Privacy Policy

Last updated: Thu 4 December 2025

This Privacy Notice for LOUD srl (“we”, “us”, or “our”) describes how and why we collect, store, use, and/or share (“process”) your personal information when you use our mobile application SuperShift AI: PDF a Calendar (the “App”) on iOS and Android.

If you do not agree with this Privacy Notice, please do not use the App.

If you have any questions or concerns, you can contact us at:
📧 hello@shiftcalendar.it

1. Who We Are

LOUD srl
Registered office: Via Vittorio Emanuele II, 1 – 25122 Brescia, Italy
VAT / Company ID: IT03902100985
Email: hello@shiftcalendar.it

LOUD srl is the data controller for the processing of personal data described in this Privacy Notice.

We do not have a designated Data Protection Officer (DPO).

2. What Information We Collect

2.1. Information you provide directly

When you use the App, we may collect the following information you provide:

• Account and authentication data
  • Email address
  • Password (if you register with email and password)
  • Information received from Apple or Google when you sign in with those providers (for example, name, email address, and a unique identifier, depending on your settings with those providers)
• Support communications
  • If you contact us by email (for support or questions), we will process the information you include in your message (e.g. email address, any additional data you provide).

We do not collect feedback via in-app forms or surveys at the moment.

2.2. Application data: images and calendar information

To provide the core functionality of the App, we process:

• Images, photos, PDFs, or screenshots of your work schedule / shift calendar
  • You can use the camera permission to capture a photo of your schedule or choose an existing image/PDF from your device.
  • These files are uploaded to our servers (using Firebase / Google Cloud / AWS) to run AI-based extraction of shift information.
• Extracted shift data and events
  • Our AI extracts dates, times and shift details from the uploaded image or PDF.
  • This extracted information is used to create events in your personal calendar (for example, Google Calendar, iOS Calendar, Outlook, or other calendar apps you choose).
  • Important: once the events are imported into your calendar, the shift data is stored only in your calendar. We do not keep a separate copy of your shift schedule on our own database for long-term storage or internal profiling.
• Access to your calendar
  • The App requests access to your calendar with write-only permissions, where technically possible.
  • We use this access only to create or update events related to your shifts.
  • We do not use your existing calendar data for analytics, profiling, or marketing.

2.3. Information collected automatically

When you use the App, certain technical data are collected automatically for security, diagnostics and analytics, for example:

• Device information (device model, OS version, language, app version)
• IP address or approximate location (country/region)
• App usage data (e.g. screens viewed, basic interactions, crash reports, performance metrics)

We mainly collect this via Firebase (Analytics and Crashlytics) and similar tools.

We do not collect special categories of personal data (such as health data, political opinions, etc.) intentionally through the App.

3. How We Use Your Information

We process your personal data for the following purposes:

1. To provide and operate the App
   • Create and manage your user account
   • Authenticate your login (email/password, Apple, Google)
   • Process uploaded images/PDFs to extract shifts and transform them into calendar events
   • Write events into your chosen calendar (Google, iOS, Outlook, etc.)
   • Provide reminders and in-app notifications related to your shifts (if enabled)
2. To ensure the security and proper functioning of the App
   • Monitor app performance and stability
   • Detect, prevent and fix bugs, crashes and technical issues
   • Protect against abuse or misuse of the App
3. To perform analytics and improve the App
   • Understand how users interact with the App (on an aggregated or pseudonymised basis)
   • Improve usability, features, and overall user experience
4. To respond to your requests
   • Answer your support emails or technical questions
   • Handle requests to exercise your privacy rights
5. To comply with legal obligations
   • Fulfil obligations under applicable laws (e.g. data protection laws)
   • Cooperate with authorities where required by law

We do not use your data for targeted advertising, user profiling for marketing, or sale of personal data.

4. Our Legal Bases (EU/UK Users)

If you are located in the European Union or United Kingdom, we process your personal data under the following legal bases (GDPR / UK GDPR):

• Performance of a contract (Art. 6(1)(b) GDPR)
  To create and manage your account, authenticate your login, process images to extract shifts, and write events into your calendar—these actions are necessary to provide the App’s core functionality you requested.
• Legitimate interests (Art. 6(1)(f) GDPR)
  For app security, fraud prevention, diagnostics, crash logs, and aggregated analytics to improve the App, as long as these interests are not overridden by your rights and freedoms.
• Legal obligation (Art. 6(1)(c) GDPR)
  Where we are required to retain or disclose certain information to comply with applicable law.

Where we rely on legitimate interests, we have balanced our interests with your rights and concluded that our processing is proportionate and has minimal impact on your privacy. You have the right to object to processing based on legitimate interests (see section 8).

5. Google API and Social Logins

5.1. Google APIs and Google login

If you choose to log in with your Google account or connect your Google Calendar, we will receive certain information from Google (for example name, email address, basic profile information and tokens necessary to create events in your calendar).

Our use of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.

We use this information only to:

• Authenticate your identity
• Connect the App to your Google Calendar to create or update shift events
• Maintain your session and account status

We do not use Google Calendar data for marketing, unrelated analytics, or selling data.

5.2. Apple login

If you choose to sign in with Apple, we receive the information Apple shares with us (such as an email address and a unique user identifier) according to your Apple ID settings. We use this only for authentication and account management.

6. Third-Party Services We Use

We rely on third-party providers to operate the App:

• Firebase (Google)
  • Firebase Analytics: technical and usage analytics for app improvement
  • Firebase Crashlytics: crash reports and diagnostics
  • Firebase Cloud Messaging / Notifications: sending push notifications (for example reminders about shifts, service messages)
• Google Cloud
  • Used in connection with authentication (e.g. Google login) and backend services required to run the App.
• Amazon Web Services (AWS)
  • Storage and backup of server-side data and files necessary to operate the App (e.g. temporary storage of images/PDFs, logs, encrypted backups).

These providers act as our data processors where they handle data on our behalf. They are bound by contractual obligations to process personal data only according to our instructions, implement appropriate security measures, and not use data for their own purposes.

We do not use any advertising networks or in-app ad SDKs in SuperShift AI at this time.

7. How Long We Keep Your Information

We keep your personal data only for as long as is reasonably necessary for the purposes described in this Privacy Notice, or as required by law.

In particular:

• Account and authentication data
  • Stored for as long as your account remains active.
  • If you request account deletion, we will delete or anonymise your account data within a reasonable period, unless we need to keep certain data for legal reasons.
• Images / PDFs / screenshots of your schedules
  • Stored on our servers for a limited period strictly necessary to perform AI extraction, ensure the correct functioning of the service, and allow basic troubleshooting.
  • After that, the files are deleted or irreversibly anonymised. We do not keep your images indefinitely.
• Extracted shift information
  • Used to create events in your own calendar and then retained only in your calendar application (Google Calendar, iOS Calendar, Outlook, etc.) under the control of those providers and your device settings.
  • We do not keep a long-term copy of your shift data on our own database for independent profiling.
• Technical logs, diagnostics and analytics data
  • Stored for a limited time necessary to ensure security and app performance. Where possible, this data is aggregated or pseudonymised.

If you ask us to delete your data, we will follow up without undue delay and in accordance with applicable law (see section 8).

8. Your Privacy Rights

Depending on your location, you may have some or all of the rights listed below regarding your personal data:

• Right of access – to obtain confirmation as to whether we process your personal data and receive a copy.
• Right to rectification – to correct inaccurate or incomplete data.
• Right to erasure (“right to be forgotten”) – to request deletion of your personal data, where applicable.
• Right to restriction of processing – to limit how we process your data in certain circumstances.
• Right to data portability – to receive your personal data in a structured, commonly used and machine-readable format and transmit it to another controller, where applicable.
• Right to object – to object to processing based on our legitimate interests.
• Right to withdraw consent – where we rely on consent (if ever applicable), you can withdraw it at any time.

If you are in the EU or UK, you also have the right to lodge a complaint with your local supervisory authority (for example, in Italy: Garante per la Protezione dei Dati Personali – www.gpdp.it).

You can exercise your rights at any time by contacting us at:
📧 hello@shiftcalendar.it

We may ask you to provide certain information to verify your identity before responding to your request.

9. Children’s Privacy

The App is not intended for use by children under the age of 16 (or the minimum age required by the law in your country, if different).

We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will take steps to delete such information as soon as reasonably possible.

If you believe a child has provided us with personal data, please contact us at hello@shiftcalendar.it.

10. Security of Your Information

We use appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration or destruction. These measures include, for example:

• Encryption in transit (e.g. HTTPS) and, where appropriate, at rest
• Access controls and authentication
• Regular monitoring and logging
• Use of reputable cloud providers (Firebase, Google Cloud, AWS) with strong security standards

However, no method of transmission or storage can be guaranteed to be 100% secure. You use the App at your own risk and should also take steps to protect your data (for example, by using strong passwords and keeping your device secure).

11. International Transfers

Our servers and some of our service providers (Firebase, Google Cloud, AWS) may be located in countries outside the European Economic Area (EEA) or the UK.

Where personal data is transferred outside the EEA/UK, we ensure that appropriate safeguards are in place, such as:

• An adequacy decision by the European Commission, or
• Standard Contractual Clauses approved by the European Commission, or
• Other appropriate safeguards required by data protection laws.

You can contact us at hello@shiftcalendar.it if you want more information about these safeguards.

12. US Residents (Brief Notice)

If you are a resident of certain US states with specific privacy laws (for example, California, Colorado, Virginia), you may have additional rights, such as:

• The right to know which categories of personal information we collect and for what purposes
• The right to access and delete your personal information
• The right to correct inaccurate personal information
• The right to know whether your personal information is sold or shared

We do not sell your personal information and do not engage in targeted advertising for SuperShift AI.

You can exercise your rights or ask questions by emailing hello@shiftcalendar.it. We will respond according to applicable US state laws.

13. Changes to This Privacy Notice

We may update this Privacy Notice from time to time, for example to reflect changes in the App, our processing activities, or applicable laws.

When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you within the App (for example via a notice or prompt).

We encourage you to review this Privacy Notice periodically to stay informed about how we protect your data.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Notice or our handling of your personal data, you can contact us at:

📧 hello@shiftcalendar.it
📮 LOUD srl – Via Vittorio Emanuele II, 1 – 25122 Brescia, Italy