Privacy Policy

Shyft AI LLC ("Shyft AI," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website shyft.ai (the "Site") and use our services (the "Services").

This Privacy Policy applies to all users of our Site and Services, including visitors, registered users, and customers. Please read this policy carefully. By using our Site or Services, you consent to the practices described in this Privacy Policy.

Data Controller:

Contact for Privacy Matters:
Email: privacy@shyft.ai

EU Representative (GDPR Article 27):
Daniel Pruijssers
Portugal
Email: hello@shyft.ai

3.1 Information You Provide

We collect information you voluntarily provide, including:

Account Information:

• Name
• Email address
• Password (encrypted)
• Company name
• Job title
• Phone number (optional)

Business Information:

• Company size
• Industry
• Current technology stack
• Business processes and workflows
• AI readiness assessment responses

Payment Information:

• Billing name and address
• Payment card details (processed securely by Stripe; we do not store full card numbers)

Communications:

• Emails and messages you send to us
• Support requests
• Feedback and survey responses

3.2 Information Collected Automatically

When you visit our Site, we automatically collect:

Device and Browser Information:

• IP address
• Browser type and version
• Operating system
• Device type
• Screen resolution

Usage Information:

• Pages visited
• Time spent on pages
• Click patterns
• Referring website
• Exit pages

Cookies and Similar Technologies:

• Session cookies
• Persistent cookies
• Pixel tags
• Local storage

See our Cookie Policy for more details.

3.3 Information from Third Parties

We may receive information from:

Data Enrichment Services:

• Publicly available company information
• Professional profile data (from LinkedIn and similar platforms)

Analytics Providers:

• Aggregated usage statistics

Payment Processors:

• Transaction confirmation
• Fraud prevention data

We use your information for the following purposes:

4.1 Service Delivery (Legal Basis: Contract)

• Creating and managing your account
• Processing transactions and payments
• Delivering purchased reports and services
• Providing customer support
• Communicating about your account or services

4.2 Service Improvement (Legal Basis: Legitimate Interest)

• Analyzing usage patterns to improve our Services
• Developing new features and products
• Troubleshooting technical issues
• Ensuring security and preventing fraud

4.3 Marketing (Legal Basis: Consent or Legitimate Interest)

• Sending newsletters and promotional emails (with your consent)
• Providing personalized content recommendations
• Conducting surveys and research

4.4 AI Processing (Legal Basis: Contract and Legitimate Interest)

• Analyzing your business data to generate AI readiness assessments
• Creating personalized recommendations and reports
• Improving our AI models and algorithms (using anonymized data)

4.5 Legal Compliance (Legal Basis: Legal Obligation)

• Complying with applicable laws and regulations
• Responding to legal requests and court orders
• Protecting our rights and preventing fraud

For users in the European Economic Area (EEA), UK, and Switzerland, we process your personal data based on the following legal bases:

Legitimate Interest Assessment: Where we rely on legitimate interests, we have conducted a balancing test to ensure our interests do not override your rights and freedoms. You may request details of this assessment by contacting us.

We do not sell your personal data. We may share your information in the following circumstances:

6.1 Service Providers

We share information with third-party vendors who perform services on our behalf:

All service providers are contractually obligated to protect your data and use it only as directed by us.

6.2 Legal Requirements

We may disclose your information if required by law, such as:

• To comply with a subpoena, court order, or legal process
• To respond to government or regulatory requests
• To protect our rights, privacy, safety, or property
• To enforce our Terms of Service

6.3 Business Transfers

If Shyft AI is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

6.4 With Your Consent

We may share your information with third parties when you give us explicit consent to do so.

Shyft AI is based in the United States. If you are located outside the US, your information will be transferred to and processed in the US and potentially other countries.

7.1 Safeguards for EEA/UK Transfers

For transfers of personal data from the EEA, UK, or Switzerland to the US, we rely on:

• Standard Contractual Clauses (SCCs): We use EU-approved standard contractual clauses with our service providers
• Data Processing Agreements: We maintain DPAs with all sub-processors
• Supplementary Measures: Where necessary, we implement additional technical and organizational measures

7.2 Transfer Impact Assessments

We have assessed the risks associated with transfers to the US and implemented appropriate safeguards. You may request information about our transfer mechanisms by contacting us.

We retain your personal data only as long as necessary for the purposes described in this Privacy Policy:

After the retention period, we securely delete or anonymize your data.

9.1 Rights for All Users

Regardless of your location, you have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion of your data
• Opt-out of marketing communications
• Close your account

9.2 Additional Rights for EEA/UK Residents

Under GDPR, you also have the right to:

• Data Portability: Receive your data in a structured, machine-readable format
• Restriction: Request we limit processing of your data
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time (without affecting prior processing)
• Lodge a Complaint: File a complaint with your local data protection authority

9.3 How to Exercise Your Rights

To exercise your rights, contact us at:

Email: privacy@shyft.ai

Subject Line: "Privacy Rights Request - [Your Request Type]"

We will respond to your request within 30 days (or 45 days for complex requests). We may need to verify your identity before processing your request.

9.4 Data Protection Authorities

If you are in the EEA, you have the right to lodge a complaint with your local supervisory authority. A list of authorities is available at: https://edpb.europa.eu/about-edpb/board/members_en

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS/SSL)
• Encryption of data at rest
• Access controls and authentication
• Regular security assessments
• Employee security training
• Incident response procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we learn that we have collected personal data from a child, we will take steps to delete that information promptly.

If you believe we have collected information from a child, please contact us at privacy@shyft.ai.

Our Site may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

Some browsers include a "Do Not Track" (DNT) feature. Our Site does not currently respond to DNT signals. However, you can manage your cookie preferences through our cookie consent tool or your browser settings.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request information about data we collect, use, and disclose
• Right to Delete: Request deletion of your personal information
• Right to Correct: Request correction of inaccurate information
• Right to Opt-Out: Opt out of the sale or sharing of personal information
• Right to Non-Discrimination: Not be discriminated against for exercising your rights

We do not sell personal information as defined under CCPA/CPRA.

To exercise your California privacy rights, contact us at privacy@shyft.ai.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by:

• Posting the updated policy on our Site with a new "Last Updated" date
• Sending an email notification to registered users (for significant changes)

We encourage you to review this Privacy Policy periodically. Your continued use of the Services after changes become effective constitutes acceptance of the revised policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Inquiries: privacy@shyft.ai
General Contact: hello@shyft.ai
Phone: 302-232-5383

EU Representative (GDPR Article 27):
Daniel Pruijssers
Portugal
Email: hello@shyft.ai