Privacy Policy
Last updated: 11 February 2026
SwiftShift AI ("we", "our", "us") is committed to protecting the privacy of our users. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data when you use the SwiftShift AI Chrome extension and related services.
1. Who We Are
SwiftShift AI is operated by Alexander Onile. If you have questions about this policy, contact us at support@swiftshiftai.co.uk.
2. Data We Collect
We collect the minimum data necessary to provide our service:
- Email address — used for account identification, login, and service communications.
- Phone number (optional, Premium only) — used solely to send SMS notifications when a shift is booked on your behalf.
- Device identifier — a hashed fingerprint generated locally in your browser, used to enforce per-account device limits and prevent unauthorised access. This identifier cannot be used to track your browsing activity.
- Shift preferences — ward names, shift types, and date selections you configure within the extension. These are stored locally on your device and on our server to provide the service.
- Booking logs — records of shifts booked by the extension (date, ward, shift type), used to prevent duplicate bookings and for your reference.
- Subscription and payment status — managed by Stripe. We store your subscription status but do not store credit card numbers or payment details.
3. Data We Do NOT Collect
- We do not collect or access your NHS Loop login credentials (username or password).
- We do not collect your browsing history or activity on any website other than NHS Loop's Available Bank Duties page.
- We do not read, store, or transmit the content of any web pages you visit.
- We do not collect personal health information or patient data.
4. How We Use Your Data
Your data is used exclusively to:
- Authenticate your account and verify your subscription status.
- Enforce device limits as described in your plan (3 for Lite, 5 for Premium).
- Send SMS booking notifications (Premium plan, with your phone number).
- Log booked shifts to prevent duplicate bookings.
- Provide customer support when you contact us.
The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.
5. Limited Use Disclosure
SwiftShift AI's use of data obtained through Chrome browser APIs is limited to providing or improving the extension's core functionality — scanning for and booking NHS bank shifts based on your preferences. Specifically:
- We do not transfer user data to third parties except as necessary to provide the service (Stripe for payments, our server for authentication).
- We do not use user data for advertising, marketing to third parties, or personalised ads.
- We do not sell user data to data brokers or any other third party.
- We do not use user data to determine creditworthiness or for lending purposes.
- Human access to user data is limited to providing customer support (only when you contact us) and investigating abuse or security incidents.
6. Where Your Data Is Stored
- Locally — Shift preferences, authentication tokens, and device identifiers are stored in Chrome's local storage on your device.
- Server — Account information (email, phone, subscription status, device records, booking logs) is stored on our secure server hosted by Railway, using MongoDB with encrypted connections.
- Stripe — Payment processing is handled entirely by Stripe. We do not have access to your card details.
7. Data Sharing
We do not share your personal data with any third party except:
- Stripe — for payment processing, governed by Stripe's Privacy Policy.
- Law enforcement — only if required by applicable law.
8. Data Retention
We retain your account data for as long as your account is active. If you cancel your subscription and request deletion, we will remove your personal data within 30 days. Booking logs may be retained in anonymised form for service improvement.
9. Your Rights
Under UK data protection law (UK GDPR), you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your data.
- Withdraw consent for data processing at any time.
To exercise these rights, email support@swiftshiftai.co.uk.
10. Security
We protect your data using industry-standard measures including HTTPS encryption for all data in transit, JWT-based authentication with signed tokens, and secure server infrastructure. No system is 100% secure, but we take reasonable steps to protect your information.
11. Children
SwiftShift AI is not intended for use by anyone under the age of 18. We do not knowingly collect data from children.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Continued use of the extension after changes constitutes acceptance of the updated policy.
13. Contact
For any privacy-related questions or requests, contact us at:
support@swiftshiftai.co.uk