Privacy Policy

Your data. Your rules. Our responsibility.

Last updated: April 2026 — Schedaddle LLC

We built Schedaddle to save retail managers time, not to harvest their data. This policy explains what we collect, how we use it, and why. No legalese marathons. If you have questions, email us at privacy@schedaddle.com.

The Manifest — What We Collect

We only collect what we need to run the scheduling service. Here is the full manifest:

Account & Store Data

  • Email address and password (hashed — we never see it in plaintext)
  • Store name, country, timezone, and GPS coordinates (if you enable geofencing)
  • Subscription tier and billing status (payment details handled by Stripe — we do not store card numbers)

Employee & Schedule Data

  • Employee names, roles, and email addresses
  • Weekly availability windows set by the employee
  • Shift assignments, role blocks, and published schedules
  • Clock-in/out timestamps and GPS coordinates at the moment of clock-in/out
  • Break records and attendance history

Device & Usage Data

  • Push notification tokens (stored to deliver schedule alerts)
  • Device platform (iOS/Android) for notification routing
  • Standard server logs (IP address, request timestamps) for security purposes

The Hangar — How We Protect It

The Hangar is our internal name for the security layer around your data. We take this seriously.

  • Supabase Row-Level Security (RLS): Every database query is constrained by your store ID at the database level — not just the application layer. A query from Store A physically cannot return data from Store B, even if misconfigured.
  • Encryption in transit: All data is transmitted over TLS 1.2+. No plaintext connections.
  • Encryption at rest: Supabase encrypts all data at rest on managed infrastructure.
  • Service role keys: Admin-level database operations use a service role key stored only in server-side environment variables — never exposed to the client.
  • 2FA support: TOTP-based two-factor authentication is available for all accounts.

Biometrics & Geofencing — The Sensitive Stuff

We know biometrics and location data are sensitive. Here is exactly what happens and what does not happen:

Biometric Authentication (Face ID / Fingerprint)

  • Stays on your device. Biometric data (facial geometry, fingerprint template) never leaves your phone. It is stored in the device Secure Enclave (iOS) or TrustZone (Android) — hardware-isolated storage that even we cannot access.
  • We store only the result of biometric verification (pass/fail), not any biometric template.
  • Biometrics are optional. Employees who choose not to use them can always authenticate with email and password.

Geofencing & GPS Location

  • GPS is sampled only at the moment of clock-in or clock-out. We do not track employee location continuously. There is no background location streaming.
  • The geofence boundary (typically 100m radius around the store) is computed on-device. The device checks "am I inside this circle?" and sends us only the timestamp and a yes/no result.
  • Store GPS coordinates are set by the store manager and stored in our database. Employees can see that geofencing is enabled but cannot see the exact coordinates.
  • Geofencing is optional and configurable per store in Settings. Stores can disable it entirely or use manual clock-in only.

Plain English: We do not know where your employees are except at the exact moment they tap Clock In or Clock Out. That timestamp and location is stored for attendance records only.

The Tower — How We Use Your Data

We use your data only to run Schedaddle. Specifically:

  • To build and display your schedule
  • To send shift notifications and emails to your team
  • To calculate labor budgets, overtime flags, and training progress
  • To generate clock-in/out reports for your payroll process
  • To improve the product (aggregated, anonymized usage data only — never individually identified)

What we never do: Sell your data. Share employee data with third parties for advertising. Use your schedule data to train AI models without explicit consent. Mine your data for any purpose not described here.

Third-Party Systems

  • Supabase — Database and authentication. Data hosted in their managed cloud (AWS infrastructure). SOC 2 compliant.
  • Resend — Transactional email for schedule notifications. Your employees' email addresses are shared with Resend solely to deliver schedule emails.
  • Expo / EAS — Mobile app build and push notification delivery. Push tokens are shared to route notifications to the correct device.
  • Stripe — Payment processing. We share billing contact information. Stripe handles all card data; we never see it.
  • Google Calendar — Optional integration. If connected, shift data is synced to a store-specific calendar. You can disconnect at any time in Settings.

Your Rights

Depending on your jurisdiction, you have rights regarding your data:

  • Access: Request a copy of all data we hold about you or your store.
  • Correction: Ask us to correct inaccurate data.
  • Deletion: Request deletion of your account and all associated data. We will action this within 30 days.
  • Portability: Request your data in machine-readable format (CSV or JSON).
  • Objection: Object to specific processing activities.

To exercise any right, email privacy@schedaddle.com. We will respond within 14 business days.

Cookies & Tracking

The Schedaddle web app uses session cookies to maintain your login state. We do not use advertising cookies, cross-site tracking pixels, or third-party analytics that identify you individually. The marketing website uses standard server logs only.

Data Retention

  • Active account data is retained for as long as your account is active.
  • On account deletion, all personal data is purged within 30 days. Anonymized aggregates (e.g., total shifts processed) may be retained for product analytics.
  • Attendance and clock-in records are retained for 7 years in jurisdictions that require it for labor compliance, then deleted.

Contact

Schedaddle LLC
privacy@schedaddle.com
schedaddle.com

If you have a complaint about how we handle your data and we have not resolved it to your satisfaction, you have the right to lodge a complaint with your local data protection authority.