Login
Contact Us
Book a demo
Try for free
Menu

Privacy Policy (Canada)

This is our privacy policy for Canada, which sets out how we handle personal information of users of the ShiftCare App in Canada. We are committed to protecting your privacy and ensuring our practices comply with Canada’s privacy laws, including the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial laws such as Quebec’s Act Respecting the Protection of Personal Information in the Private Sector (as amended by Bill 64, now known as Law 25). These laws require organisations like ours to be transparent about how we collect, use, and disclose your Personal Information, and to provide you with certain rights and remedies. The ShiftCare App is provided by us to users pursuant to a commercial arrangement between us and the company that has given you access to the ShiftCare App (the “Company”).

How do you agree to this policy?

By accessing or using the ShiftCare App in Canada, you consent to the collection, use, and disclosure of your information as described in this policy, subject to the choices and rights you have under applicable law. We will ask for your consent before using your Personal Information for any purpose that is not covered by this policy or that is not obvious to you. In many cases, your consent may be implied from your actions (for example, providing information to register an account is taken as consent to use that information to create and manage your account), but where required by law or for sensitive information, we will seek your express consent. You have the right to withdraw your consent at any time, as explained in this policy, but this may affect our ability to provide you with services.

Meanings of terms used

  • “We”, “us” or “our” refer to ShiftCare Inc. and its affiliated entities, including any Canadian subsidiaries or operations (collectively “ShiftCare”). For the purposes of Canadian law, ShiftCare is the organisation responsible for the handling of your Personal Information. We have appointed a Privacy Officer who oversees our compliance with privacy laws and this policy.

  • “You” or “your” refer to the user of the ShiftCare App.

  • “ShiftCare App” means our software application and related services that you are able to access and use once you conclude the registration process (including any mobile or web versions of the application).

  • “Site” means our website (shiftcare.com) and any Canadian regional sub-sites.

  • “Personal Information” means information about an identifiable individual. In other words, any information that can identify you, or combined with other information can identify you, is considered Personal Information. This may include (but is not limited to) your name, contact details (such as your telephone number or email address), and any other information that can be reasonably linked to you. It can also include sensitive personal information like health or medical information, if you provide or use such data in the ShiftCare App. Personal Information does not include anonymous or de-identified information that cannot be linked to a specific individual, and it generally does not include business contact information like your work title, business address or business phone number when used solely to contact you in your professional capacity, as those may be excluded under some privacy laws.

Other capitalised terms in this policy have the meanings given to them in context or in our Terms and Conditions if not defined here.

What Personal Information do we collect and hold?

We collect Personal Information about users of the ShiftCare App in Canada. The types of Personal Information we collect are substantially the same as those listed in our Australian policy, and include:

  • Name – for example, we collect your name to create your user account or to identify you within the App.

  • Contact Information – such as your email address and phone number, which we use for account communication, multi-factor authentication (if applicable), and support purposes.

  • Profile Details – you may choose to provide additional profile information like a photograph, avatar, job role, or other details within the App. A profile photo is optional, but if you upload one, it will be considered Personal Information (as it can identify you visually).

  • Usage and Interaction Information – any additional information relating to you that you provide directly through the ShiftCare App, or information that arises from your use of the App (such as preferences, settings, messages or content you create, and feedback you submit). It also includes information about your interactions with other users on the ShiftCare App (if the App allows user-to-user communication or sharing of data).

  • Device and Technical Information – when you use the ShiftCare App or visit our Site, we collect technical information such as your device type, operating system, browser type, IP address, and similar data to deliver the service securely and troubleshoot issues. Where this data is linked to your account, we treat it as Personal Information.

  • Cookies and Tracking Data – we use cookies and similar technologies on our Site to collect information about how you navigate and use our website. You will be given an opportunity to manage your cookie preferences in accordance with applicable law, and further details may be provided in a separate Cookies Policy.

  • Third-Party Information – we may receive Personal Information about you from third-party sources, such as your employer or the organisation (the Company) that provisions your access to the App, or from third-party services we integrate with (for example, payment processors or identity verification providers). We treat any information obtained from third parties in the same secure manner as if you provided it directly.

  • Optional Information – sometimes we might request or receive additional information from you that is optional (for example, if you participate in a survey or beta test). We will explain at the time of collection if providing such information is optional and how it will be used.

We limit our collection of Personal Information to what is necessary for the purposes identified in this policy, in accordance with the principle of limiting collection under PIPEDA. If you choose not to provide certain information, we may not be able to provide you with some features of the ShiftCare App (for example, we may not be able to register your account or verify your access).

When do we collect information?

We collect Personal Information at various points, including:

  • Upon registration and account setup: when you or your organisation create an account for the ShiftCare App, we collect the Personal Information needed to set up that account (such as your name, email, and a password). This may be done by you directly or by an administrator on your behalf. We also collect information you actively enter into the App (for example, filling out your profile or preferences).

  • During use of the ShiftCare App: as you use the App, we collect information about your usage, including information you input (like notes, updates, or communications with others) and metadata about your activities (such as time logged in, features used, etc.).

  • When you contact us: if you reach out to us for support, inquire about our services, or otherwise communicate with us (via email, phone, or through the App), we will collect the information you provide in that communication to assist you and improve our support services.

  • From third-party sources and integrations: we collect information from third parties that you or your organisation connect with the ShiftCare App (for example, payroll systems, healthcare record systems, or scheduling tools), according to the configuration set by you or the organisation and with appropriate consent if needed.

  • Through automated means on our Site: when you browse our website, we use analytics tools that automatically collect information about your visit (such as pages viewed, time spent, referring page and general location based on IP address). Where required by law, we will ask for your consent before using non-essential cookies or analytics.

  • Offline and other sources: we may collect personal information offline (for example, if you attend a ShiftCare event or webinar and provide your details), or from publicly available sources where appropriate. We handle that information in accordance with this policy and may combine it with any online data we have about you.

How do we use Personal Information?

We use your Personal Information for the purposes of delivering our services to you and for other compatible purposes that you would reasonably expect, as well as to meet our legal obligations. Specifically, we use Personal Information to:

  • Provide and operate the ShiftCare App, including authenticating you, enabling App features, and personalising your experience.

  • Facilitate transactions and services, such as scheduling services, billing and payments, generally via trusted payment processors.

  • Communicate with you and manage our relationship, including sending administrative emails, service notices and, where permitted, promotional communications (which you can opt out of at any time).

  • Ensure security and prevent misuse, by monitoring for suspicious or fraudulent activity and enforcing compliance with our terms of service.

  • Improve and develop our services, including through analytics, troubleshooting and user feedback, using aggregated and de-identified data wherever possible.

  • Customise content and advertising (if applicable) on our public Site, in compliance with Canadian marketing and anti-spam laws such as CASL.

  • Meet legal and accountability obligations, such as responding to access and correction requests, maintaining records for tax and accounting, and cooperating with law enforcement where required by law.

We will not use your Personal Information for any new purpose without disclosing it to you and obtaining consent if required. We do not use your Personal Information for automated decision-making that produces legal or similarly significant effects on you without human involvement.

AI Features and Personal Data

ShiftCare offers AI-powered features as part of our Service ("AI Features"), including automated note classification, Smart Notes, and Smart Match. When these features are enabled, personal data within your account may be processed to deliver them.

Full details of how we handle personal data in connection with AI Features — including data flows, sub-processors, encryption standards, retention periods, and regional transfer arrangements — are set out in our AI & Data Usage Policy, which forms part of this Privacy Policy.

You can view and manage your organisation’s AI settings, including the ability to disable AI Features or opt out of model training, on our AI Data Controls & Transparency page.

Key principles that apply to all AI processing:

  • Your data is never used to train AI models without your explicit consent.

  • AI processing is limited to the features you have enabled.

  • All AI-generated content is clearly labelled and distinguishable from source records.

  • We engage only trusted sub-processors who are contractually restricted from using your data for any purpose beyond delivering our services.

  • AI-generated summaries and flags are retained for 90 days, then automatically deleted.

For UK customers, data processed by AI Features may be transferred to Australia and is protected by an International Data Transfer Agreement (IDTA) or UK Standard Contractual Clauses (SCC) Addendum. For Canadian customers, data may be processed in the United States or Australia, with cross-border processing disclosed and protected by appropriate contractual safeguards. Full details are in our AI & Data Usage Policy.

Location Data and Mobile App Permissions

What location data we collect

ShiftCare collects location data from support workers in two ways:

  • Proximity-based location data at the point of clock-in and clock-out, used to verify that the worker is at or near the relevant service location; and
  • Background location data when the optional mileage tracking feature is enabled during a shift, which allows the application to calculate distance travelled.

Background location data is only collected while a shift is actively being tracked and stops immediately when the shift ends.

When location data is collected

Location data is collected:

  • At the moment a support worker performs a clock-in or clock-out action; and
  • Continuously, only while the optional mileage tracking feature is actively enabled during a shift.

No background location data is collected outside of an active shift.

How we use location data

Location data is used solely for internal business operations, including:

  • Verifying worker attendance at service locations; and
  • Calculating travel distance for reimbursement and record-keeping purposes where mileage tracking is enabled.

Location data:

  • Is not used for advertising or marketing purposes;
  • Is not sold to third parties; and
  • Is not shared with third parties except where required by law.

Background location and optional features

The mileage tracking feature that uses background location data is optional.

Background location tracking is only activated when a support worker chooses to enable mileage tracking during a shift.

Background location tracking stops immediately when the shift ends or when the feature is disabled.

User control and permissions

Users can control location permissions through their device settings and may enable or disable location access at any time.

If location permissions are disabled:

  • Clock-in and clock-out verification may not function correctly; and
  • Mileage tracking functionality may be unavailable.

By enabling location permissions within the ShiftCare mobile application, users consent to the collection and use of location data as described in this Privacy Policy.

Data handling and security

Location data is handled in accordance with applicable privacy laws and is collected only where reasonably necessary for operational purposes. It is protected using appropriate technical and organisational safeguards.

How do we protect information?

We take the security of Personal Information very seriously. ShiftCare implements a variety of safeguards to protect personal data against loss or theft, as well as unauthorised access, disclosure, copying, use, or modification. These safeguards are proportional to the sensitivity of the information and include technical, organisational, and physical measures.

Technical safeguards include industry-standard encryption protocols to protect data in transit (for example, HTTPS/TLS) and at rest, secure server infrastructure, firewalls, access controls, regular security updates, and monitoring for suspicious activity. Organisational safeguards include restricting access to Personal Information to employees or contractors with a business need to access it, confidentiality obligations, staff training on privacy and security best practices, and formal incident response plans. Physical safeguards include secure data centre facilities and appropriate controls for any physical media or documents.

We avoid storing Personal Information longer than needed and minimise data retention where possible. If you make a request to access your information or exercise other rights, we will verify your identity before fulfilling the request as an additional security measure.

Despite these measures, no method of transmission or storage is completely secure. In the unlikely event of a data breach that poses a risk of significant harm to you, we will notify you and the relevant privacy commissioner(s) as required by Canadian law. If you suspect any misuse or unauthorised access to your Personal Information, please contact us immediately using the details below.

When do we give information to third parties?

We only disclose your Personal Information to third parties for purposes that a reasonable person would consider appropriate in light of the circumstances – essentially, to help us run our business and provide the ShiftCare App to you, or where required by law. We do not sell your Personal Information to third parties. We may share your information with:

  • Service providers (processors) who perform services on our behalf (such as cloud hosting, email delivery, analytics, customer support tools and payment processors), subject to contractual obligations to protect your information and use it only for the purposes of providing services to us.

  • Affiliated entities within the ShiftCare group, as needed to provide support or development for the service, under similar privacy and security practices.

  • Parties involved in business transactions, such as potential purchasers, financiers or legal advisors, in connection with a merger, acquisition, financing, reorganisation or sale of assets, subject to confidentiality obligations and in accordance with applicable law.

  • Law enforcement and regulators, where required to comply with legal obligations, court orders or lawful requests, or to protect the rights, property or safety of our users, the Company or others.

  • Other third parties with your consent, for example where you instruct us to share your information with an integration partner, or where you participate in a case study or testimonial and agree to share certain information publicly.

Where third-party service providers or affiliates are located outside Canada, we take steps to ensure that any cross-border transfers or access are subject to appropriate safeguards, in line with PIPEDA and applicable provincial laws (including Quebec’s Law 25 for Quebec residents). We will never rent or sell your Personal Information, nor disclose it for marketing purposes to unrelated companies without your consent.

Storing your information

All ShiftCare customer data for Canadian users is hosted on servers located in Canada using reputable cloud service providers. By using the ShiftCare App in Canada, you agree and consent to your Personal Information being stored and processed in Canada in accordance with this policy.

Storing data in Canada means that your Personal Information is protected under Canadian law and avoids unnecessary cross-border transfers. However, some of our support or engineering team members outside Canada (for example, in Australia or the US) may need access to the data remotely to provide services such as technical support or system maintenance. In such cases, this is considered a transfer of personal information across borders. We ensure that any cross-border access is done securely and in compliance with PIPEDA and applicable provincial laws, including conducting transfer risk assessments where required (such as under Quebec’s Law 25).

We retain Personal Information only for as long as necessary to fulfil the purposes for which it was collected, or as required or permitted by law. When Personal Information is no longer needed, we ensure it is securely deleted, destroyed or anonymised in line with our data retention policies.

How can you access and update your Personal Information?

Canadian privacy laws give you the right to access the Personal Information we hold about you and to request that any inaccuracies be corrected. Many of the basics of your Personal Information can be accessed directly by you through the ShiftCare App by logging in to view and update your profile and certain account details.

If you require a more complete report of the Personal Information we hold about you, or if you wish to correct information that you cannot change directly in the App, you can send a written request (by email is fine) to our Privacy Officer using the contact details below. Please specify what information or processing activities your request relates to. We will respond within 30 days as required by PIPEDA (or inform you if an extension is needed) and may ask for additional information to verify your identity before providing access or making corrections.

You may also withdraw consent for certain uses of your Personal Information, request deletion (erasure) of your Personal Information, request restriction of processing in specific circumstances, or exercise data portability rights where applicable (for example, under Quebec’s Law 25). These rights are subject to legal and contractual limitations – for example, we may retain certain information where required by law or needed to establish, exercise or defend legal claims. We will explain any limitations that apply when you make a request.

Will this policy be updated?

Yes, we may update this Privacy Policy from time to time to remain compliant with changing laws and to reflect any changes in how we manage Personal Information. When we make changes, we will post the updated policy on our website and adjust the “Published” or “Last Updated” date at the bottom of the policy. If there are significant changes, we will take additional steps to inform you (for example, by notifying you via email or through a notification in the ShiftCare App).

We encourage you to review this policy periodically to stay informed about how we are protecting your information. Continuing to use the ShiftCare App or our services after a revised Privacy Policy has been posted will signify your acceptance of the revised terms, unless your explicit consent is required by law, in which case we will seek it.

How to contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your Personal Information, please contact us. We have designated a Privacy Officer who is accountable for our compliance with this policy and Canadian privacy laws.

You can contact our Privacy Officer (or our team) using the details below:

  • Email: privacy@shiftcare.com

  • Mail: ShiftCare Inc. – Privacy Officer, 17 State Street, New York, NY 10004, USA

  • Phone: +1 888 546 4180 (toll-free)

We will treat your enquiries and complaints with care and confidentiality. We aim to acknowledge all requests or complaints within five business days and provide a more complete response within 30 days. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada (OPC) or, where applicable, the relevant provincial privacy commissioner. Details are available at priv.gc.ca and on provincial commissioner websites.

Published: October 2025