Privacy Policy - ScheduHub

Last updated: January 31, 2026

1. Introduction

ScheduHub ("we", "our", "us", or "the Company") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, process, disclose, and safeguard your information when you use our mobile applications, website, and related services (collectively, "the Service").

This Privacy Policy is designed to comply with the EU General Data Protection Regulation (GDPR), Danish Data Protection Act, and other applicable data protection laws.

Data Controller

ScheduHub is the data controller responsible for your personal data. For questions regarding data protection, please contact us at privacy@scheduhub.app.

2. Information We Collect

2.1 Personal Information You Provide

We collect personal information that you voluntarily provide when registering for or using the Service:

Account Information: Full name, email address, password (encrypted)
Profile Information: Profile photo, phone number, job title, department (optional)
Workspace Data: Workspace names, employee schedules, shift assignments, availability preferences, time-off requests
Communication Data: Messages sent through in-app chat, support inquiries, feedback
Payment Information: Billing address, payment method details (processed and stored by our payment processor Stripe; we do not store full credit card numbers)

2.2 Automatically Collected Information

When you access or use the Service, we automatically collect:

Device Information: Device type, operating system, browser type, device identifiers, mobile network information
Usage Data: Access times, pages viewed, features used, clicks, scrolling behavior, session duration
Log Data: IP address, server logs, error reports, crash data
Location Data: Approximate location based on IP address; precise location only with your explicit consent
Cookies and Tracking Technologies: See Section 10 for details

2.3 Information from Third Parties

We may receive information about you from:

Authentication providers (if you use social login)
Payment processors (transaction confirmations, payment status)
Analytics providers (aggregated usage statistics)

3. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds under Article 6 of the GDPR:

Contract Performance (Art. 6(1)(b)): Processing necessary to provide the Service, manage your account, and fulfill our contractual obligations
Legitimate Interests (Art. 6(1)(f)): Fraud prevention, security measures, service improvements, analytics
Consent (Art. 6(1)(a)): Location tracking, marketing communications, optional features (you may withdraw consent at any time)
Legal Obligation (Art. 6(1)(c)): Compliance with tax, accounting, and legal requirements

4. How We Use Your Information

We use the collected information for the following purposes:

4.1 Service Provision

Create and manage your account
Provide shift scheduling and workforce management features
Enable team communication and collaboration
Send notifications about shifts, schedules, and important updates
Provide customer support and respond to inquiries

4.2 Business Operations

Process payments and maintain billing records
Detect and prevent fraud, abuse, and security incidents
Enforce our Terms of Service and protect our legal rights
Comply with legal obligations and respond to legal requests

4.3 Service Improvement

Analyze usage patterns to improve features and user experience
Conduct research and development for new features
Perform quality assurance and testing
Generate anonymized, aggregated statistics

4.4 Marketing (With Your Consent)

Send promotional emails about new features, updates, and offers
Personalize your experience with relevant content
You may opt-out of marketing communications at any time

5. Data Sharing and Disclosure

We do not sell your personal data. We share your information only in the following circumstances:

5.1 Within Workspaces

Your name, profile photo, job title, and schedule information are visible to other members of workspaces you join or create. Workspace administrators can view member activity and manage permissions.

5.2 Service Providers

We share data with trusted third-party service providers who assist us in operating the Service:

Firebase/Google Cloud Platform: Hosting, database, authentication, cloud storage
Stripe: Payment processing and subscription management
Email Service Providers: Transactional and marketing emails
Analytics Providers: Usage analytics and performance monitoring
Customer Support Tools: Help desk and support ticketing

All service providers are contractually bound to protect your data and use it only for the purposes we specify.

5.3 Business Transfers

If ScheduHub is involved in a merger, acquisition, sale of assets, or bankruptcy, your personal data may be transferred to the successor entity. We will notify you before your data is transferred and becomes subject to a different privacy policy.

5.4 Legal Requirements

We may disclose your information when required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to:

Comply with legal obligations
Protect our rights, property, or safety
Prevent fraud or abuse
Protect the safety of our users or the public

5.5 With Your Consent

We may share information with third parties when you explicitly consent to such sharing.

6. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where our service providers (Firebase/Google Cloud, Stripe) operate data centers.

When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

Standard Contractual Clauses approved by the European Commission
Adequacy decisions for countries recognized as providing adequate data protection
Certification under the EU-U.S. Data Privacy Framework (where applicable)

7. Data Security

We implement industry-standard technical and organizational security measures to protect your personal data against unauthorized access, loss, misuse, or alteration:

Encryption: Data in transit is encrypted using TLS/SSL; data at rest is encrypted using AES-256
Access Controls: Role-based access controls and multi-factor authentication for internal systems
Security Monitoring: Continuous monitoring for security threats and vulnerabilities
Regular Audits: Periodic security assessments and penetration testing
Employee Training: Staff are trained on data protection and security best practices
Secure Infrastructure: Data hosted on Google Cloud Platform with SOC 2, ISO 27001, and other certifications

While we strive to protect your personal data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights Under GDPR

Under the GDPR and Danish data protection laws, you have the following rights regarding your personal data:

8.1 Right of Access (Art. 15)

You have the right to obtain confirmation of whether we process your personal data and to access that data. You can view most of your data in your account settings.

8.2 Right to Rectification (Art. 16)

You have the right to correct inaccurate or incomplete personal data. You can update most information directly in your account settings.

8.3 Right to Erasure (Art. 17)

You have the right to request deletion of your personal data under certain circumstances. You can delete your account at any time through the app settings or by contacting us.

8.4 Right to Restriction of Processing (Art. 18)

You have the right to request that we restrict processing of your personal data in certain situations.

8.5 Right to Data Portability (Art. 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

8.6 Right to Object (Art. 21)

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

8.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

8.8 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@scheduhub.app. We will respond to your request within 30 days. We may request verification of your identity before processing your request.

8.9 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your residence, place of work, or place of alleged infringement. In Denmark, the supervisory authority is:

Datatilsynet (Danish Data Protection Agency)
Website: www.datatilsynet.dk

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

Active Accounts: Data is retained while your account is active and for as long as needed to provide the Service
Deleted Accounts: After you delete your account, we retain your data for 30 days to allow account recovery. After 30 days, personal data is permanently deleted from our active systems
Backup Systems: Data may persist in encrypted backups for up to 90 days for disaster recovery purposes
Legal Obligations: We may retain certain data longer when required by law (e.g., financial records for tax purposes, typically 5 years)
Anonymized Data: We may retain anonymized, aggregated data indefinitely for analytics and research

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience and analyze usage:

10.1 Types of Cookies We Use

Essential Cookies: Required for authentication, security, and core functionality (cannot be disabled)
Performance Cookies: Collect anonymous usage statistics to improve the Service
Functional Cookies: Remember your preferences and settings
Analytics Cookies: Help us understand how users interact with the Service (Google Analytics, Firebase Analytics)

10.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may limit functionality. For more information, visit www.allaboutcookies.org.

10.3 Local Storage

We use browser local storage to cache authentication state and user preferences for improved performance.

11. Children's Privacy

ScheduHub is not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@scheduhub.app, and we will delete such information.

12. Third-Party Links

The Service may contain links to third-party websites, applications, or services not operated by us. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you access.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Update the "Last updated" date at the top of this policy
Notify you via email or in-app notification
Request your consent where required by law

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy, unless consent is required.

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@scheduhub.app
Data Protection Inquiries: dpo@scheduhub.app

We will respond to your inquiry within 30 days.

15. Data Processing Addendum (For Business Customers)

If you are a workspace owner or administrator who uses ScheduHub to process personal data of your employees, you are the data controller and ScheduHub acts as a data processor. In this capacity, we process data only according to your instructions and in compliance with GDPR Article 28. A Data Processing Addendum (DPA) is available upon request at legal@scheduhub.app.