ShiftTrained

Privacy Policy

Last updated: April 19, 2026

1. Introduction

ShiftTrained ("we," "our," or "us"), operated by TechWithTerry LLC, provides an AI-powered menu training platform for restaurants. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services at shifttrained.com.

2. Data We Collect

  • Account information — name, email address, phone number, organization details (name, address, logo, brand colors)
  • Menu data — uploaded PDF files and AI-parsed content (item names, descriptions, prices, categories, ingredients)
  • Quiz data — questions, configurations, quiz results, scores, completion times
  • Employee data — names, email addresses, phone numbers, quiz performance history
  • Payment information — processed by Stripe. We do not store credit card numbers, CVVs, or full card details on our servers.
  • Usage data — quiz completion times, feature usage, login activity, page visits
  • Communications — support tickets, contact form submissions, in-app messages
  • Consent records — date, time, IP address, and browser information when you agree to our Terms of Service and Privacy Policy
  • Two-factor authentication data — if enabled, encrypted TOTP secrets or recovery codes associated with your account (coming soon)

3. Team Member Data

When an account holder invites team members (managers, admins, viewers) to their organization, we collect those individuals' names, email addresses, and account credentials. The account holder represents that they have the authority and consent to provide this information. Invited team members can manage their own account data from their dashboard settings.

4. Employee Data Collection

Employee information (name, email, phone number) may be collected directly from the employee when they take their first quiz, or entered by the restaurant manager. In both cases, the restaurant is the data controller and ShiftTrained is the data processor. The restaurant is responsible for ensuring they have appropriate authorization to collect and process employee data through the platform.

5. How We Use Your Data

  • To provide the ShiftTrained service — quiz generation, score tracking, leaderboards, analytics
  • To process payments via Stripe
  • To send transactional emails — quiz invitations, study guides, billing alerts, account notifications
  • To send marketing emails — onboarding drip, product updates. You can opt out from Settings → Notification Preferences.
  • To improve our service through aggregate analytics and AI model improvement
  • To respond to customer support requests
  • To improve our AI systems — we may use anonymized, aggregated menu data with all restaurant-identifying information removed to improve our question generation algorithms. Individual restaurant data is never shared, sold, or used in identifiable form for AI training.

We never sell your data to third parties.

6. Consent Tracking

We record the date, time, IP address, and browser information when you agree to our Terms of Service and Privacy Policy during account creation or team member onboarding. This record is maintained as proof of consent and cannot be modified.

7. Data Visibility Within Organizations

Within an organization, authorized team members (owners, admins, managers) can view employee names, quiz scores, completion history, and training analytics. Viewer-role team members have read-only access. This data sharing is necessary to provide the training management functionality of the Service.

8. Two-Factor Authentication

ShiftTrained supports two-factor authentication (2FA) as an additional security measure for your account. When enabled, encrypted authentication secrets are stored securely. Recovery codes are generated at setup and should be stored safely by the user. ShiftTrained cannot recover accounts where 2FA recovery codes have been lost.

9. Data Retention

  • Active accounts — data retained as long as your account is active
  • Study guides — automatically deleted after 30 days
  • Deleted accounts — all data permanently deleted within 24 hours of confirmation
  • Data exports — available for download for 30 days, then automatically deleted
  • Consent records — retained as proof-of-consent audit trail; not deletable on request except via account deletion
  • Stripe — retains payment records per their own privacy policy

10. Your Rights

  • Export — download all your data at any time from Settings → Your Data
  • Deletion — delete your account and all associated data from Settings → Your Data. Deletion is permanent and cannot be undone.
  • Correction — update your information at any time from your dashboard
  • Opt-out — disable marketing emails from Settings → Notification Preferences

11. Data Portability

You have the right to export your data in a portable format (CSV) at any time from Settings → Your Data. Exported data includes employees, quizzes, quiz attempts, questions, menus, badges, study guides, support tickets, notifications, and referrals.

12. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information. ShiftTrained does not sell personal information. To exercise your CCPA rights, contact hello@shifttrained.com.

13. International Data Transfer

ShiftTrained is operated from the United States. If you access the Service from outside the United States, you consent to the transfer and processing of your data in the United States in accordance with this Privacy Policy.

14. Data Security

  • All data encrypted in transit (TLS) and at rest (Supabase encryption)
  • Authentication via Supabase Auth with industry-standard security
  • Payment processing via Stripe (PCI DSS compliant)
  • Row-level security policies on all database tables
  • Access controls — your data is only accessible to you and ShiftTrained administrators for support purposes

15. Third-Party Services

16. Enterprise

Enterprise customers may request a Data Processing Agreement (DPA) by contacting hello@shifttrained.com.

17. SMS Communications

Program name: ShiftTrained

What messages are sent: Training-related text messages including quiz invitations, quiz reminders, and training notifications.

How employees opt in: Employees consent to receive SMS messages when their restaurant manager adds them to the ShiftTrained platform and the employee provides their phone number during quiz registration.

Message frequency: Message frequency varies based on training activity. Typically 1-5 messages per month.

Opt-out: Employees can opt out at any time by replying STOP to any message. After opting out, no further messages will be sent.

Help: Reply HELP for support or contact hello@shifttrained.com.

Message and data rates: Message and data rates may apply. Contact your carrier for details.

Contact: For questions about SMS communications, contact hello@shifttrained.com.

Phone numbers are used solely for training notifications and are not shared with third parties for marketing purposes.

18. Cookies

We use essential cookies to maintain your authentication session and remember your preferences (e.g. active location, dismissed announcements). We do not use advertising or tracking cookies.

19. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children.

20. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

21. Contact Us

If you have questions about this Privacy Policy or your personal data, contact us at:

hello@shifttrained.com

ShiftTrained by TechWithTerry LLC