Shift Show – Privacy Policy
Last updated: June 2026
Effective date: June 2026
Data controller: Jittercat, South Africa ("Jittercat", "we", "us", "our"), operator of the Shift Show app.
Contact: [email protected]
Summary: Shift Show has no user accounts and stores your schedule data locally on your device. We do not collect, view, sell, or transmit your shifts, tasks, events, leave, or overtime data. The only data that leaves your device is (a) anonymised crash diagnostics via Firebase Crashlytics, (b) ad-related data via Google AdMob, (c) optional backups you upload to your own Google Drive, and (d) any email content you send to our support address.
1. Scope
This Policy describes how we handle information when you install, use, or contact us in connection with the Shift Show Android app and the website at shiftshow.app. It applies worldwide and is intended to meet our obligations under the South African Protection of Personal Information Act (POPIA), the EU and UK General Data Protection Regulations (GDPR / UK-GDPR), the California Consumer Privacy Act as amended (CCPA/CPRA), and other applicable data protection laws.
2. Information We Do Not Collect
- We do not require an account, name, email address, phone number, date of birth, or any other identifier to use the app.
- We do not collect, transmit, or have access to your shifts, tasks, events, leave entries, overtime entries, alarms, custom holidays, HR report settings (employee name, staff number, company name, shift times, counting rules), or any other in-app content. All of that data stays on your device unless you choose to back it up to your own Google Drive or share it manually.
- We do not sell, rent, trade, or otherwise share your personal information for monetary or other valuable consideration. For CCPA purposes: we do not "sell" personal information. The use of advertising identifiers by AdMob may qualify as "sharing for cross-context behavioural advertising" under CCPA — see Section 4 for how to opt out.
3. Information We Do Collect or Process
- Crash and diagnostic data (Firebase Crashlytics, operated by Google): when the app crashes, anonymised technical information is collected — device model, operating system version, app version, crash stack trace, and a randomly-generated installation identifier. No personal content from the app is included. Lawful basis: legitimate interests in maintaining and improving app stability (GDPR Art. 6(1)(f)).
- Advertising data (Google AdMob): AdMob processes limited, non-identifying technical data such as device type, app version, advertising identifier (AAID), language, coarse location (derived from IP), and ad-interaction events to display advertisements and measure performance. In the EEA, UK, and Switzerland, personalised ads are only served if you give consent through the in-app Google User Messaging Platform (UMP) consent dialog; if you refuse, you will be shown non-personalised ads only. Lawful basis: consent (GDPR Art. 6(1)(a)) for personalised ads in consent-required regions; legitimate interests (Art. 6(1)(f)) for non-personalised ads where permitted.
- Support communications: if you email us at [email protected], your email address and the content of your message are stored on our support inbox infrastructure (hosted by reputable third-party email/cloud providers acting as our processors under written agreements) for the purpose of responding to you and keeping a record. Lawful basis: legitimate interests in providing user support, or your consent where you have initiated the contact.
- Google Play data: when you install or update the app, Google Play processes information under Google's Privacy Policy. We receive only aggregated, anonymised install/uninstall statistics through the Google Play Console.
- Optional Google Drive backups: if you choose to back up your data through the app's "Sync with Google Drive" feature, your data is uploaded to your own Google Drive account using Google's standard Drive API and Google's app-data scope. We do not store this data on our servers, cannot read other files in your Drive, and cannot access these backups ourselves.
4. Advertising & Your Choices
- Ads are served by Google AdMob in accordance with Google's Advertising Policy.
- In the EEA, UK, and Switzerland, the in-app consent dialog (Google UMP) lets you accept or refuse personalised advertising. You can change your choice at any time from within the app.
- You can reset or limit your Android advertising identifier at any time: Android Settings → Privacy → Ads (path may vary by device).
- To opt out of personalised ads across Google services: https://adssettings.google.com.
- California residents can opt out of "sharing for cross-context behavioural advertising" by refusing the consent dialog (where shown) and/or by enabling Limit Ad Tracking / resetting the advertising ID on the device.
5. Data Storage, Location & International Transfers
- Your in-app data is stored locally on your device only.
- Crash diagnostics (Firebase) and advertising data (AdMob) are processed by Google LLC, which may store and process information in the United States and other countries. Transfers from the EEA, UK, and Switzerland to Google rely on Google's Standard Contractual Clauses and, where applicable, the EU–US Data Privacy Framework. Details: Google's Privacy Policy.
- Support email content is stored on our support-inbox provider's infrastructure, which may be located outside South Africa. We use providers that offer appropriate safeguards.
6. Data Retention
- In-app data: retained on your device until you delete it (Settings → Clear Data) or uninstall the app. We have no copy.
- Firebase Crashlytics: retention is controlled by Google (typically 90 days for crash reports; see Google's Firebase data retention policy).
- Google AdMob: retention is controlled by Google (typically up to 14 months for measurement data).
- Support emails: retained for as long as reasonably necessary to handle your enquiry and our records (typically up to 24 months), or longer if required by law.
7. Security
We apply reasonable technical and organisational measures to protect the limited data we process (encrypted transport, access controls on our support inbox, reputable third-party processors). No internet transmission or electronic storage can be guaranteed 100% secure. You are responsible for the security of your device and any backups you create.
8. Your Rights
Subject to applicable law, you have the following rights regarding the limited personal data we process (crash diagnostics, ad identifiers, support emails). We do not have access to your in-app schedule data, so most rights below relate to support emails and analytics/ad data held by our third-party processors.
- POPIA (South Africa): rights of access, correction, objection, and complaint to the Information Regulator (inforegulator.org.za).
- GDPR / UK-GDPR (EEA, UK): rights of access, rectification, erasure, restriction of processing, data portability, objection, withdrawal of consent (without affecting prior processing), and lodging a complaint with your local supervisory authority.
- CCPA/CPRA (California): rights to know, delete, correct, opt out of sale/sharing, and non-discrimination.
- Other jurisdictions: equivalent rights as granted by applicable law.
To exercise any right, email [email protected]. We will respond within the time period required by applicable law. We may request information to verify your identity. You can delete all locally-stored app data at any time using Settings → Clear Data inside the app.
9. Third-Party Services & Links
The app uses the following third-party services. Their privacy practices are governed by their own policies:
- Google AdMob — policies.google.com/privacy
- Firebase Crashlytics (Google) — firebase.google.com/support/privacy
- Google Drive (optional, for your backups) — policies.google.com/privacy
- Google Play — policies.google.com/privacy
Advertisements may link to third-party websites. We are not responsible for the content, accuracy, or privacy practices of those sites.
10. Business Email Compromise
While we apply reasonable security measures to support communications, email is inherently susceptible to phishing, spoofing, and Business Email Compromise (BEC). Always verify unexpected or sensitive requests through a separate channel. No electronic communication can be guaranteed completely secure.
11. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date will be revised, and the current version will be available at https://shiftshow.app/privacy.html. Material changes will be notified via the app or this page.
12. Contact
For privacy questions, requests, or complaints, contact us at [email protected]