training | Off | Allow data to contribute to AI model improvements. Cannot be enabled. |
Smart Notes: keyword-only mode
If you prefer not to use the AI classifier, Smart Notes can run in keyword-only mode. Notes are matched against a curated list of terms and phrases with no AI model involved. The keyword scanner is always available regardless of your AI settings.
Infrastructure & Processing Location
ShiftCare AI runs on Amazon Web Services (AWS) via Bedrock. Data is processed securely in compliant infrastructure. Australia data is processed in-country with no cross-border transfers. UK and Canada data may be processed internationally, with transfers protected by appropriate contractual safeguards. All processing includes encryption, access controls, and audit logging. Your data is never shared with third parties.
| Region | Processing location | What this means |
|---|---|---|
| Australia | AWS Sydney (ap-southeast-2) | In-country. No cross-border transfers. Complies with Privacy Act 1988 and Australian Privacy Principles. |
| United Kingdom | May be processed in Australia | Cross-border transfer protected by IDTA / SCC Addendum. UK GDPR compliant. |
| Canada | May be processed in United States or Australia | Cross-border processing disclosed. Protected by appropriate contractual safeguards. PIPEDA compliant. |
| United States | Compliant, secure cloud infrastructure | In-country. Encryption, access controls, and audit logging enforced. |
UK customers: data transfer protections
Data may be processed in Australia. This constitutes an international data transfer under UK GDPR. Transfers are protected by an International Data Transfer Agreement (IDTA) or UK Standard Contractual Clauses (SCC) Addendum, included in your Data Processing Agreement.
Sub-processors
We use trusted providers to deliver AI features, including cloud infrastructure and AI model providers. All sub-processors:
Meet strict security and compliance standards
Are contractually restricted from using your data
Do not use your data to train their models
| Sub-processor | Purpose | Processing location |
|---|---|---|
| Trusted cloud infrastructure and AI model providers | Cloud infrastructure, AI model serving, storage, compute | See full sub-processor list available on request |
AI-Assisted Content Labels
Any content generated or surfaced by AI is clearly marked in the ShiftCare interface. This matters for your team’s accountability, and for NDIS audit trail requirements.
| Label | What it means |
|---|---|
| AI-generated | Created by an AI model. Should be reviewed by a staff member before acting on it. |
| AI-assisted | A staff member created or edited this, with AI suggestions available. The final content reflects a human decision. |
| AI-flagged | Identified by AI for human review. No automated action has been taken. |
NDIS providers: all AI-generated and AI-assisted records include a timestamp, the model version used, and the reviewing staff member’s account — supporting your practice standard audit requirements.
Your Rights
You maintain full control over your data. You can:
Turn all AI features on or off at any time
Enable or disable individual AI features
Opt out of AI model training without losing access to any AI features
Request access to AI processing logs
Export or delete AI-generated content
For any data access or privacy requests, contact our privacy team at privacy@shiftcare.com or speak to your account manager.