Privacy Policy

AISchedulator (“we”, “us”, “our”) provides an online shift scheduling service at aischedulator.com and related applications. This Privacy Policy explains how we collect, use, and protect personal data when you use our service.

If you have questions, contact us through the Contact page on our website.

We collect information you provide and data generated through use of the service:

• Account data: name, email address, password (stored in hashed form by our auth provider), and role (team manager or team member).
• Team and scheduling data: team names, shift types, availability, assigned shifts, swap requests, scheduling rules, and related notes you choose to enter.
• Optional profile and shift-log data: job title, department labels, locations, or other optional fields you add to your profile or personal shift log.
• Billing data: subscription status and payment-related identifiers processed by our payment provider (we do not store full card numbers).
• Communications: messages you send us (e.g. contact form, feedback) and email delivery metadata for invitations and notifications.
• Technical data: IP address, browser/device type, session cookies, and similar logs needed to operate and secure the service.
• Push notification tokens if you enable mobile notifications.

AISchedulator is a workforce scheduling tool, not a medical records system. Do not enter patient names, diagnoses, medical record numbers, or other protected health information (PHI) into the service. We do not design the product for HIPAA-covered use unless a separate agreement explicitly says otherwise.

You and your team managers are solely responsible for the accuracy, completeness, and lawfulness of all data you enter (including availability, shift assignments, names, and rules). We store and process that data to operate the software but do not verify that schedules are correct, fair, safe, or compliant with your workplace policies or applicable law.

We use personal data to:

• Create and manage your account and authenticate you.
• Provide scheduling, availability, invitations, exports, and related features.
• Send transactional emails (e.g. invitations, confirmations, optional reminders) when enabled.
• Process subscriptions and prevent abuse or fraud.
• Improve reliability, security, and support.
• Comply with legal obligations.

Where GDPR applies, we rely on: performance of a contract (providing the service), legitimate interests (security, improvement, and communication about the service), consent (where required, e.g. optional marketing or non-essential cookies), and legal obligation.

We use trusted third parties to run the service. They process data on our instructions and under appropriate safeguards. Typical categories include:

• Hosting and infrastructure (e.g. cloud hosting).
• Database and authentication (e.g. Supabase).
• Email delivery (e.g. Resend).
• Payments (e.g. Stripe).
• Error monitoring and analytics, if enabled.

We keep personal data while your account is active and as needed to provide the service, resolve disputes, enforce our terms, and meet legal requirements. You may request deletion of your account; some data may be retained in backups or logs for a limited period.

We use industry-standard measures such as encryption in transit, access controls, and role-based permissions. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

Depending on your location, you may have rights to access, correct, delete, restrict, or port your personal data, and to object to or withdraw consent for certain processing. You may also lodge a complaint with a supervisory authority.

To exercise rights, contact us via the Contact page. We may need to verify your identity.

Your data may be processed in countries other than your own, including the United States and the European Union, where our providers operate. We use appropriate safeguards where required by law.

We use essential cookies and similar technologies for authentication, security, and basic preferences (e.g. language). These are necessary for the service to function. We do not use third-party advertising cookies on the core application.

The service is not directed to children under 16. We do not knowingly collect personal data from children. Contact us if you believe a child has provided data.

We may update this policy from time to time. We will post the revised version with an updated date. Continued use after changes means you accept the updated policy.