Privacy Policy

Draft. This is placeholder text. The final Privacy Policy is being drafted and will replace this content soon. The placeholder describes our intended practices; the final policy will be reviewed by counsel.

1. Information We Collect

We collect information you provide directly when using Skeju:

Account information. Name, email address, hashed password, role within your organisation.
Employee information. When you (as an administrator) add employees, we store their name, email, phone number, employment type, pay rate, availability, and location assignments — at your direction.
Schedule data. Shift assignments, open shifts, swaps, time-off requests.
Activity logs. Operationally significant actions (logins, schedule publishes, role changes) for security and audit purposes.
Usage data. Standard server logs including IP address, browser type, and pages accessed.

2. How We Use Information

We use the information we collect to:

Provide and maintain the Skeju service
Send transactional emails (account invites, password resets, shift notifications)
Improve and develop new features
Detect and prevent fraud or abuse
Comply with legal obligations

We do not sell your data. We do not use your data to train AI models.

3. How We Share Information

We share information only in these cases:

Within your organisation. Schedulers and administrators in your organisation can see relevant employee and schedule data.
Service providers. We use third parties to operate Skeju, including hosting (our server provider), email delivery (Resend), and analytics. Each is bound by contractual obligations to handle data securely.
Legal requirements. If required by law, court order, or to protect the rights and safety of users.

4. Data Retention

We retain customer data for as long as your account is active. On termination, you may export your data for 30 days. After that period, active-system data may be permanently deleted, though some data may persist in backups for up to 90 days before being purged.

5. Security

We implement industry-standard security measures including encrypted connections (HTTPS), encrypted storage of sensitive credentials, two-factor authentication, role-based access controls, and audit logging. To report a vulnerability, see our security.txt or email security@getskeju.com.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your data
Object to or restrict certain processing
Receive a copy of your data in a portable format

To exercise any of these rights, contact hello@getskeju.com.

7. Cookies

We use a small number of cookies to keep you signed in and to remember your preferences. We do not use third-party advertising or tracking cookies.

8. Children's Privacy

Skeju is not directed to individuals under 16. We do not knowingly collect personal information from anyone under 16.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email at least 14 days before they take effect.

10. Contact

Privacy questions or data requests: hello@getskeju.com. Security disclosures: security@getskeju.com.