Privacy Policy

Your data. Your rules. Our responsibility.

Last updated: May 2026 — Schedaddle LLC

We built Schedaddle to save retail managers time, not to harvest their data. This policy explains what we collect, how we use it, and why. No legalese marathons. If you have questions, email us at privacy@schedaddle.co.

This policy is operated by Schedaddle Limited Liability Company, a Texas limited liability company doing business as "Schedaddle" ("Schedaddle," "we," "us," "our").

The Manifest — What We Collect

We only collect what we need to run the scheduling service. Here is the full manifest:

Account & Store Data

  • Email address and password (hashed — we never see it in plaintext)
  • Store name, country, timezone, and GPS coordinates (if you enable geofencing)
  • Subscription tier and billing status (payment details handled by Stripe — we do not store card numbers)

Employee & Schedule Data

  • Employee names, roles, and email addresses
  • Weekly availability windows set by the employee
  • Shift assignments, role blocks, and published schedules
  • Clock-in/out timestamps and GPS coordinates at the moment of clock-in/out
  • Break records and attendance history

Device & Usage Data

  • Push notification tokens (stored to deliver schedule alerts)
  • Device platform (iOS/Android) for notification routing
  • Standard server logs (IP address, request timestamps) for security purposes

Our Role & Legal Basis — Who Controls What

Schedaddle serves two kinds of data, and our legal role is different for each. This matters because it determines who decides how the data is used.

  • Account holder / store data (we are the controller). For the data of the store owner or manager who signs up — your account email, billing contact, and the choices you make about your store — Schedaddle decides the purposes and means of processing.
  • Employee data (we are a processor). For the data of employees a store adds to the platform — names, availability, schedules, attendance, clock-in location and biometric verification results — the store is the controller and Schedaddle acts as a processor on the store's documented instructions. We process this data to provide the Service and do not use it for our own purposes.

For employees: because your employer controls your data in Schedaddle, requests to access, correct, or delete your information are generally directed to your employer first. We will assist the store in responding, and we will honor requests we are legally required to action directly. Our Data Processing Addendum sets out these processor obligations in full.

Legal Basis for Processing

Where data protection law (such as the GDPR or UK GDPR) applies, we rely on the following bases:

  • Performance of a contract — to provide the scheduling service you or your employer signed up for.
  • Legitimate interests — to secure, maintain, and improve the Service, balanced against your rights.
  • Legal obligation — to retain certain attendance and payroll-adjacent records where law requires.
  • Consent — for optional features such as biometric clock-in and geofencing, where consent is collected by the store before the feature is used.

The Hangar — How We Protect It

The Hangar is our internal name for the security layer around your data. We take this seriously.

  • Supabase Row-Level Security (RLS): Every database query is constrained by your store ID at the database level — not just the application layer. A query from Store A physically cannot return data from Store B, even if misconfigured.
  • Encryption in transit: All data is transmitted over TLS 1.2+. No plaintext connections.
  • Encryption at rest: Supabase encrypts all data at rest on managed infrastructure.
  • Service role keys: Admin-level database operations use a service role key stored only in server-side environment variables — never exposed to the client.
  • 2FA support: TOTP-based two-factor authentication is available for all accounts.

Biometrics & Geofencing — The Sensitive Stuff

We know biometrics and location data are sensitive. Here is exactly what happens and what does not happen:

Biometric Authentication (Face ID / Fingerprint)

  • Stays on your device. Biometric data (facial geometry, fingerprint template) never leaves your phone. It is stored in the device Secure Enclave (iOS) or TrustZone (Android) — hardware-isolated storage that even we cannot access.
  • We store only the result of biometric verification (pass/fail), not any biometric template.
  • Biometrics are optional. Employees who choose not to use them can always authenticate with email and password.

Biometric data policy & retention schedule (BIPA / Texas CUBI):Schedaddle does not collect, store, or transmit any biometric identifier or biometric information. The biometric template never leaves the employee's device. The only value we receive is a pass/fail verification result, which is treated as ordinary attendance data and retained per the schedule below. Where a store enables biometric clock-in, the store must obtain the employee's written consent before first use; Schedaddle does not sell, lease, trade, or otherwise profit from any biometric data. If we ever were to receive a biometric identifier, our policy is to permanently destroy it on the earlier of the purpose being satisfied or three (3) years after the employee's last interaction with the store.

Geofencing & GPS Location

  • GPS is sampled only at the moment of clock-in or clock-out. We do not track employee location continuously. There is no background location streaming.
  • The geofence boundary (typically 100m radius around the store) is computed on-device. The device checks "am I inside this circle?" and sends us only the timestamp and a yes/no result.
  • Store GPS coordinates are set by the store manager and stored in our database. Employees can see that geofencing is enabled but cannot see the exact coordinates.
  • Geofencing is optional and configurable per store in Settings. Stores can disable it entirely or use manual clock-in only.

Plain English: We do not know where your employees are except at the exact moment they tap Clock In or Clock Out. That timestamp and location is stored for attendance records only.

The Tower — How We Use Your Data

We use your data only to run Schedaddle. Specifically:

  • To build and display your schedule
  • To send shift notifications and emails to your team
  • To calculate labor budgets, overtime flags, and training progress
  • To generate clock-in/out reports for your payroll process
  • To improve the product (aggregated, anonymized usage data only — never individually identified)

What we never do: Sell your data. Share employee data with third parties for advertising. Use your schedule data to train AI models without explicit consent. Mine your data for any purpose not described here.

Third Parties & Sub-processors

We use a small set of trusted vendors ("sub-processors") to run the Service. Each is bound by a data-processing agreement and may only use data to provide its service to us. We never share employee data with third parties for advertising.

  • Vercel — Web hosting and edge delivery. All requests to the web app and scheduled jobs run on Vercel's infrastructure.
  • Supabase — Database and authentication. Data is hosted in their managed cloud (AWS infrastructure).
  • Resend — Transactional email for schedule notifications. Your employees' email addresses are shared with Resend solely to deliver schedule emails.
  • Expo / EAS — Mobile app build and push notification delivery. Push tokens are shared to route notifications to the correct device.
  • Stripe — Payment processing. We share billing contact information. Stripe handles all card data; we never see it.
  • Google — Optional sign-in (Google OAuth) and, if you connect it, an optional Google Calendar sync that pushes shift data to a store-specific calendar. You can disconnect at any time in Settings.

The current, authoritative list — including each vendor's role, the data it touches, and its region — is published at schedaddle.co/subprocessors. We will give customers advance notice through that page before a new sub-processor that handles personal data is engaged, so you have the opportunity to object.

International Data Transfers & Residency

Schedaddle is operated from the United States, and our sub-processors may store or process data in the United States. If you or your employees are located outside the U.S. (for example, in the UK or EEA), your data will be transferred to and processed in the U.S.

Where such transfers are subject to the GDPR or UK GDPR, we rely on appropriate safeguards — the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum) — together with the technical measures described in The Hangar above. To request a copy of the transfer mechanism that applies to you, email privacy@schedaddle.co.

Data Breach Notification

We maintain procedures to detect, investigate, and respond to security incidents. If we become aware of a personal-data breach affecting your data, we will notify the affected store (as controller) without undue delay after becoming aware of it, and provide the information needed to meet your own notification obligations. Where Schedaddle is the controller, we will notify affected individuals and regulators as required by applicable law.

Your Rights

Depending on your jurisdiction, you have rights regarding your data:

  • Access: Request a copy of all data we hold about you or your store.
  • Correction: Ask us to correct inaccurate data.
  • Deletion: Request deletion of your account and all associated data. We will action this within 30 days.
  • Portability: Request your data in machine-readable format (CSV or JSON).
  • Objection: Object to specific processing activities.

To exercise any right, email privacy@schedaddle.co. We will respond within 30 days (within 45 days for California requests), and may extend that period where the law allows, in which case we will tell you. If you are an employee, see "Our Role & Legal Basis" above — we may direct your request to your employer, who controls your data. There is no charge to exercise these rights, and we will not discriminate against you for doing so.

California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the rights described above plus the right to know, delete, correct, and to limit the use of sensitive personal information. The categories below describe what we collect and how we handle it.

  • Categories collected: identifiers (name, email), commercial information (subscription/billing status), internet/network activity (server logs), geolocation (clock-in GPS), and sensitive personal information (precise geolocation; biometric verification results).
  • Sources: directly from you and your employer, and from your use of the apps.
  • Purposes: to provide, secure, and improve the scheduling service, as described in The Tower above.
  • Disclosed to: the sub-processors listed above, solely to provide the Service.

We do not sell or share your personal information as those terms are defined under the CCPA/CPRA, and we have not done so in the preceding 12 months. We do not use or disclose sensitive personal information beyond the purposes permitted by law. You may exercise your right to limit the use of sensitive personal information by disabling geofencing and biometric clock-in, or by emailing privacy@schedaddle.co.

Delete Your Account

You can request deletion of your Schedaddle account and all associated data at any time. This includes your profile, store data, employees, schedules, attendance records (subject to legal retention requirements below), and any other personal information we hold.

To request account deletion: Email privacy@schedaddle.co with the subject line "Account Deletion Request" and include the email address associated with your account.

  • We will confirm receipt within 2 business days.
  • Your account and personal data will be permanently deleted within 30 days of your request.
  • Attendance and clock-in records that law requires us to keep may be retained only for the period and purpose the applicable law requires (up to 7 years in some jurisdictions), then deleted.
  • Deletion is irreversible. All store data, schedules, and employee records will be permanently removed.

Cookies & Tracking

The Schedaddle web app uses session cookies to maintain your login state. We do not use advertising cookies, cross-site tracking pixels, or third-party analytics that identify you individually. The marketing website uses standard server logs only.

Data Retention

  • Active account data is retained for as long as your account is active.
  • On account deletion, all personal data is purged within 30 days. De-identified aggregates that can no longer reasonably be linked to an individual (e.g., total shifts processed) may be retained for product analytics; we do not attempt to re-identify them.
  • Where labor or tax law requires it, attendance and clock-in records may be retained for the period the applicable law requires (up to 7 years in some jurisdictions) and only for that compliance purpose, then deleted. This is the one carve-out to the deletion timeline above.

Changes to This Policy

We may update this policy from time to time. When we make a material change, we will update the "Last updated" date above and, where the change significantly affects how we handle your data, give notice by email or an in-app notice before it takes effect. Your continued use of the Service after a change takes effect means you accept the updated policy.

Contact

Schedaddle Limited Liability Company (d/b/a Schedaddle)
privacy@schedaddle.co
schedaddle.co

If you have a complaint about how we handle your data and we have not resolved it to your satisfaction, you have the right to lodge a complaint with your local data protection authority.