1. Introduction

Shifter ("Shifter", "we", "us", "our") is a workforce management and financial technology platform operated by Pigeon Estate. Shifter helps employers manage attendance, timesheets, payroll calculations, and controlled wage access for frontline and shift-based workers.

This Privacy Policy explains how we collect, use, store, and protect personal information when you use:

• the Shifter website (shifter.money),
• the Shifter web and mobile applications,
• messaging channels used by Shifter (including WhatsApp, Telegram, or similar),
• and any related services.

We are committed to protecting personal information in accordance with applicable data protection laws, including the Protection of Personal Information Act (POPIA) and, where applicable, the GDPR.

2. Who This Policy Applies To

This policy applies to:

• Employers / organisations using Shifter
• Employees / workers added to Shifter by their employer
• Site managers and administrators
• Website visitors and prospective customers

3. Information We Collect

3.1 Information provided by employers

When an organisation signs up to Shifter, we may collect:

• Company name, registration details, and business address
• Contact details of authorised representatives
• Industry, number of employees, and operational sites
• Banking or payout-related configuration (where applicable)
• KYB information required for compliance and risk checks

3.2 Information about employees / workers

Employers may provide employee information such as:

• Full name
• Identification number (where required)
• Mobile phone number
• Employment type (hourly, weekly, monthly)
• Site assignments and work schedules
• Attendance records (check-in / check-out times)
• Wage and remuneration configuration

Employees do not provide this information directly to Shifter unless explicitly stated.

3.3 Financial and payout information

Where enabled by the employer:

• Earned wage access or advance requests
• Payout transaction records
• Recipient account identifiers (e.g. PayShap-linked details)
• Transaction limits, timestamps, and statuses

Shifter does not store full bank account credentials. Payouts are processed via approved third-party payment providers.

3.4 Messaging and communication data

If Shifter uses messaging platforms (e.g. WhatsApp or Telegram):

• Phone numbers used to interact with the service
• Message content strictly related to attendance, payroll, or payouts
• System-generated notifications and responses

Messaging data is used only to deliver the service and is not used for marketing without consent.

3.5 Automatically collected information

We may automatically collect:

• Device and browser information
• IP address and approximate location
• Log data (timestamps, actions performed)
• Cookies and similar technologies on our website

4. How We Use Information

We use personal information to:

• Provide and operate the Shifter platform
• Track attendance and generate timesheets
• Calculate wages based on employer-defined rules
• Enable payroll processing and earned wage access
• Process payouts via third-party providers
• Monitor for fraud, misuse, or abnormal activity
• Perform KYB/KYC and compliance checks
• Improve system reliability, security, and performance
• Communicate service-related updates and support messages

We do not sell personal data.

5. Legal Basis for Processing

We process personal information based on:

• Contractual necessity (to provide services to employers)
• Legal obligations (compliance, record keeping, fraud prevention)
• Legitimate interests (security, operational integrity)
• Consent, where required (e.g. marketing communications)

6. Sharing of Information

We may share information with:

• Payment and payout providers (e.g. PayShap participants)
• Compliance and verification partners (e.g. KYB/KYC checks)
• Infrastructure providers (cloud hosting, monitoring, analytics)
• Regulators or law enforcement, where legally required

All third parties are contractually required to protect data and use it only for authorised purposes.

7. Data Storage and Security

We implement appropriate technical and organisational safeguards, including:

• Encrypted data storage and transmission
• Access controls and role-based permissions
• Activity logging and monitoring
• Segregation of environments and credentials

Data is stored only for as long as necessary to fulfil its purpose or meet legal obligations.

8. Data Retention

• Employer and employee records are retained while an organisation is active on Shifter
• Financial and transaction records are retained as required by law
• Inactive accounts are archived or deleted in accordance with retention policies

9. User Rights

Depending on applicable law, individuals may have the right to:

• Access their personal information
• Request correction of inaccurate data
• Request deletion of data (subject to legal requirements)
• Object to or restrict certain processing
• Withdraw consent where applicable

Requests can be made via the contact details below.

10. International Data Transfers

Where data is processed or stored outside your country, we ensure appropriate safeguards are in place to protect your information.

11. Cookies

Our website may use cookies and similar technologies to:

• Improve site functionality
• Analyse usage
• Enhance user experience

You can manage cookie preferences through your browser settings.

12. Children's Information

Shifter is not intended for use by individuals under the age of 18. We do not knowingly collect data from minors.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website, with the effective date noted at the top.

14. Contact Us

If you have questions or requests regarding this Privacy Policy or your personal information, please contact: