PrivacyPolicy
We are committed to protecting your privacy and being transparent about how we collect, use, and safeguard your information.
ScheduleForward Privacy Policy
Last Updated: January 18, 2026
This Privacy Policy describes how ScheduleForward, LLC ("Company," "we," "us," or "our") collects, uses, discloses, and protects your information when you use our AI-powered scheduling platform and related services (the "Service"). By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.
1. Information We Collect
We collect several types of information to provide and improve our Service:
Personal Information
When you register for an account or use our Service, we may collect:
- Name (first and last name)
- Email address
- Phone number (for SMS notifications, if opted in)
- Organization and role information
- Profile preferences and settings
Scheduling and Usage Data
We collect data related to your use of the Service:
- Shift schedules, assignments, and preferences
- Personal calendar events (vacation, time-off requests)
- Shift trade requests and history
- Calendar synchronization preferences
Technical and Log Data
We automatically collect certain information when you access our Service:
- IP address and approximate location
- Browser type and version
- Device information and operating system
- Pages visited and features used
- Date and time of access
- Session duration and activity patterns
Authentication Data
We maintain logs of authentication events for security purposes, including sign-in attempts, password resets, and session activity. This data is retained for six (6) months for security monitoring and compliance.
2. How We Use Your Information
We use the information we collect for the following purposes:
Service Delivery
To provide, maintain, and improve our scheduling platform, including generating schedules, managing shifts, and facilitating team coordination.
Communication
To send you notifications about schedules, shift changes, trade requests, and other Service-related updates via email and SMS (with your consent).
Security & Compliance
To protect the security of our Service, detect and prevent fraud, and maintain comprehensive audit logs for SOC 2 compliance.
Analytics & Improvement
To analyze usage patterns, improve our Service, and develop new features that better serve our users' needs.
Customer Support
To respond to your inquiries, troubleshoot issues, and provide technical assistance.
3. Third-Party Services
We integrate with trusted third-party services to provide our Service. These providers are bound by contractual obligations to protect your data:
Supabase
Authentication and database services. Your account credentials are securely managed with industry-standard encryption.
Twilio
SMS notification delivery. Phone numbers are stored in E.164 format and only used for Service communications you've opted into.
Resend
Email delivery service. We use this to send schedule notifications, system alerts, and important updates.
Amazon Web Services (AWS)
Cloud infrastructure and storage. ICS calendar files for external calendar synchronization are securely stored on AWS S3.
We do not sell your personal information to third parties. We only share data with service providers as necessary to operate our Service.
4. Data Retention
We retain your information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy:
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 30 days |
| Scheduling data | Per organizational policy |
| Authentication logs | 6 months |
| Audit logs | 12 months (active) + 7 years (archive) |
When data is no longer needed, it is securely deleted or anonymized. Audit logs may be archived to secure long-term storage for compliance purposes.
5. Data Security
We implement industry-standard security measures to protect your data, including encryption in transit and at rest, access controls, and regular security assessments.
Our security practices include:
- Encryption: All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption
- Access Controls: Role-based access controls (RBAC) ensure users only access data they're authorized to view
- Row Level Security: Database policies enforce strict data isolation between organizations
- Audit Logging: Comprehensive logging of all system activities for security monitoring and compliance
- Regular Assessments: Periodic security reviews and vulnerability assessments
While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.
6. Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal information:
Access
Request a copy of the personal information we hold about you
Correction
Request correction of inaccurate or incomplete information
Deletion
Request deletion of your personal information, subject to legal obligations
Portability
Receive your data in a structured, machine-readable format
Restriction
Request limitation of processing in certain circumstances
Objection
Object to processing based on legitimate interests
To exercise any of these rights, please contact us at support@scheduleforward.com. We will respond to your request within 30 days.
7. SMS Communications
If you opt in to receive SMS notifications, we will send you messages related to:
- Schedule updates and new assignments
- Shift trade requests and approvals
- Urgent schedule changes or coverage needs
- System alerts and reminders
You can opt out of SMS communications at any time by updating your notification preferences in your account settings or by replying STOP to any message. Standard message and data rates may apply.
8. Calendar Synchronization
Our Service allows you to sync your schedule with external calendar applications (Google Calendar, Apple Calendar, Outlook, etc.) via ICS files. These files are stored securely on AWS S3 and accessed via unique, non-guessable URLs. The ICS files contain only your schedule information and do not include sensitive personal data. You can disable calendar sync at any time from your account settings.
9. Cookies and Tracking
We use essential cookies and similar technologies to operate our Service:
- Authentication cookies: To keep you signed in and secure your session
- Preference cookies: To remember your settings and preferences (theme, timezone, etc.)
We do not use third-party advertising or analytics tracking cookies. We do not participate in cross-site tracking or sell data to advertisers.
10. Children's Privacy
Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately so we can delete such information.
11. International Data Transfers
Your information may be transferred to and processed in the United States, where our servers and service providers are located. By using our Service, you consent to such transfers. We ensure that appropriate safeguards are in place to protect your data in accordance with applicable data protection laws.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For significant changes, we will also send you an email notification. We encourage you to review this Privacy Policy periodically for any changes.
13. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
ScheduleForward, LLC
Email: support@scheduleforward.com
Registered in the State of Delaware, United States