Last Updated: September 6, 2023

ShiftKey Privacy Policy

Introduction. This notice describes how we use your personal information.

This ShiftKey Privacy Policy (“Privacy Policy”) applies to ShiftKey’s online platforms located at www.shiftkey.com and all pages accessible through such site (“Site”); , (2) ShiftKey’s mobile application, and (3) all other related services services available through ShiftKey’s technology and products of (collectively known as the “Platform”) ShiftKey LLC, a Texas limited liability company and its affiliates including but not limited to OnShift, Inc. (“ShiftKey,” “we,” or “us”) that link to this Privacy Policy. We take your privacy very seriously. How we will handle information we learn about you depends upon what you do when using one of our services, mobile applications, or websites (collectively our “Services”). Our Platform connects independent healthcare providers (“Provider” or “Providers”), as self-employed or independent contractors, to healthcare facilities (“Facility” or “Facilities”) for the purpose of engaging in business-to-business arrangements whereby the two may contract for services needed by the Facility. We strive to make all choices you make while using our Services as transparent as possible. We also hold the security of your personal information and business information as our top priority. This Privacy Policy covers personally identifiable information and other information that you provide us through your use of our Services. The purpose of this Privacy Policy is to explain what information we collect, how we may collect it, to whom we may disclose it, and certain other matters related to such information, including the choices you have regarding our collection of information. We reserve the right to make changes to this policy at any time and will update this Privacy Policy on the Services when we do so.

• 1. Information ShiftKey Collects

During your use of the Services, ShiftKey may collect the following information data about you:

1.1 Information Provided by You

Personal information that you provide to us, such as your user ID and password, name, email address, telephone number, physical address, birth date, gender, zip code, or content you provide by filling in forms through our Services, or other information that can be collected via the Site. You may give us Personal Information about you by filling in forms through our Services or by corresponding with us by phone, e-mail, or otherwise. Personal Information refers to information that is related to an identified or identifiable person, including, but not limited to, your name, email address, phone numbers, photos, government-issued identification, and work credentials.

1.2 For Providers

We generally collect:

• 1.2.1 Contact and registration information, including your name, email address, physical address, phone number, photos and username;
• 1.2.2 Eligibility and identity verification information, including: licenses and credentials, driver license number, social security number, and experience. Please note, work eligibility and identity documentation may contain information about your citizenship status, which is considered “sensitive” personal information under certain state privacy laws
• 1.2.3 Payment information including payment account information;
• 1.2.4 Additional scheduling information, in some instances we may also access your calendar information or location for scheduling purposes and to enable you to discover available shifts;
• 1.2.5 Messages to Facilities, the Services enable you to send to and receive messages from Facilities;
• 1.2.6 Inquiries and Feedback: comments and questions you submit through customer service interactions with us or survey; and
• 1.2.7 User Generated Content: certain parts of the Services may enable us to receive content you post or upload.

PLEASE NOTE: WE DO NOT REDACT ANY CREDENTIALS THAT ARE UPLOADED TO THE SERVICES AND ANY DOCUMENTS UPLOADED BY YOU ARE DONE SO AT YOUR OWN RISK. You may redact documents you upload to our Services. Please be aware that in order for us to conduct licensing and credential checking, you may be required to provide us with your social security number. We may also disclose your social security number to the Facilities you bid on to allow them to conduct their own background checks. You may withdraw your permission and prevent our use of your information by contacting us directly at help@shiftkey.com.

1.3 For Facilities

We may collect your Personal Information if you are using our Services in your capacity as a representative of your Facility (“Facility Representative”). When you use our Services in your capacity as a Facility Representative, we may collect

• 1.3.1 Contact and Registration Information, including your name, email address, phone number, Facility name, and your employment position.
• 1.3.2 Messages to Providers, the Services enable you to send to and receive messages from Providers.
• 1.3.3 Inquiries and Feedback: comments and questions you submit through customer service interactions with us or surveys.
• 1.3.4 User Generated Content: certain parts of the Services may enable us to receive content you post or upload.

1.4 For Website Visitors

When you visit our website, we may collect information you choose to submit to us including,

• 1.4.1 Contact and registration information, including your name, email address, phone number,.
• 1.4.2 Inquiries and Feedback: comments and questions you submit through customer service interactions with us.

1.5 Information Automatically Collected by ShiftKey

Like other websites or apps, we also may collect and store information that is generated automatically as you navigate through our Services. We may collect

• 1.5.1 Device information and related identifiers:When you use our Services, we and our service providers collect and analyze information such as your IP address, browser characteristics, device IDs and characteristics, platform type, operating system, and the state or country from which you accessed the Services.
• 1.5.2 Usage information: When you use our Services, we and our service providers collect and analyze information about your usage activity such as referring and exit pages and URLs, the number of clicks, files you download, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used the Services and upload or post content, error logs, language preferences, and other similar information.
• 1.5.3 Location information: We collect precise location data from your device with your consent (and consistent with your mobile device settings) to track your location at a Facility in order to enable your digital invoice to be electronically created and submitted at the end of your shift.

To automatically collect information, we use various technologies including:

• 1.5.3 Cookies: As with many websites, the Site uses and/or permits the placement by authorized third parties of standard technology called “cookies.” Cookies are small data files that a website you visit may save on your hard drive that usually includes an anonymous unique identifier. The Services use cookies for Provider authentication, keeping track of your preferences, promotional campaigns that require Provider identification, keeping track of our audience size and traffic patterns, and in certain other cases. You can configure your browser to accept cookies, reject cookies or notify you when a cookie is being used; however, if you do so it may render your computer unable to take advantage of certain personalized features of the Services. We may use the services of third parties to collect and use information about your visits to and interactions with our website through the use of technologies such such as cookies to personalize advertisements for our goods and services. Cookies allow us to provide better security on the Services, to customize the content, to track purchases, and to keep the Services working properly. For additional information on Cookies (and similar technologies) and how we use them, click on the ShiftKey Cookie Policy.
• 1.5.4 Analytics We use various analytics services to better understand how visitors interact with our Services. These analytics services provide non-personally identifiable data including but not limited to data on where visitors came from, what actions they took on our site and where visitors went when they left our site. In particular, we use Google Analytics to help us perform our business and Service-related analytics. For more information about how Google Analytics uses your data, please see: https://www.google.com/policies/privacy/partners , as well as its privacy policy: https://www.google.com/policies/privacy . You may opt out of the use of Google Analytics by visiting the Google Analytics opt-out web page at: https://tools.google.com/dlpage/gaoptout .

2. How We Use Your Information

• 2.1 Information collected from Providers and Facility Representatives

  We will use the information you provide to us in your capacity as a Provider or Facility Representative (as listed in Sections 1.2 and 1.3 above) for the following purposes:

  • 2.1.1 operate and make available the Services, including to: create and administer your ShiftKey account, enable digital invoicing, provide communication between Facilities and Providers to request and/or confirm scheduling for healthcare services, facilitate direct messaging between Facilities and Providers, disclose Provider profiles to their Facilities and vice versa;
  • 2.1.2 verify the accuracy and status of your licensing credentials with various licensing boards;
  • 2.1.3 respond to your requests for support and to your feedback;
  • 2.1.4 provide you with important information about the Services or important changes or additions to our Services;
  • 2.1.5 send you offers and any other communications that we believe may be of interest to you and to market our Services (provided we do not use work eligibility forms, payment card data or messages between Facilities and Providers for such purposes);
  • 2.1.6 analyze and improve the Services (provided we do not use eligibility forms, payment card data or messages between Facilities and Providers for such purposes);
  • 2.1.7 for billing and fraud prevention, on the basis of our legitimate interests in ensuring a safe and secure environment in which Providers and Facilities can conduct business and in order to comply with our legal obligations;
  • 2.1.8 to conduct identification and criminal background checks, if applicable and to the extent permitted by local law, on Providers, for the substantial public interest of ensuring the public safety and preventing or detecting unlawful acts, protecting the public against dishonestly and maintain the integrity of the Services given that Providers interact directly with Facilities and their patients;
  • 2.1.9 to enforce the ShiftKey Terms of Service (and/or other contractual agreements) and our legitimate interests in ensuring our agreements are complied with, and as otherwise set forth in our Terms of Service (and/or other contractual agreements).
  • 2.1.10 To comply with any procedures, laws and regulations which apply to us, to comply with our legal obligations, to establish and defend our legal rights, or otherwise, where it is necessary for our legitimate interests or the legitimate interests of others.
  • 2.1.11 For security and fraud detection purposes, including by detecting, protecting against, and prosecuting security incidents, fraud, and illegal activity and to protect the safety of the Services, our employees and our users.
• 2.2 Information collected from website visitors (including automatically-collected information)

  We will use the information collected from website visitors, including automatically-collected information (as set forth in Sections 1.1, 1.4 and 1.5 above) for the purposes below.

  • 2.2.1 operate and make available our website and services
  • 2.2.2 respond to your requests for support and to your feedback,
  • 2.2.3 provide you with important information about the Services or important changes or additions to our Services,
  • 2.2.4 send you offers and any other communications that we believe may be of interest to you,
  • 2.2.5 analyze and improve the Services;
  • 2.2.6 market and advertise our Services;
  • 2.2.7 To enforce the ShiftKey Terms of Service (and/or other contractual agreements) and our legitimate interests in ensuring our agreements are complied with, and as otherwise set forth in our Terms of Service (and/or other contractual agreements);
  • 2.2.8 To comply with any procedures, laws and regulations which apply to us, to comply with our legal obligations, to establish and defend our legal rights, or otherwise, where it is necessary for our legitimate interests or the legitimate interests of others; and
  • 2.2.9 For security and fraud detection purposes, including by detecting, protecting against, and prosecuting security incidents, fraud, and illegal activity and to protect the safety of the Services, our employees and our users.

3. How We May Disclose Your Information

We may share your information with third parties outside of ShiftKey under the following circumstances:

• 3.1 With Your Consent or at Your Direction: We may disclose information when you provide us with your consent to do so or when you direct us to through your use of the Services, like when we disclose Provider profiles to Facilities to link shift opportunities. If you are a Provider and enable us to collect location for digital invoicing, the Facility where you have your shift, will be able to view when you enter and exit the Facility.
• 3.2 Service Providers and Contractors: We may disclose information to other businesses, certain services and individuals that perform functions on our behalf. These activities could include processing or making payments, maintaining the Site and/or our Services, or facilitating email delivery to you. We require that our service providers and contractors protect your Personal Information with the same standards we do, however we are not responsible for their policies or practices.
• 3.3 Third-Party Advertising Partners. Information automatically collected through cookies and other tracking technologies, as set forth in Section 1.5.4, may be collected by or disclosed to third parties, such as ad networks and advertising analytics services, that assist us in marketing and advertising our services. These third parties may use such information to better tailor advertisements you see across platforms.
• 3.4 By Law or to Protect Rights: We may disclose information when we believe that disclosure is necessary to comply with the law, to enforce our intellectual property rights, to enforce our Terms of Service, or to protect the rights , property or safety of ShiftKey and our employees or our users or the public, and if necessary to defend against third-party claims. We may also disclose information when requested to comply with a court order, investigation, or governmental request.

• 3.5 Business Transfers: Should ShiftKey go through or consider a business transfer, such as consolidation, merger, restructuring, acquisition, or sale of part or all of our assets, you acknowledge and consent to the transfer of your information. You further acknowledge and consent to the continued use of your information by the recipient so long as they comply with this Privacy Policy.

  Please bear in mind that whenever you voluntarily make your Personal Information available for viewing by third parties online or otherwise make your Personal Information publicly available – for example through comments and participation in forums or through email – that information can be seen, collected and used by others besides us. We are not responsible for any unauthorized third-party use of such information.

  ShiftKey may use and disclose deidentified and/or aggregated data for any purpose. For example, we may disclose aggregated usage data from our Providers or general demographic information of our Providers to provide anonymous aggregated data to business partners about the volume of use on the Services and the opportunities in which Providers are most interested.

4. How We Protect All of Our Data

ShiftKey seeks to use appropriate physical, technical, and administrative measures designed to protect Personal Information within our organization. However, no security system is impenetrable. We cannot guarantee the security of our database, nor can we guarantee that information supplied will not be intercepted while being transmitted over the Internet. You are responsible for keeping your account information and especially your login information confidential. We ask you not to share your login credentials with anyone.

5. Your Rights and Choices

• 5.1 Your Choices

  Profile Information. You can review, update, change or delete the information you have provided to us (and that we continue to store) in your profile at any time through your profile settings. To disable your account or request assistance with profile changes please contact us directly at help@shiftkey.com.

  Marketing Communications. You can click on the “unsubscribe” link located at the bottom of marketing emails you may receive from us to unsubscribe Regardless of your choices regarding promotional communications and updates regarding content, we may send you administrative messages, service announcements, terms and conditions of your account, or other similar communications.

  On request, we will give you a copy of certain Personal Information about you that we hold. This information is subject to a fee, not exceeding the prescribed fee permitted by law.

• 5.2 Your Privacy Rights

  Your local laws may permit you to exercise certain rights with respect to the information we collect from and about you. Depending on your location, you (or an authorized agent acting on your behalf) may make certain requests related to your personal information, including that we:

  • 5.2.1 Provide access to and/or a copy of certain personal information we hold about you.
  • 5.2.2 Correct certain personal information we have about you.
  • 5.2.3 Delete certain personal information we have about you.

    Applicable law may provide you with the right not to be discriminated against for exercising your rights. Please note that we process “sensitive” personal information only for purposes of providing the Services that you request.

    If you would like further information regarding your legal rights under applicable law or would like to exercise any of them, you may contact us at help@shiftkey.com. We will take reasonable steps to verify your identity before responding to your request as required or permitted by applicable law. Please note your rights and choices vary depending upon your location, and certain information may be exempt from such requests under applicable law. In some circumstances, if you ask us to delete your information, you may no longer be able to access or use our Services. Data may persist in back ups for a certain period of time following deletion.

    Your local jurisdiction may grant you the right to appeal the denial of a request. If you live in such a jurisdiction, you may exercise this right by emailing us at help@shiftkey.com. We will respond within the legally required time period, including a written explanation of the results of your appeal.

• 5.3 Opt Out of Sale or Processing Personal Information for Targeted Advertising

  Residents of certain states may opt out of the “sale” of their personal information or processing of their personal information for targeted advertising. We allow third parties on our Site to receive certain information such as cookies, IP address, device identifiers, browsing behavior and/or other activity to enable the delivery of targeted advertising about the Services to you. This activity is processing for targeted advertising and may be considered a sale under applicable law.

  If you would like to opt out of this activity, you may do so by clicking the link titled “Your Privacy Choices” in the footer of any of our sites.

  You may still receive advertising on other sites and services, it just may not be tailored to your interests. Please note, if you use different browsers, devices, or services you will need to opt out on each browser or device where you want the choice to apply. In some cases, you may also be presented with a form field to complete, in those cases we ask for your email address or other information so we may add it to an appropriate suppression list.

6. Retention

We may retain certain information as required by law or for necessary business purposes. The length of time for which we retain information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws. We are under no obligation to store such Personal Information and, to the extent permitted by law, disclaim any liability arising out of, or related to, the destruction of such Personal Information. We are under no obligation to destroy anonymized aggregate data.

7. Links

This Privacy Policy applies only to this Site and our Services. The Services may contain links to other sites or services. We are not responsible for the privacy policies or other practices employed by websites linked to, or from, our website nor the information or content contained therein. We encourage you to review the privacy statements of such third parties prior to using their sites or services. This Privacy Policy applies solely to information collected and used by our Services.

8. Our Policy Toward Children

The Services are not directed to children under the age of 13. We will not knowingly maintain personally identifiable information from or about anyone under 13. If we become aware that we have collected personally identifiable information from a user that is under the age of 13, then we will remove that child’s Personal Information from our files. If a parent or guardian learns his or her child has provided us with Personal Information, he or she should contact us at help@shiftkey.com.

9. Visitors and Users from Outside of the United States

Our computer systems for the Services are currently governed by and operated in the United States, so your Personal Information will be processed by us in the United States, where data protection and privacy regulations may not offer the same level of protection as in other parts of the world, such as the European Union. ShiftKey makes no representation that the Services are governed by or operated in accordance with the laws of any other nation. If you are a visitor from outside the United States, by using the Services, you understand that your Personal Information will be collected and processed in the United States and other countries where ShiftKey or its vendors operate, and acknowledge that your information may be subject to access by law enforcement and other government entities, in accordance with applicable laws. ShiftKey reserves the right to store this information in and outside of the United States and in locations not under our direct control (for example, co-located server facilities).

10. Changes and Updates

From time to time, we may change this Privacy Policy. We encourage you to periodically review our Privacy Policy for the latest information on our privacy practices. If we make any significant changes, we will notify you of such changes by posting the updated Privacy Policy on the Services and by updating the “Last Updated” date at the end of this Privacy Policy. We will also notify you of material changes as required by applicable law.

11. Contact Us

We welcome your feedback regarding this Privacy Policy. If you have any questions, comments, or concerns about either one, please contact us by email at help@shiftkey.com.

12. Jurisdiction Specific Provisions

• 12.1 California Privacy Notice

  If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and disclose your “personal information” as defined in the California Consumer Privacy Act (“CCPA”).

  We describe the categories of information we collect, our business purposes for collecting such information, the sources and uses of such information and the entities with which we disclose such information in the “Information ShiftKey Collects”, “How We Use Your Information,” and “How we May Disclose Your Information” sections of this Privacy Policy. We provide additional information required by the CCPA below.

  A. Categories of Personal Information We Collect, Use and Disclose

  Throughout this Policy, we discuss in detail the types of Information we collect from and about users and discuss how we use and disclose such information. The following are categories of personal information (as that term is defined under the CCPA) that we collect from California consumers and that we may, as discussed throughout this Policy, use and disclose for our business purposes:

• • Identifiers (such as name, address, email address); financial data (such as your payment account information); device identifiers (such as IP address and unique device identifiers); internet or other network or device activity (such as browsing history); general geolocation data derived from IP addresses; any user-generated content or feedback that you provide; professional or employment related data; and eligibility and identity verification data for our providers (such as social security number, driver’s license number, and work eligibility forms).

• B. How We Use These Categories of Personal Information

  We and our service providers may use the categories of personal information we collect from and about you for the following business and commercial purposes (as those terms are defined in applicable law).
  • Our or our service providers’ operational purposes;
  • Detecting, protecting against, and prosecuting security incidents and fraudulent or illegal activity;
  • Bug detection and error reporting;
  • Customizing content that we or our service providers display on the Services (e.g., contextual ads);
  • Providing the Services (e.g., providing the ShiftKey platform, enabling messaging between facilities and providers, customer service, analytics, and communication about the Services);
  • Improving our existing Services and developing new services (e.g., by conducting research to develop new products or features);
  • Communicating with you about the Services (e.g., sending you notifications and Services-related updates);
  • First- and third-party marketing and advertising; and
  • Other uses about which we notify you.
  Examples of these types of uses are discussed in our main privacy policy in the “How We Use Your Information”section. We may also use the categories of personal information for compliance with applicable laws and regulations, and we may combine the information we collect (“aggregate”) or remove pieces of information (“de-identify”) to limit or prevent identification of any user or device. We may also disclose this information to third parties for legal, compliance or security purposes, or in connection with a business transfer, as described further in “How we May Disclose Your Information” above.

• C. Sale/Sharing of Personal Information

  The CCPA sets forth certain obligations for businesses that “sell” personal information or “share” personal information for cross-context behavioral advertising purposes. Under the CCPA, “sale” and “sharing” are defined such that they may include allowing third parties to receive certain information for advertising purposes. We “sell” or “share” the following categories of information to third-party advertising partners and vendors that support our advertising efforts (such as advertising analytics services):

• • Identifiers (such as name, address, email address); commercial information (such as transaction data); internet or other network or device activity (such as browsing history and usage information).
  If you would like to opt out of our use of your information for such purposes that are considered a “sale” or “sharing” for cross-context behavioral advertising purposes under California law, please visit the "Your Privacy Choices" link in the footer of our Site. Alternatively, if you have a legally-recognized browser-based opt out preference signal turned on via your device browser, we recognize such preference in accordance with applicable law. Please note that we do not knowingly sell the personal information of minors under 16 years of age. Please note, we do not use or disclose categories of information deemed to be “sensitive” under the CCPA (such as government identifiers and financial information) other than for disclosed and permitted business purposes for which there is not a right to limit under the CCPA.

• D. Additional Privacy Rights

  California residents may make certain requests about their personal information under the CCPA, subject to certain limitations and/or restrictions. Specifically, under California law you have the right to:
  • Request that we disclose information about the personal information that we have collected, used, disclosed or sold,
  • Request access to a copy of the personal information we maintain about you;
  • Request correction of inaccurate personal information;
  • Request that we delete personal information collected from you; and
  A consumer may use an authorized agent to submit a request on their behalf. When using an authorized agent, we require that you provide the authorized agent written permission to do so and verify their own identity and agent status with us. If you would like to designate an authorized agent to make a request on your behalf, please email us at help@shiftkey.com. We have instituted a process for verifying that the person making an access, correction or deletion request is the consumer about whom we have collected information. As part of that process, we will ask you to provide certain information about yourself, which may include but is not limited to (depending on the type of request) your name, email address, and government identifiers. For requests to know and requests to delete, we will confirm receipt of the request within ten (10) days and provide information about how the business will process the request, and we will respond within 45 days with an option to extend an additional 45 days provided we give you notice. If you wish to exercise any of your rights under this section, you may submit your request by emailing us at help@shiftkey.com.

• E. Shine the Light

  California Law permits customers who are California residents to request certain information once per year regarding our disclosure of “personal information” (as that term is defined under applicable California law) to third parties for such third parties’ direct marketing purposes. We do not disclose personal information to third parties for their own direct marketing purposes.

• F. Do Not Track

  Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. Except as otherwise described herein with respect to legally required browser based opt outs, we do not recognize or respond to browser-initiated DNT signals, as there is no industry-wide framework for DNT signals. To learn more about Do Not Track, you can do so here.