Privacy Policy

Last Updated: 12th March 2026

This Privacy Policy explains how Shyft (“Shyft”, “we”, “us”, or “our”) collects, uses, stores, and protects personal information when you use the Shyft mobile application, website (https://www.shyft.co), and related services (collectively, the “Services”). 

Shyft operates a platform that connects independent contractors (“Shyfters”) with organisations requiring workforce coverage for specific paid tasks (“Shyfts”). 

We are committed to handling personal data transparently, securely, and in accordance with applicable privacy laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. 

1. Data Controller 

The organisation responsible for processing personal data is: 

OD 3333 Ltd 
3 Greengate 
Cardale Park 
Harrogate 
HG1 3GY 
United Kingdom 

Email: privacy@shyft.co 
Company Number: 16380112 
ICO Registration: ZB907559 

OD 3333 Ltd operates the Shyft platform and acts as the data controller for personal data processed through the Services. 

2. Who This Policy Applies To 

This Privacy Policy applies to: 

  • individuals creating accounts on the Shyft platform
  • independent contractors performing tasks through the platform
  • users interacting with the Shyft website or app
  • organisations using Shyft services

The platform is designed primarily for users located in the United Kingdom. 

3. Information We Collect 

We collect personal information necessary to operate the Shyft platform. 

3.1 Information You Provide 

When you create an account or use the Services, we may collect: 

Account Information 

  • Full name 
  • Email address 
  • Phone number 
  • Date of birth 
  • Password credentials 

Identity Verification Information 

To confirm identity and eligibility to work: 

  • Passport or identity document 
  • Selfie photo used for verification 
  • Right-to-work verification 

Right-to-work checks are processed through RightCheck, a third-party identity verification provider. 

Contractor Information 

For contractors using the platform: 

  • Address details 
  • Bank account details for payment 
  • Work history on the platform 
  • Qualifications or certifications (where provided) 
  • Optional DBS information where supplied by the contractor 

Communications 

  • Messages sent through the platform 
  • Customer support conversations 
  • Feedback or reviews 

3.2 Information Collected Automatically 

When using the Shyft Services we may collect: 

Device Information 

  • Device type 
  • Operating system 
  • Application version 
  • IP address 
  • Device identifiers 

Usage Data 

  • Login activity 
  • Actions within the application 
  • Shyfts viewed or reserved 
  • Task completion events 

Location Data 

The Shyft app collects location data when: 

  • A contractor checks in to a Shyft 
  • A Shyft is in progress 
  • A contractor checks out of a Shyft 

Location tracking begins when a contractor checks in and stops once the Shyft is completed. 

Location data is used to provide: 

  • Proof of presence at a work location 
  • Proof of service delivery 
  • Fraud prevention 

4. Payments 

Contractors using Shyft are independent contractors and are paid directly by Shyft via bank transfer. 

To process payments, we collect and store: 

  • Bank account details 
  • Payment history 
  • Transaction records 

Payment records may be retained where required for accounting and legal compliance. 

5. How We Use Personal Data 

We process personal data for the following purposes. 

5.1 Providing the Shyft Platform 

To: 

  • Create and manage user accounts 
  • Allow contractors to view and reserve Shyfts 
  • Enable organisations to fill workforce requirements 
  • Verify attendance and completion of tasks 
  • Process contractor payments 
  • Provide customer support 

Legal basis: Contract performance 

5.2 Identity Verification and Compliance 

To: 

  • Confirm user identity 
  • Verify right-to-work eligibility 
  • Meet legal or regulatory requirements 

Legal basis: Legal obligation and legitimate interests 

5.3 Platform Performance and Improvement 

To: 

  • Analyse platform performance 
  • Improve functionality and reliability 
  • Understand platform usage 

Analytics services used include: 

  • Firebase 
  • Google Analytics 

Legal basis: Legitimate interests 

5.4 Communications 

We may send: 

  • Account notifications 
  • Shyft opportunity alerts 
  • Reminders about reserved Shyfts 
  • Booking confirmations 
  • Support responses 

These communications may be sent through: 

  • Email 
  • Push notifications 

Emails are delivered using SendGrid. 

Legal basis: Contract performance and legitimate interests 

5.5 Fraud Prevention and Security 

To protect the integrity of the platform we monitor activity for potential fraud or misuse, including: 

  • Detection of location spoofing 
  • Suspicious platform activity 
  • Misuse of the platform 

Legal basis: Legitimate interests 

5.6 Location Tracking 

To verify contractor attendance, service delivery, and prevent fraud during active Shyfts. 

Legal basis: Contract performance 

6. Performance Monitoring 

Shyft tracks contractor activity and performance information relating to completed tasks, including attendance and delivery of services. 

This information may be used internally to monitor service quality and platform performance. 

Shyft does not use automated decision-making systems that restrict access to opportunities based solely on automated scoring. 

7. Sharing Personal Data 

We may share personal data in the following circumstances. 

7.1 Client Organisations 

Where a contractor completes a Shyft for an organisation, limited information may be shared with that organisation including: 

  • Contractor name 
  • Confirmation of attendance 
  • Completion of the Shyft 

Only information necessary for operational purposes will be shared. 

7.2 Service Providers 

We use trusted third-party providers to support the operation of the platform, including: 

  • Microsoft Azure (cloud infrastructure) 
  • SendGrid (email delivery) 
  • Intercom (customer support platform) 
  • Firebase (application analytics and infrastructure) 

These providers process personal data only as necessary to provide their services to Shyft. 

Where providers process data outside the United Kingdom, appropriate safeguards are in place including UK-approved Standard Contractual Clauses or transfers to countries covered by UK adequacy regulations. 

7.3 Legal and Regulatory Disclosure 

We may disclose personal data where required: 

  • By law 
  • By court order 
  • By regulatory authorities 
  • To protect legal rights or safety 

8. Data Retention 

Personal data is retained according to operational and legal requirements. 

Contractor accounts remain active until the user requests deletion or deactivation. 

When an account is deleted: 

  • The account is disabled 
  • Personal data is anonymised after 12 months 
  • Remaining data is permanently deleted after 6 years 

Certain financial records may be retained where required for legal or accounting purposes. 

9. Security 

We implement appropriate security measures to protect personal data, including: 

  • Role-based access controls 
  • Audit logging of system access 
  • Secure cloud infrastructure 
  • Encryption of data in transit 

Access to personal data is restricted to authorised personnel. 

10. Your Privacy Rights 

Under UK GDPR, individuals may have the right to: 

  • Access their personal data 
  • Request correction of inaccurate data 
  • Request deletion of personal data 
  • Request restriction of processing 
  • Object to certain types of processing 
  • Request data portability 

Requests can be made by contacting: 

privacy@shyft.co 

We may require identity verification before responding to requests. 

Location tracking is required to perform the contract. Accounts that do not consent to location tracking during active Shyfts cannot use the platform. 

11. Age Restrictions 

The Shyft platform is intended for individuals aged 18 or older. 

We do not knowingly collect personal data from individuals under the age of 18. 

12. Cookies 

The Shyft website uses cookies and similar technologies to understand website usage and improve performance. 

This includes the use of Google Analytics. 

Users may control cookies through their browser settings. 

13. Third-Party Services 

The Shyft Services may contain links to third-party websites or services. 

Shyft is not responsible for the privacy practices of external services. 

Users should review the privacy policies of those providers. 

14. Changes to this Policy 

We may update this Privacy Policy from time to time. 

When changes occur we may: 

  • Update this page 
  • Notify users within the application 

The latest version will always be available at: https://www.shyft.co/privacy

15. Contact 

If you have questions about this Privacy Policy or personal data processing, please contact: 

privacy@shyft.co 
OD 3333 Ltd 
3 Greengate 
Cardale Park 
Harrogate 
HG1 3GY 
United Kingdom