๐Ÿ“‹SPIPUSLog In

Privacy Policy

Last updated: April 3, 2026

1. Introduction

SPIPUS ("we", "our", or "us") provides a scheduling, payroll, invoicing, and staff management platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

Account Information

When you create an account, we collect your email address and password. Company administrators may also add your name, phone number, and assign you a role within their organization.

Staff & Scheduling Data

We store information related to shift schedules, staff availability, shift assignments, and coverage requests as entered by you or your company administrators.

Payroll Data

If your company uses payroll features, we process pay rates, hours worked, pay period calculations, and related financial information.

Device Information

If you enable push notifications, we collect a device token (via Firebase Cloud Messaging) to deliver notifications about schedule changes, new assignments, and other updates.

3. Third-Party Services

We use the following third-party services to operate the platform:

  • Supabase โ€” Database hosting, authentication, and backend infrastructure.
  • Google Calendar API โ€” Optional two-way calendar sync for users who connect their Google account via OAuth.
  • Firebase Cloud Messaging (FCM) โ€” Push notification delivery to mobile and web devices.
  • Gmail SMTP โ€” Sending transactional emails such as staff invitations and notifications.

4. How We Use Your Data

  • To provide scheduling, availability tracking, and shift management features.
  • To process payroll calculations and generate pay reports.
  • To send push notifications about schedule updates and assignments.
  • To sync shifts with Google Calendar when authorized by the user.
  • To generate invoices and manage client billing.
  • To authenticate users and enforce role-based access control.

5. Data Sharing

Within Your Company

Your data is shared with other members of your company based on their role and permissions. For example, administrators can view staff schedules and payroll data.

Third-Party Processors

We share data with the third-party services listed above solely for the purpose of operating the platform. We do not sell your personal data to any third party.

6. Data Security

  • All data is transmitted over HTTPS with TLS encryption.
  • Passwords are hashed and never stored in plain text.
  • Role-based access control ensures users only see data they are authorized to view.
  • Company-level data isolation prevents cross-company data access.
  • OAuth tokens for Google Calendar are stored securely and can be revoked at any time.

7. Your Rights

You have the right to:

  • Access โ€” Request a copy of the personal data we hold about you.
  • Correction โ€” Request correction of inaccurate personal data.
  • Deletion โ€” Request deletion of your account and associated data. Company owners can delete their entire company and all associated data from the Settings page.
  • Revoke Consent โ€” Disconnect Google Calendar integration or disable push notifications at any time.

8. Cookies & Local Storage

We use browser cookies and local storage to maintain your authentication session and store user preferences. We do not use third-party tracking cookies or advertising pixels.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes via the application or email. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or your data, please contact us through the application or reach out to your company administrator.

Terms of ServiceยทBack to Home