Shiftometer.
[01 / 09]legal · privacy

Privacy Policy

Effective Date: January 13, 2026

[EU · GDPR · 2026]
Privacy Policy

Effective Date: January 13, 2026


introduction

At Shiftometer, we understand that your thoughts regarding your professional future are personal and sensitive. This policy outlines how we handle your data with one clear priority: privacy and security.

[01 / 09]article

1. What data do we collect?

Profile Data
The occupation you select and the skills you declare
Progress Data
The status of your training checklists and your short-term professional goals
AI Interactions
The content of the queries you submit to our "AI Coach"
Technical Data
Device type and OS version (to ensure application stability across Android and iOS)

[02 / 09]article

2. Data Usage by Artificial Intelligence

This is a critical point of our commitment:

No Public Training
We utilize professional-grade APIs from our partners (e.g., Google Gemini API). Your queries and profile data are sent to generate a response, but they are never used to train or improve public AI models
Ephemeral Context
Data sent to the AI is used solely to provide personalized advice within the scope of your current session

[03 / 09]article

3. Storage and Security

Local Storage
A significant portion of your information (your Timer, selected occupations) is stored directly on your device via AsyncStorage. If you delete the application, this data is removed
Anonymization
For our internal improvement statistics (e.g., identifying which occupations are most frequently consulted to refine our reports), data is fully anonymized

[04 / 09]article

4. Data Sharing

We never sell your personal data to third parties. Data sharing only occurs with our technical service providers strictly necessary for the Application's operation:

Stripe
For secure payment processing (we never have access to your credit card numbers)
AI API Providers
Solely to generate your personalized career advice

[05 / 09]article

5. Your Rights

  • In compliance with the GDPR, you have the right to access, rectify, and delete your data
  • You can reset your profile at any time within the application settings
  • For any request regarding the permanent deletion of data stored on our coaching servers, please contact us

[06 / 09]article

6. Confidentiality Regarding Employers

The Shiftometer application is a strictly personal tool. No data is shared with your employer, your training organization, or third-party recruitment sites, unless you explicitly choose to export your action plan.

[07 / 09]article · b2b audit

7. B2B Offering — AI Audit and Individual Action Plans

Within the B2B offering "AI Audit on Jobs, Skills and Tools", Shiftometer processes data provided by a corporate client as a processor within the meaning of Article 28 GDPR. The main contract and a Data Processing Agreement (DPA) define the roles, purposes and retention periods.

Default data collected
Sector, size and location of the company, simplified org chart (positions and reporting lines, favoring non-nominative data), list of roles, software stack, critical processes, operational pain points, AI projects already tested, regulatory constraints, 12-month management objectives.
Data expressly excluded unless written agreement
Individual salaries, nominative evaluations, full HR files, health data or other sensitive data within the meaning of Article 9 GDPR, employee CVs without explicit consent, data identifying minors. Collection of these categories requires specific consent and a documented necessity on a case-by-case basis.
No training of external models
Data transmitted by the corporate client and its employees is not used to train or improve public AI models. The APIs used (notably Google Gemini API professional tier) are configured to exclude the use of prompts for training purposes.
EU hosting by default
Data storage is hosted by default in a European region (Google Cloud `europe-west1`). Residual transfers outside the EU (notably Vercel edge and certain Google APIs) are governed by the standard contractual clauses adopted by the European Commission, complemented where applicable by the EU–US Data Privacy Framework.

[08 / 09]article · sous-traitants

8. Technical sub-processors

Shiftometer relies on the following sub-processors to deliver the service. The full list, their role and location are provided in the DPA annex made available to B2B clients.

Google Cloud / Firebase
Hosting of the database (Firestore), file storage (Cloud Storage) and authentication (Firebase Auth). Main region: `europe-west1` (Belgium). Provider: Google Ireland Ltd.
Vercel Inc.
Hosting of the Next.js application, edge functions and CDN. Headquarters: United States; distributed edge servers. Framework: Vercel DPA and standard contractual clauses.
Google — Gemini API
Large language model processing of data provided by the client to produce the audit and individual plans. Professional tier without model training. Routing as configured; transfers outside the EU are governed contractually.
Stripe
Secure payment processing (individual journeys and B2B billing). No card data is retained by Shiftometer.

Any addition or replacement of a sub-processor involving the processing of B2B client data is notified to the client at least thirty (30) days in advance, in accordance with Article 28 GDPR.

[09 / 09]article · conservation

9. Retention and exercise of rights

Retention periods per data category are detailed in the internal Retention Policy (`docs/legal/RETENTION_POLICY.md`). Operational procedures for complete erasure of an organization, data export and response to rights requests are described in `docs/legal/RGPD_PROCEDURES.md`.

For any request regarding your data (access, rectification, erasure, portability, restriction, objection), please contact us by email. Response time: one (1) month maximum in accordance with Article 12.3 GDPR.


[end · shiftometer · 2026]

Privacy Policy - Shiftometer