Privacy Policy

Effective Date: October 3, 2025

1. Overview

SimplShift LLC (“SimplShift,” “we,” “our,” or “us”) provides a cloud-based workforce scheduling platform designed to assist home care agencies and similar service organizations in coordinating caregiver shifts and administrative scheduling activities.

SimplShift is a scheduling and workforce coordination application only. It is not an electronic health record (EHR), medical record system, operational care management platform, payroll processor, compliance system, healthcare documentation platform, or Electronic Visit Verification (EVV) system.

HIPAA / PHI Notice: SimplShift is not designed to be compliant with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and does not support EVV mandates. SimplShift does not act as a Business Associate and will not enter into Business Associate Agreements (BAAs).

Do not upload PHI. Customers must not upload, transmit, or store Protected Health Information (“PHI”) or other regulated health data in the SimplShift platform. Uploading PHI constitutes a violation of our Terms of Use. Customers remain solely responsible for compliance with all applicable healthcare privacy and data protection laws.

2. Scope

This Privacy Policy describes how SimplShift collects, uses, processes, and discloses information in connection with your use of the SimplShift platform and related services.

For purposes of applicable data protection law:

• Customers (e.g., agencies) are the Data Controllers of Customer Data uploaded to the platform.
• SimplShift acts solely as a Data Processor with respect to such Customer Data.

SimplShift does not determine the purpose or means of processing Customer Data and processes such data only in accordance with Customer instructions, our Terms of Use, and applicable law.

3. Information We Collect

We may collect and process the following categories of information:

A. Account Information

• Name
• Email address
• Organization name
• Billing and payment information

B. Administrative Scheduling Data (“Customer Data”)

• Caregiver identifiers (e.g., name or internal ID)
• Client identifiers (e.g., first name, last initial, service location)
• Shift schedules, assignments, confirmations, and related administrative metadata

Customer Data is limited to workforce coordination and scheduling information. SimplShift does not request and does not knowingly collect PHI.

C. Device and Usage Information

• IP address
• Device identifiers
• Browser type
• System logs
• Platform usage metrics

D. Support Communications

• Customer inquiries
• Helpdesk or technical support requests

4. How We Use Information

We use collected information to:

• Provide and maintain the SimplShift platform
• Enable scheduling, assignment, and administrative coordination features
• Process billing and subscription payments
• Provide customer support and technical assistance
• Monitor performance, security, and fraud risks
• Comply with applicable legal obligations

5. Data Sharing and Disclosure

SimplShift does not sell personal information.

We may disclose information to third parties solely as necessary to operate, provide, secure, and improve the SimplShift platform, including to:

• Cloud infrastructure and hosting providers
• Payment processors
• Analytics, monitoring, and logging providers
• Customer support and communications vendors
• Regulators, law enforcement, or other authorities when required by law

We do not control or determine how independent third-party service providers use data outside the scope of providing services to SimplShift. Any sharing with such providers is limited to the purpose of enabling SimplShift’s services, and such providers act as subprocessors/service providers to SimplShift under contractual obligations.

To the maximum extent permitted by law, SimplShift is not responsible for the privacy, security, or data practices of third parties outside SimplShift’s control, and your use of third-party services is at your own risk. This Privacy Policy does not apply to third-party websites, integrations, or services.

6. Data Retention

SimplShift retains Customer Data only for as long as reasonably necessary to provide the service, operate the platform, comply with legal obligations, resolve disputes, and enforce agreements.

Customers are responsible for managing retention and deletion of Customer Data according to their own policies and legal obligations, including exporting any data they require prior to terminating an account.

Upon account termination, Customer Data may remain in secure backup systems for up to ninety (90) days for disaster recovery or business continuity purposes. Thereafter, Customer Data is deleted or irreversibly anonymized in accordance with internal data lifecycle practices, subject to legal requirements.

SimplShift may retain aggregated or de-identified information for analytics, service improvement, security, or legal compliance.

7. Data Security

SimplShift implements reasonable administrative, technical, and organizational measures within our infrastructure intended to protect Customer Data, including safeguards such as encryption in transit and secure storage practices where appropriate.

However, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee that data transmitted to or stored in the system will be 100% secure. Customers acknowledge the inherent risks of using any cloud-based platform.

Use of the SimplShift platform is subject to the limitations of liability and risk allocation provisions set forth in our Terms of Use.

8. Children’s Privacy

SimplShift is not intended for use by individuals under the age of 13, and we do not knowingly collect personal information from children.

9. Customer Responsibilities

Customers are solely responsible for ensuring that all data they upload, enter, transmit, or store in the platform is lawfully collected, used, shared, and protected in compliance with applicable laws (including privacy and data protection laws) and any obligations owed to caregivers, clients, or other third parties.

SimplShift processes Customer Data based on instructions from the Customer and does not independently verify, validate, or monitor the accuracy, completeness, legality, or appropriateness of Customer Data.

Customers remain solely responsible for preventing the upload or transmission of Protected Health Information (PHI) or other regulated health data. Uploading PHI is prohibited and constitutes a violation of our Terms of Use.

10. U.S. State Privacy Rights

Customers are solely responsible for determining and ensuring compliance with any applicable U.S. state-specific privacy laws and requirements that may apply to their collection and use of personal information (including requirements relating to access, correction, deletion, or portability).

Individual users who submit requests to SimplShift may be directed to the applicable Customer (the data controller) where appropriate, and we may require verification of identity and authority before taking action.

11. Changes to This Policy

SimplShift may update this Privacy Policy from time to time. We will provide notice of material changes in accordance with applicable law.

12. Contact

For privacy-related inquiries or requests, please contact:

privacy@simplshift.com