Privacy Policy

Last updated: February 24, 2026

1. Introduction

Sciometa ("we", "our", or "us") operates the Shift Management application (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Personal Information

We collect the following personal information when you register and use our Service:

  • Identity Information: First name, last name, display name, employee code
  • Contact Information: Email address, phone number
  • Profile Information: Avatar/profile picture, employment type, hire date
  • Employment Information: Hourly rate, department, position, organization affiliation

2.2 Third-Party Authentication Data

If you sign in using a third-party provider (Google or Apple), we receive the following information from the provider:

  • Your name (as registered with the provider)
  • Your email address
  • A unique account identifier

We do not receive or store your third-party account password. Authentication is handled securely by the respective provider (Google LLC or Apple Inc.).

When using Sign in with Apple, you may choose to hide your real email address. In this case, Apple provides a unique private relay email address that forwards messages to your real email. We will use this relay address to communicate with you. Please note that some features requiring email verification or organization invitations may require your real email address.

2.3 Work and Schedule Data

We collect work-related data including:

  • Shift Information: Scheduled shifts, start/end times, break durations, assigned locations
  • Time Entries: Clock-in/clock-out times, break records, approval status
  • Time Off Requests: PTO requests, vacation dates, sick leave, approval history
  • Unavailability: Dates and times when you are not available for work
  • Tasks and Checklists: Assigned tasks, completion status, form submissions

2.4 Location Data

When you clock in or out, we may collect location data to verify your presence at designated work locations (geofencing). This includes:

  • GPS coordinates (latitude and longitude)
  • Location accuracy in meters
  • Whether you are inside a designated geofence area

Note: Location tracking is only active during clock-in/clock-out events and is not continuous. You may be allowed to clock in outside geofenced areas depending on your organization's settings.

2.5 Device and Technical Information

We automatically collect certain technical information:

  • IP address
  • Device information (device type, operating system)
  • Browser type and version

2.6 Push Notifications

When you use our mobile application, we collect a device push notification token (Firebase Cloud Messaging token) to send you relevant notifications. The types of notifications we may send include:

  • Shift schedule changes and reminders
  • Time clock reminders
  • Time-off request updates (approvals, rejections)
  • Shift swap requests and updates
  • Chat messages from team members
  • Task assignments
  • Weekly schedule summaries

Your push notification token is stored on our servers and linked to your user account. The token is automatically removed when you sign out of the application. You can control which types of notifications you receive through the notification settings within the app. You can also disable push notifications entirely through your device's system settings.

Push notifications are delivered through Firebase Cloud Messaging (FCM), a service provided by Google LLC, and Apple Push Notification service (APNs) for iOS devices. These services may process your device token and notification data according to their respective privacy policies.

2.7 Communication Data

If you use our chat features, we collect:

  • Chat messages and their content
  • File attachments shared in chats
  • Message read status and timestamps

2.8 Audit and Security Logs

For security and compliance purposes, we maintain audit logs that record actions taken within the Service, including who performed them and when.

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Operation: To provide and maintain the shift management service
  • Scheduling: To create and manage work schedules
  • Time Tracking: To record and verify work hours
  • Location Verification: To verify presence at work locations when clocking in/out
  • Communication: To enable team communication and send notifications
  • Reporting: To generate timesheets and work reports for your organization
  • Security: To maintain audit trails and detect unauthorized access
  • Improvement: To analyze usage patterns and improve our Service

4. Data Sharing and Disclosure

We may share your information in the following circumstances:

  • Within Your Organization: Your employer/organization administrators can access your work data, schedules, time entries, and related information.
  • With Team Members: Basic profile information and shift schedules may be visible to other team members for coordination purposes.
  • Service Providers: We use third-party services (such as Supabase for database hosting and authentication, Google and Apple for sign-in services, and Firebase for push notifications) that may process your data on our behalf.
  • Legal Requirements: We may disclose information if required by law or to protect our rights and safety.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. Work-related data (time entries, shifts) may be retained longer for legal and business record-keeping purposes. When your account is deleted, we will delete or anonymize your personal information within a reasonable timeframe, unless retention is required by law.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Secure database hosting with row-level security
  • Authentication and access controls
  • Regular security audits and monitoring

7. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data
  • Portability: Request your data in a portable format
  • Objection: Object to certain processing of your data

To exercise these rights, please contact your organization administrator or reach out to us directly.

8. Children's Privacy

Our Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

  • Email: hello@sciometa.com
  • Website: https://sciometa.com