Privacy Policy

Last updated: March 24, 2026

1. Introduction

ShiftDrop ("we", "our", or "us") operates the website shift-drop.com. This Privacy Policy explains how we collect, use, and protect your personal information when you use our service.

2. Information We Collect

When you sign in with Google, we receive and store:

  • Your name and email address from your Google profile
  • A Google refresh token to access your Google Calendar on your behalf

When you use the service, we store:

  • Event templates you create (titles, times, locations, notes, and optionally a CC email address you provide)
  • Your timezone preference
  • Your subscription status and Stripe customer reference (Pro subscribers only)

CC email addresses: As a Pro feature, you may optionally add a third-party email address to a template so that person is automatically included as a calendar invite attendee. This email address is stored as part of your template data. You are responsible for ensuring you have a lawful basis (such as the consent of, or a legitimate interest relating to, the person whose email you enter) before adding it. You should only add email addresses of people who expect to receive calendar invitations from you.

3. How We Use Your Information

We use your information solely to:

  • Authenticate you via Google Sign-In or email and password
  • Create and manage events in your Google Calendar at your request
  • Store your event templates so you can reuse them
  • Display your calendar data to check for scheduling conflicts
  • Include any CC email address stored in your template as a calendar invite attendee, when you push an event
  • Process subscription payments via Stripe (Pro subscribers only)
  • Notify you of important service updates, such as scheduled maintenance, downtime, or material changes to the platform
  • Occasionally contact you about new features, platform updates, or opportunities to participate in early access programmes such as beta testing. You may opt out of these communications at any time by contacting us at [email protected]

We do not sell, share, or transfer your personal data to third parties for marketing or advertising purposes.

4. Google API Services

ShiftDrop's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only access Google Calendar data when you explicitly request it (e.g., pushing events, checking conflicts, or importing events).

5. Data Storage and Security

Your data is stored on our self-hosted servers. We use HTTPS encryption for all data in transit and store authentication tokens securely. Google refresh tokens are stored encrypted in our database and are only used to communicate with Google Calendar on your behalf.

6. Data Retention and Deletion

We retain your data for as long as your account is active. You can delete your account and all associated data at any time from the Account page within the app, or by contacting us at [email protected]. You can also disconnect your Google Calendar integration from the Account page without deleting your account. You can revoke ShiftDrop's access to your Google account at any time through your Google Account permissions.

7. Cookies

We use a single authentication cookie to keep you signed in. We do not use tracking cookies or third-party advertising cookies. We use Google Analytics to understand how our site is used; you can opt out using browser extensions or settings.

8. Third-Party Data (CC Email Addresses)

When you use the CC email feature, you provide us with an email address belonging to another person. We store this solely within your template and transmit it to Google Calendar or include it in ICS files only when you explicitly push an event. We do not use CC email addresses for marketing, profiling, or any purpose other than creating the calendar invite you request.

Under UK GDPR and GDPR, if you add a third party's email address you are acting as a data controller for that data. You should only do so where you have a lawful basis — for example, where that person expects to receive calendar invitations from you. If you no longer need the CC email, you can edit or delete the template from the app to remove it.

9. Payments (Stripe)

Pro subscription payments are processed by Stripe. We do not store your payment card details. Stripe stores payment information on our behalf under their own Privacy Policy. We store a Stripe customer reference ID and your subscription status to manage access to Pro features.

10. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction or deletion of your data
  • Revoke Google Calendar access at any time
  • Export your event templates

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of any material changes by updating the date at the top of this page.

12. Contact

If you have questions about this Privacy Policy or want to request data deletion, please contact us at [email protected].