Privacy Policy — Shift Leader

This Privacy Policy describes how Shift Leader Technologies, Inc. ("Shift Leader," "we," "us," or "our") collects, uses, discloses, and protects information in connection with our website located at www.shiftleader.net (the "Site") and our cloud-based software platform (the "Platform"). Please read this policy carefully. By accessing the Site or using the Platform, you agree to the practices described herein.

We serve two distinct categories of individuals: (1) visitors to our Site and prospective customers, and (2) authorized users of our Platform, including employees and representatives of our business clients ("Clients"). This policy addresses both.

Information We Collect

1.1 Information You Provide Directly

Contact and account information: name, business name, email address, phone number, job title, and license number when you register for an account or fill out a contact form.
Billing and payment information: collected and processed by our third-party payment processor (Stripe). Shift Leader does not store full credit card numbers on its own servers.
Business and operational data: plant and inventory records, cultivation tracking data, employee names and labor hours, order and financial transaction data, compliance workflow data, lab reports, and manifest information entered into the Platform by Clients or their authorized users.
Communications: emails, support requests, and other messages you send to us.

1.2 Information Collected Automatically

Log data: IP address, browser type, operating system, referring URLs, pages visited, and timestamps when you access the Site or Platform.
Usage data: features accessed, actions taken within the Platform, error logs, and performance data.
Cookies and similar technologies: we use session cookies necessary for Platform functionality. We do not currently use third-party analytics, advertising cookies, or tracking pixels. If this changes, we will update this policy and, where required, obtain your consent.

1.3 Information from Third-Party Integrations

Our Platform integrates directly with state-mandated regulatory tracking systems via their APIs. Data retrieved through these integrations is processed on behalf of our Clients for compliance and operational purposes. We do not use data obtained through regulatory integrations for any purpose other than providing the contracted services to the applicable Client.

How We Use Your Information

We use the information we collect for the following purposes:

To provide, operate, and maintain the Platform and its features.
To process payments and manage billing.
To communicate with you regarding your account, support requests, and service updates.
To comply with applicable legal obligations, including state and local regulatory requirements.
To detect, investigate, and prevent fraud, security incidents, and misuse of our services.
To improve and develop our products, features, and user experience based on aggregated, de-identified usage patterns.
To respond to your inquiries and provide customer support.

We do not sell your personal information. We do not use your business data entered into the Platform for advertising, cross-customer analytics, or any purpose other than delivering the services you have contracted for.

How We Share Your Information

3.1 Service Providers

We share information with trusted third-party vendors who assist in operating our Platform and business, including:

Amazon Web Services (AWS): cloud hosting and infrastructure.
Stripe: payment processing.
State regulatory tracking integrations: state-mandated compliance tracking systems (data exchange is bidirectional per regulatory requirements).

All service providers are contractually required to handle your data only as directed by us and in accordance with applicable law.

3.2 Legal Requirements

We may disclose information if required to do so by law, regulation, court order, or governmental authority, including applicable state regulatory agencies. We will notify affected Clients of such requests where legally permitted to do so.

3.3 Business Transfers

If Shift Leader is involved in a merger, acquisition, asset sale, or similar transaction, your information may be transferred as part of that transaction. We will provide notice before your information is subject to a materially different privacy policy.

3.4 With Your Consent

We may share information in other circumstances with your explicit consent.

Data Retention

We retain personal information and Client data for as long as necessary to provide our services, comply with legal obligations (including applicable recordkeeping requirements), resolve disputes, and enforce our agreements. Clients may request deletion of their account data upon termination of service, subject to any legally mandated retention periods under applicable state law.

Data Security

We implement industry-standard administrative, technical, and physical safeguards to protect your information, including:

Encryption of data in transit (TLS) and at rest on AWS infrastructure.
Role-based access controls limiting employee access to Client data.
Regular security assessments and vulnerability monitoring.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly notifying affected Clients in the event of a data breach as required by applicable law.

Your Rights and Choices

6.1 Account Data

Authorized users may access, correct, or update their account information by logging into the Platform or contacting us at service@shiftleader.net.

6.2 Cookies

You may configure your browser to refuse cookies or alert you when cookies are being sent. Disabling strictly necessary cookies may impair Platform functionality.

6.3 Colorado Privacy Rights

Colorado residents may have rights under the Colorado Privacy Act (CPA), including the right to access, correct, delete, or obtain a copy of personal data we hold about them, and the right to opt out of certain processing. To exercise these rights, contact us at service@shiftleader.net. We will respond within 45 days as required by law.

6.4 Nevada and Other States

Residents of other states with applicable privacy laws may contact us to exercise rights available under their state law. We will respond as required by applicable law.

Children's Privacy

Our Site and Platform are intended for use by business professionals in licensed, regulated industries. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have collected such information, we will delete it promptly.

Third-Party Links

Our Site or Platform may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policies of any third-party site you visit.

Regulated Industry Notice

Our Clients operate in state-licensed, regulated industries subject to significant regulatory oversight. Data entered into the Platform may be subject to inspection, audit, or disclosure obligations under applicable state law, regardless of this Privacy Policy. Clients are responsible for understanding and complying with their own regulatory obligations regarding data and recordkeeping.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify Clients via email or a prominent notice within the Platform at least 14 days before the changes take effect. Your continued use of the Platform after the effective date constitutes acceptance of the updated policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Shift Leader Technologies, Inc.

Emailservice@shiftleader.net

Webwww.shiftleader.net

For formal legal notices, please send written correspondence to our registered address on file with the Delaware Division of Corporations.