Does this share my data with my employer?

No. Never. Shiftlyx sits beside the NHS system — it doesn't connect to it. Your rota stays on your device. We don't sell or share data with hospitals, trusts, or managers.

Is Shiftlyx an NHS app?

No. Shiftlyx is built independently by people who've worked shifts. It's a personal tool, not an NHS product. We don't replace HealthRoster, Allocate, or any trust system.

Is this replacing the hospital rota system?

Not at all. Your trust still manages your official schedule. Shiftlyx helps you plan around it — spotting fatigue risks, finding better patterns, coordinating with home life.

How much does it cost?

The core Shiftlyx app is free forever — fatigue score, shift planner, and recovery coach included. Premium unlocks AI Voice Planner, fatigue intelligence, annual leave optimiser, income forecasting, and more. £3.99/month or £18.99/year with the Day One Annual plan — 60% off. New users get a free 1-month trial of Premium. That's less than one NHS parking ticket for a full year of smarter shifts.

I'm not a nurse. Can I still use it?

Yes. Shiftlyx is built for healthcare workers first — paramedics, midwives, HCAs, theatre staff. If you work shifts in the NHS, it's for you. Other sectors coming later.

Do I need to invite my employer or colleagues?

No. Shiftlyx is personal. You can use it entirely alone. Partner Sync (Premium) is optional and only with people you choose.

Will it tell me not to work a shift?

No. Shiftlyx never blocks you or tells you what to do. It shows you the fatigue impact of each option. The decision is always yours. We advise, never authorise.

Does it work with my trust's rostering system?

Not directly — we don't integrate with HealthRoster or similar tools. But you can snap or enter your rota in seconds. The format is simple and consistent.

I work nights. Does this tool get that?

Yes. Night shifts are treated distinctly — circadian disruption is one of the four fatigue dimensions. Recovery Coach is silent after nights. The whole app understands night work.

Privacy Policy — Shiftlyx

Shiftlyx is a product of Beemal Innovation Ltd. When we say "we", "us", "our", or "Shiftlyx" in this policy, we mean Beemal Innovation Ltd. Registered address: 29 Arden Place, Luton, LU2 7YE. Company registration number: 17048693.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the Shiftlyx mobile application (the "App"). Shiftlyx is a personal planning and wellbeing tool designed for shift workers — it is not a medical device and does not process NHS patient data.

We take your privacy seriously. Shiftlyx was built with privacy by design and by default. We collect only what we need to make the App work, and we never sell your data.

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, or another US state with privacy laws, please see Section 9 (US Privacy Rights) for additional information about your rights.

1. Who We Are

Shiftlyx is operated by Beemal Innovation Ltd, a company registered in England and Wales.

Company: Beemal Innovation Ltd
Website: beemalinnovation.co.uk
Registered address: 29 Arden Place, Luton, LU2 7YE
Company registration number: 17048693
Contact email: [email protected]

We are the data controller for your personal data collected through the App.

2. What Data We Collect

We collect only the data necessary to provide and improve the App. We do not collect NHS data, employer data, or any health information beyond what you choose to enter regarding your shift patterns and fatigue.

2.1 Data You Provide

Account information: When you create an account, we collect a unique identifier (e.g., email address or anonymous auth token) to authenticate you.
Profile information: Optional details such as your profession (e.g., Nurse, Paramedic), NHS band, contracted hours, and commute time.
Shift data: Your shift patterns, including shift types (LD, MLD, TW, N), dates, and times. This data is stored locally on your device and optionally synced to our servers for cross-device use.
Partner Sync: If you use Partner Sync, we store limited data about your linked partner to enable coordination features. You control what is shared.
Communications: If you contact us, we keep records of those communications.

2.2 Data Collected Automatically

Analytics data: We use PostHog (self-hosted or cloud) to collect anonymised usage data. This includes: app opens, feature interactions, crash reports, and device type. This data is anonymised and cannot be linked back to you personally.
Session recordings: We use UXCam to record user sessions (screen taps, navigation flows, and interactions) for the purpose of improving app usability. Session recordings may capture what you see and interact with on screen, but do not capture passwords, payment card details, or any data entered into secure text fields. You can opt out of session recording at any time through the App settings.
Advertising analytics: We use Meta (Facebook) App Events to measure the effectiveness of our advertising campaigns and attribute app installs and in-app actions to specific ad campaigns. This involves sharing anonymised event data (e.g., app opens, sign-ups, premium feature usage) with Meta. No personal data (name, email, shift data) is shared with Meta for advertising purposes.
Firebase Analytics & Crashlytics: We use Google Firebase for analytics and crash reporting. This collects: app usage events, session duration, device model, operating system version, and crash stack traces. Firebase Analytics data is anonymised. Crash reports may include device state at the time of crash but no personal data.
Technical data: Device model, operating system version, app version, and basic diagnostic logs for troubleshooting.

2.3 Data We Do NOT Collect

NHS patient data (we never connect to hospital systems)
Employer or trust information
Government identifiers (NHS number, National Insurance number)
Medical records or clinical data
Location data (we do not track your location)
Contacts list (we do not access your device contacts)
Biometric data (fingerprint, face recognition data)

2.4 Health Data You Choose to Connect

With your permission, we may read sleep data from Apple Health (HealthKit) on iOS devices for the purpose of improving your fatigue and recovery analysis. This is entirely optional and you control this access at all times through your device Health settings. See Section 6 (Apple HealthKit & Health Data) for full details.

3. Why We Collect Your Data and Our Lawful Basis

Under the UK General Data Protection Regulation (UK GDPR), we rely on the following lawful bases for processing your personal data:

Purpose	Data Used	Lawful Basis (Art. 6)
Account creation & authentication	Email / auth token	Performance of a contract (Art. 6(1)(b))
Providing the App features	Shift data, profile info	Performance of a contract (Art. 6(1)(b))
Analytics & improvement	Anonymised usage data	Legitimate interests (Art. 6(1)(f))
Crash reporting & troubleshooting	Diagnostic logs	Legitimate interests (Art. 6(1)(f))
Partner Sync	Selected shift data	Consent (Art. 6(1)(a))
Marketing communications (if opted in)	Email address	Consent (Art. 6(1)(a))
Legal obligations	Account data	Legal obligation (Art. 6(1)(c))
Advertising analytics & attribution	Anonymised app event data	Consent (Art. 6(1)(a))
Session recording & usability analysis	Screen recordings (no sensitive data)	Consent (Art. 6(1)(a)) / Legitimate interests (Art. 6(1)(f))

4. How We Store and Protect Your Data

We implement appropriate technical and organisational measures to protect your personal data:

Encryption in transit: All data transmitted between the App and our servers is encrypted using TLS 1.3.
Encryption at rest: Data stored on our servers is encrypted using industry-standard AES-256 encryption.
Local-first architecture: Wherever possible, your data stays on your device. Cloud sync is optional.
Access controls: Only authorised personnel with a legitimate need can access server data.
UK-based hosting: Our primary data storage is in UK-based servers (via Supabase and Vercel).

5. Data Retention

We retain your personal data only for as long as necessary to provide the App services:

Active accounts: We retain your data for the duration of your account. Backup retention cycles may add up to 30 days beyond account deletion.
Deleted accounts: When you delete your account, we permanently erase your personal data within 15 business days. We may retain anonymised analytics data indefinitely as this cannot be linked to you.
Diagnostic logs: Retained for a maximum of 90 days.

6. Apple HealthKit & Health Data

Shiftlyx optionally reads sleep data from Apple HealthKit (Apple Health)to improve the accuracy of your fatigue and recovery analysis. This section explains how we handle health data in compliance with Apple's App Store Review Guidelines (Section 5.1.3), UK GDPR, and applicable US privacy laws.

6.1 Health Data We Read

Sleep data only: We read time-in-bed and asleep time intervals. We do not read heart rate, blood pressure, blood glucose, or any other health metrics.
Read-only access: Shiftlyx requests read-only permission. We never write, modify, or delete data from Apple Health or Health Connect.
Optional and revocable: You control this permission at any time through your device's Health settings. Revoking access has no impact on other App features.
Prior explanation: Before the system HealthKit permission prompt appears, we explain exactly what data we read and why, so you can make an informed choice.

6.2 How We Use Health Data

Fatigue and recovery analysis only: Sleep data is used exclusively to personalise your fatigue score and recovery context calculations.
No advertising or marketing: Health data is never used for advertising, marketing, data mining, or any other purpose.
No third-party sharing: Health data read from Apple HealthKit is processed on-device where possible. Aggregated metrics (e.g., sleep efficiency) may be synced to our servers for cross-device use, but raw sleep timestamps remain on-device. Health data is never sold, shared, or disclosed to third parties for any purpose.
No iCloud backup: Health data accessed through HealthKit is not stored in iCloud.
No analytics: Health data is not included in analytics, session recordings, or crash reports.

6.3 Data Integrity

We process health data as provided by Apple HealthKit. We do not fabricate, alter, or write inaccurate data to HealthKit. Our fatigue analysis is transparent and explainable — you can review how sleep data affects your scores within the App.

6.4 Compliance with Apple Guidelines (5.1.3)

Shiftlyx complies with Apple's App Store Review Guidelines for HealthKit and health data:

Health data is not used for advertising, marketing, or data mining.
Health data is not sold or disclosed to third parties.
Health data is not stored in iCloud.
We do not write false or inaccurate data to Apple HealthKit.
HealthKit access is not gated behind a paywall — the permission prompt is available to all users. Enhanced fatigue analysis using sleep data is a Premium feature.

7. Third-Party Processors

We use the following third-party service providers who process your data on our behalf. Each processor is contractually bound to comply with UK GDPR and may only process data for the purposes we specify:

Processor	Purpose	Data Location	Safeguards
Supabase	Database & authentication	UK (London)	SOC 2 certified, DPA in place
Vercel	Website hosting & Edge Functions	UK / EU	SOC 2 certified, DPA in place
PostHog	Anonymised analytics	UK / EU (self-hosted option)	Data anonymised, no personal data shared
OpenAI	AI Voice Planner (Realtime API)	US (data not used for training)	OpenAI API data not used for model training; Standard DPA and SCCs in place
Apple / Google	In-app purchases & subscriptions	Varies by platform	Apple/Google manage payment data; we never see card details
UXCam	Session recording & usability analytics	EU (Germany)	GDPR compliant, data encrypted, opt-out available in-app
Google Firebase	Analytics & crash reporting	US / EU	SOC 2 certified, SCCs in place, data anonymised
Meta (Facebook)	Ad attribution & campaign measurement	US / EU	SCCs in place, limited to anonymised event data, no personal data shared

8. International Data Transfers

Where we transfer your data to processors outside the UK, we ensure appropriate safeguards are in place. Specifically:

Transfers to the EU are covered by the UK's adequacy decision for EU countries.
Transfers to the US are covered by Standard Contractual Clauses (SCCs) approved by the ICO, together with supplementary measures where required.
We always choose UK or EU data centres where possible.

9. Your Rights Under UK GDPR

You have the following rights regarding your personal data. You can exercise most of these directly through the App settings, or by contacting us:

Right	What It Means
Right to be informed	This Privacy Policy provides that information.
Right of access	You can request a copy of the personal data we hold about you.
Right to rectification	You can correct inaccurate or incomplete data in the App settings.
Right to erasure	You can delete your account and associated data in the App settings.
Right to restrict processing	You can request we limit how we use your data.
Right to data portability	You can request your data in a machine-readable format.
Right to object	You can object to processing based on legitimate interests (e.g., analytics).
Rights relating to automated decision-making	You can request human review of automated decisions. Our fatigue score is deterministic and explainable.

To exercise any of these rights, contact us at [email protected]. We will respond within one month.

10. US Privacy Rights (CCPA/CPRA & US State Laws)

If you are a resident of California, Virginia, Colorado, Connecticut, or Utah, you may have additional rights under your state's privacy laws. This section describes those rights and how to exercise them.

10.1 California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with the following rights:

Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purpose for collecting it, and the categories of third parties with whom we share it.
Right to Delete: You have the right to request the deletion of personal information we have collected from you, subject to certain exceptions.
Right to Correct: You have the right to request correction of inaccurate personal information.
Right to Opt-Out: We do not sell your personal information as defined by the CCPA. We do not share personal information for cross-context behavioural advertising. You may opt out of analytics tracking at any time through the App settings.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
Right to Limit Use of Sensitive Personal Information: We only collect sleep data (a category of sensitive personal information under California law) with your explicit consent via Apple HealthKit's permission prompt. This data is used solely for fatigue analysis and is not subject to profiling that produces legal or similarly significant effects.

To exercise any of these rights, please contact us at [email protected]. We will respond within 45 days as required by the CCPA. You may also designate an authorised agent to make a request on your behalf.

10.2 Virginia Consumer Data Protection Act (VCDPA)

Virginia residents have the right to:

Confirm whether we process their personal data and access that data.
Correct inaccuracies in their personal data.
Delete personal data provided by or obtained about them.
Obtain a copy of their personal data in a portable format.
Opt out of the processing of personal data for targeted advertising, sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects. We do not engage in these activities.

10.3 Colorado, Connecticut, and Utah Privacy Rights

Residents of Colorado, Connecticut, and Utah have similar rights under their respective privacy laws (CPA, CTDPA, and UCPA), including the right to access, correct, delete, and obtain a copy of their personal data. These rights can be exercised by contacting us at the email address below.

10.4 California "Shine the Light" Law (Civil Code Section 1798.83)

California residents may also request information regarding our disclosure of personal information to third parties for their direct marketing purposes. We do not disclose personal information to third parties for direct marketing purposes.

10.5 Do Not Track

We do not currently respond to browser "Do Not Track" (DNT) signals. On the App, we only use analytics with your consent via the App Tracking Transparency prompt on iOS and through your App settings on Android.

11. Cookies, Tracking, and Analytics

The App itself does not use cookies, but we use the following tracking and analytics technologies:

PostHog: Anonymised product analytics — tracks app opens, feature usage, and navigation flows. Data is anonymised and cannot be linked to you. The Shiftlyx website also uses PostHog, which sets cookies with anonymised identifiers. You can opt out through your browser settings or our cookie preferences.
UXCam: Session recording for usability improvement — records screen interactions (taps, navigation) during your app sessions. Does not record passwords, payment data, or secure text fields. You can disable UXCam at any time from the App settings.
Firebase (Google): App analytics and crash reporting — collects anonymised usage events and crash stack traces to help us fix bugs and improve performance.
Meta (Facebook) App Events: Advertising measurement — tracks anonymised app events (e.g., install, sign-up, purchase) to help us measure ad campaign effectiveness and optimise marketing spend. No personal data (name, email, shift data) is shared with Meta.
Firebase Crashlytics: Crash reporting — automatically captures crash logs and device state when the app crashes. No personal data is included in crash reports.

You can opt out of analytics tracking at any time through the App settings or by contacting us at [email protected]. Opting out will not affect your ability to use the App.

12. Children's Privacy

Shiftlyx is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately at [email protected].

13. AI Voice Planner and OpenAI

The AI Voice Planner feature uses OpenAI's Realtime API via WebRTC for natural language shift planning. Voice conversations are processed in real-time and are notused to train OpenAI models (as per OpenAI's API data usage policy). We do not send your shift data, fatigue scores, or personal information to OpenAI as part of this feature beyond what you voluntarily say during a voice planning session.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the App or by email. We encourage you to review this policy periodically. The date of the latest revision is shown at the top of this page.

15. How to Make a Complaint

If you have concerns about how we handle your personal data, please contact us first — we will do our best to resolve the issue:

Email: [email protected]

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection regulator:

Website: ico.org.uk
Phone: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

16. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Email: [email protected]
Company: Beemal Innovation Ltd
Company registration number: 17048693
Address: 29 Arden Place, Luton, LU2 7YE