Privacy Policy

Son Healthcare Services LLC, operating as MyShiftReminder ("we," "us," "our"), is committed to protecting your privacy and the privacy of your caregivers. This Privacy Policy describes how we collect, use, disclose, and safeguard personal information when you use our website at myshiftreminder.com and related services (collectively, the "Service").

By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.

1. Information We Collect

1.1 Information Provided by Account Holders

• Full name, email address, and phone number
• Business or agency name
• Login credentials (email and hashed password)
• Payment and billing information (processed and stored by Stripe, Inc. — we never store credit card numbers, CVV, or full card details on our servers)

1.2 Information About Caregivers

• Caregiver first and last name
• Caregiver mobile phone number
• Shift schedule (Clock-IN time, Clock-OUT time, work days)
• Reminder type preference (SMS, voice call, or both)
• Service start date and end date
• Pause/vacation dates

1.3 Automatically Collected Information

• IP address, browser type, device type, operating system
• Pages visited, time on site, referral URL
• Cookies and similar tracking technologies (see Section 9)

1.4 Information We Do NOT Collect

• Social Security numbers, government-issued IDs, or immigration status
• Health or medical information
• Biometric data
• Geolocation data of caregivers
• Content of any calls (calls are one-way automated messages — we do not record)

2. How We Use Your Information

We use personal information solely for the following purposes:

• Service delivery: To send automated SMS and/or voice call shift reminders to caregivers at scheduled times
• Account management: To create and manage your account, authenticate users, and process payments
• Billing: To calculate subscription charges, process payments via Stripe, and send invoices/receipts
• Communications: To send transactional emails (welcome emails, billing alerts, service updates)
• Support: To respond to your inquiries and provide customer service
• Improvement: To analyze usage patterns and improve the Service
• Legal compliance: To comply with applicable laws, regulations, legal processes, or government requests
• Security: To detect, prevent, and address fraud, abuse, security risks, and technical issues

We will NEVER use caregiver phone numbers or personal information for marketing, advertising, promotions, or any purpose other than delivering shift reminders as directed by the account holder.

3. SMS and Voice Call Communications (TCPA Compliance)

MyShiftReminder sends automated SMS messages and voice calls using an automatic telephone dialing system and/or prerecorded voice messages as defined under the Telephone Consumer Protection Act (TCPA), 47 U.S.C. § 227.

3.1 Consent

Caregivers provide their own prior express consent on our public Caregiver SMS Consent page at https://myshiftreminder.com/caregiver-consent. After a home care agency adds a caregiver to MyShiftReminder, the agency directs the caregiver to that page. The caregiver enters their name, mobile number, and home care agency name, then checks a consent box before any recurring SMS reminders begin. No recurring SMS reminder messages are sent until the caregiver has directly submitted this consent form.

• Caregivers provide their own prior express consent through the public web form
• The consent form discloses the purpose, message frequency, STOP/HELP instructions, message and data rates notice, and links to our Terms and Privacy Policy
• Consent is not a condition of purchase, service, or employment
• The account holder is responsible for providing accurate caregiver contact information and directing caregivers to the consent page
• Caregivers who do not submit the consent form will not receive recurring SMS reminder messages

3.2 Message Details

• Frequency: Up to 4 automated messages/calls per caregiver per workday (typically 2: one for Clock-IN, one for Clock-OUT)
• Content: Shift Clock-IN and Clock-OUT reminders only. Example: "Reminder from [Agency Name]: Hi [First Name], your shift is starting. Please Clock-IN using your agency’s official system."
• Message and data rates may apply. Standard carrier rates apply to all SMS messages.
• Supported carriers: AT&T, T-Mobile, Verizon, U.S. Cellular, and most major US carriers. Carrier support and filtering may affect delivery.

3.3 Opt-Out

• Caregivers may reply STOP to any SMS message to immediately stop receiving text messages
• Caregivers may request removal by contacting their home care agency (account holder)
• Account holders can remove caregivers from the dashboard at any time
• Opt-out keywords: STOP, CANCEL, END, QUIT, UNSUBSCRIBE

3.4 Help

• Caregivers may reply HELP to any SMS for assistance
• Help keywords: HELP, INFO
• Or contact: support@myshiftreminder.com

3.5 No Sharing of Mobile Information

Phone numbers are used exclusively to deliver shift reminder notifications through reliable SMS and phone call infrastructure. This commitment applies regardless of whether the caregiver's account is active, paused, or cancelled.

4. Information Sharing and Disclosure

We do not sell personal information. We share information only as follows:

4.1 Service Providers

We use the following third-party service providers who process data strictly on our behalf:

• Twilio, Inc. — SMS and voice call delivery (processes caregiver phone numbers to deliver reminders)
• Stripe, Inc. — Payment processing (processes payment information — PCI DSS Level 1 certified)
• Vercel, Inc. — Application hosting and CDN
• Neon, Inc. — Secure PostgreSQL database hosting
• Google LLC — Analytics (anonymized usage data), SMTP email delivery

Each provider is bound by their own privacy policies and data processing agreements. We require all providers to maintain reasonable security measures.

4.2 Legal Requirements

We may disclose information if required to do so by law, regulation, legal process, or governmental request, including to:

• Comply with a subpoena, court order, or similar legal process
• Protect the rights, property, or safety of MyShiftReminder, our users, or the public
• Enforce our Terms of Service
• Detect, prevent, or address fraud, security, or technical issues

4.3 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of all or a portion of our assets, personal information may be transferred as part of the transaction. We will notify you of any such change and provide choices regarding your information.

5. Data Security

We implement administrative, technical, and physical safeguards to protect personal information, including:

• TLS/SSL encryption for all data in transit
• Encrypted database storage with access controls
• Passwords hashed using bcrypt (industry-standard one-way hashing)
• Stripe PCI DSS Level 1 compliance for payment data
• Role-based access controls (managers can only access data for their assigned home care agency account)
• Automatic session management and secure authentication via NextAuth.js
• Regular security monitoring and updates

No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

6. Data Retention and Deletion

• Active accounts: Data retained for the duration of your account
• Removed caregivers: Caregiver data deleted immediately upon removal from the dashboard
• Cancelled accounts: All account data deleted within 30 days of account deletion, except as required by law
• Billing records: Transaction records retained for 7 years as required by IRS regulations (26 U.S.C. § 6001)
• Legal holds: Data may be retained longer if required by law, regulation, or litigation hold

7. Your Rights

7.1 All Users

Regardless of your location, you have the right to:

• Access: Request a copy of your personal information we hold
• Correction: Request correction of inaccurate personal information
• Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Portability: Request your data in a machine-readable format
• Opt-out: Opt out of promotional communications at any time
• Cancel: Cancel your account at any time through the dashboard or by contacting us

7.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: You may request details about the categories and specific pieces of personal information we collect, the purposes for collection, and the categories of third parties with whom we share it
• Right to Delete: You may request deletion of personal information we collected from you
• Right to Correct: You may request correction of inaccurate personal information
• Right to Opt Out of Sale/Sharing: We do NOT sell or share personal information for cross-context behavioral advertising. No opt-out is necessary.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
• Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes beyond those necessary to provide the Service

To exercise your CCPA rights, contact us at support@myshiftreminder.com. We will respond within 45 days.

Categories of personal information collected in the last 12 months: Identifiers (name, email, phone), commercial information (subscription data), internet activity (usage data). We have not sold personal information in the last 12 months.

7.3 Virginia, Colorado, Connecticut, Utah, and Other State Residents

If you are a resident of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), or other states with consumer privacy laws, you may have similar rights to access, correct, delete, and port your data. Contact us to exercise these rights.

7.4 Nevada Residents

Under Nevada SB 220, Nevada consumers may opt out of the sale of their personally identifiable information. We do not sell personal information as defined under Nevada law.

8. Children's Privacy (COPPA)

Our Service is not directed to individuals under 18 years of age. We do not knowingly collect, use, or disclose personal information from children under 13 (or 16 in certain jurisdictions) in compliance with the Children's Online Privacy Protection Act (COPPA). If we learn we have collected information from a child under 13, we will delete it promptly. Contact us if you believe we have inadvertently collected such information.

9. Cookies and Tracking Technologies

We use essential cookies required for authentication and session management. We also use Google Analytics to collect anonymized usage data to improve our Service.

• Essential cookies: Required for login, session management, and security. Cannot be disabled.
• Analytics cookies: Google Analytics collects anonymized page view and usage data. You can opt out via Google's opt-out tool.

We do not use advertising cookies, retargeting pixels, or cross-site tracking technologies. We honor Do Not Track (DNT) browser signals.

10. International Data Transfers

Our Service is operated in the United States. If you access our Service from outside the United States, your information may be transferred to, stored, and processed in the United States. By using our Service, you consent to this transfer. We do not specifically target users outside the United States.

11. Do Not Track

We honor Do Not Track (DNT) browser signals. When we detect a DNT signal, we disable non-essential analytics tracking for that session.

12. Third-Party Links

Our Service may contain links to third-party websites (e.g., Stripe for payment). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Sending an email to the address associated with your account
• Posting a prominent notice on our website
• Updating the "Last Updated" date at the top of this policy

Continued use of the Service after changes constitutes acceptance of the revised policy. If you disagree with the changes, you may cancel your account.

14. Contact Us

For privacy inquiries, data requests, or complaints:

We will respond to all privacy-related inquiries within 30 days (45 days for CCPA requests).