ShiftBid
Legal

Privacy policy

What information ShiftBid collects, how we use it, and the choices available to you.

Last updated: May 3, 2026  ·  Effective: May 3, 2026

FireBeyond Services, LLC, d/b/a ShiftBid ("ShiftBid," "we," "us," or "our") provides a scheduling and shift-bidding platform (the "Service") to public-safety and emergency-services organizations. This Privacy Policy explains what information we collect, how we use it, and the choices available to you.

This policy covers shiftbid.io and any related applications, APIs, or services that link to it.

1. How our Service is structured

ShiftBid is a B2B platform. Our direct customers are organizations ("Customers")—typically EMS agencies, fire departments, and ambulance companies—that use the Service to schedule and assign shifts to their personnel.

Two categories of people interact with the Service:

  • Customer Administrators and Supervisors who configure the Service, run bid rounds, and manage scheduling on behalf of a Customer.
  • End Users (employees of a Customer) who view schedules, submit bids, request swaps, and otherwise use scheduling features.

When ShiftBid handles personal data on behalf of a Customer in the course of providing the Service, the Customer is the controller of that data and ShiftBid acts as a processor (or "service provider" under U.S. state law). The Customer's own privacy notice governs how that data is collected from End Users and what rights End Users have. End Users with questions about their data should generally contact their employer first.

When we collect information directly through our website, marketing channels, or sales process, ShiftBid is the controller of that data, and this Policy applies directly.

2. Information we collect

2.1 Information Customers provide

To set up and operate a tenant, Customers and their Administrators provide:

  • Organization details (name, address, billing contact, agency type)
  • User account records for Administrators, Supervisors, and End Users (name, work email, employee ID, role, seniority date, certifications, classifications relevant to scheduling)
  • Schedule configuration data (shift templates, rotations, work-period rules, FLSA Section 207(k) settings, overtime regimes)
  • Operational data generated through use of the Service (bids, awards, swap requests, time-off requests, audit logs)

2.2 Information End Users provide

When End Users sign in and use the Service, we process:

  • Authentication credentials and session information
  • Scheduling preferences and bid selections
  • Communications submitted through the Service (e.g., swap requests, comments)

We do not knowingly collect protected health information (PHI), patient data, or clinical records. The Service is not designed for, and Customers should not upload, PHI.

2.3 Information collected automatically

When you use the Service or visit our website, we (and our analytics providers) automatically collect:

  • Device and browser information (user agent, OS, screen size, language)
  • IP address and approximate geolocation derived from it
  • Usage data (pages viewed, features used, click events, timing, error events)
  • Cookies and similar technologies (see Section 7)

We use PostHog (a third-party product analytics service) to capture product usage events. PostHog data is logically scoped to the Customer tenant.

2.4 Information from website visitors and prospects

If you submit a demo request, join the waitlist, or otherwise contact us through our marketing site, we collect the contact details and message contents you provide.

3. How we use information

We use the information described above to:

  • Provide, maintain, and operate the Service for our Customers
  • Authenticate users and enforce role-based access
  • Run scheduling optimization, bidding, and swap workflows
  • Generate audit trails and bid-round archives required by Customers
  • Monitor performance, debug issues, and improve product quality
  • Provide customer support and respond to inquiries
  • Communicate with Customers about service updates, security issues, and billing
  • Send marketing communications to prospects who have opted in (you can unsubscribe at any time)
  • Comply with legal obligations and enforce our agreements

We do not sell personal information, and we do not use Customer or End User data to train third-party AI/ML models.

4. How we share information

We share personal information only as described below.

4.1 With the Customer

End User data is accessible to the Customer organization that the End User belongs to, in accordance with that Customer's role and access configuration.

4.2 With service providers (sub-processors)

We use vetted third parties to host and operate the Service. Each is contractually bound to protect the data they process on our behalf. Current categories include:

  • Cloud and infrastructure hosting
  • Product analytics (PostHog)
  • Email delivery and transactional messaging
  • Customer support tooling
  • Payment processing (for billing only)

A current list of named sub-processors is available on request at the contact address below.

4.3 For legal reasons

We may disclose information if required by law, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect rights, safety, or property.

4.4 In a corporate transaction

If ShiftBid is involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction, subject to standard confidentiality protections.

5. Data retention

We retain personal information for as long as it is needed to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements.

  • Active operational data is retained for the life of the Customer's account.
  • Bid round archives are retained on a Customer's behalf as a historical record of closed bid rounds. Customers may configure or request changes to archive retention, subject to legal-hold considerations.
  • Backups are retained on a rolling schedule and may persist for a limited period after deletion from production systems.

When a Customer's account terminates, we will delete or return Customer data in accordance with the applicable subscription agreement.

6. Security

We use administrative, technical, and physical safeguards designed to protect personal information, including:

  • Encryption of data in transit (TLS) and at rest where supported
  • Tenant-level data isolation
  • Role-based access controls and least-privilege practices
  • Audit logging of administrative actions
  • Routine patching and dependency monitoring

No system is perfectly secure. If we become aware of a security incident affecting personal information, we will notify affected Customers as required by law and our contractual obligations.

7. Cookies and similar technologies

We use cookies and local storage to keep you signed in, remember preferences, and measure product usage. You can control cookies through your browser settings, but disabling them may impair Service functionality.

We do not currently respond to "Do Not Track" browser signals. We honor the Global Privacy Control (GPC) signal where it applies under state law.

8. Your rights and choices

8.1 End Users

If you are an End User of a Customer's ShiftBid tenant, your employer controls your account and most of the data associated with it. To request access, correction, deletion, or export of your information, please contact your employer first. We will assist Customers in responding to such requests.

8.2 Direct relationships

If you interact with ShiftBid directly (for example, as a website visitor, prospect, or billing contact), you may request to:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Delete your information, subject to legal exceptions
  • Opt out of marketing communications

To exercise these rights, contact us at the address in Section 12.

8.3 U.S. state privacy rights

Residents of California, Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Washington, and other states with comprehensive privacy laws have specific rights under those laws, including the rights described above and the right to appeal a denial of a request. We do not sell personal information and do not engage in "sharing" for cross-context behavioral advertising as those terms are defined under California law.

We will not discriminate against you for exercising any of these rights.

8.4 Washington My Health My Data Act

ShiftBid is not a "regulated entity" under the Washington My Health My Data Act for purposes of the Service, because we do not collect, process, or share consumer health data as defined by the Act. If our scope changes, we will update this notice.

9. International users

ShiftBid is operated from the United States, and our infrastructure is located in the United States. If you access the Service from outside the U.S., your information will be transferred to and processed in the United States, which may have different data-protection laws than your country of residence.

We do not currently market the Service outside the United States.

10. Children's privacy

The Service is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided information to us, please contact us so we can delete it.

11. Changes to this Policy

We may update this Policy from time to time. When we do, we will revise the "Last updated" date at the top. If changes are material, we will provide additional notice (such as an in-app notice or email to Customer Administrators).

12. Contact us

For questions about this Policy or our privacy practices:

FireBeyond Services, LLC, d/b/a ShiftBid
Email: privacy@shiftbid.io