Schedule Wizard — Privacy Policy

Version: tos-2026-04-11 • Effective: April 11, 2026

1. What We Collect

When you create an account and use Schedule Wizard, we collect:

  • Account data: email address, display name, password (hashed by Firebase Authentication).
  • Tenant data: organization name, org unit hierarchy, staff records, shifts, shift codes, scheduling rules, holidays, time-off requests, shift swap requests.
  • Usage data: anonymized crash reports (via Firebase Crashlytics), anonymized analytics events (via Firebase Analytics).
  • Device data: app version, device type, OS version (collected by Firebase Crashlytics for crash diagnostics).

We do not collect: IP addresses (beyond what Firebase logs server-side for fraud detection), location data, browsing history outside the Service, or marketing tracking pixels.

2. PHI Exclusion

Important

Schedule Wizard is not designed to store Protected Health Information (PHI). Our Terms of Service prohibit users from entering PHI. We employ a “PHI firewall” — free-text field values (notes, reasons, descriptions) are scrubbed from all logs, crash reports, audit logs, and analytics events before they leave the database. However, the database itself stores free-text fields in cleartext, and we cannot guarantee PHI safety if users violate the prohibition. See the Terms of Service § 5 for details.

3. How We Use Your Data

We use your data to:

  • Operate the Service (display schedules, send notifications, process approvals)
  • Diagnose and fix bugs (read audit logs, review crash reports)
  • Communicate service-essential messages (account verification, password reset, security alerts)

We do not use your data to: send marketing emails (other than optional service announcements you can opt out of), train ML models that benefit third parties, sell to data brokers or advertisers, or build a profile of you outside this Service.

4. Where Your Data Lives

Your data is stored in Google Cloud (Firebase Firestore, Firebase Authentication, Google Cloud Storage for backups). The default region is us-central1. Some processing may occur in other regions for analytics and crash reporting per Firebase’s standard architecture.

5. Third Parties

We share data only with the following service providers:

  • Google / Firebase — hosting, authentication, database, crash reporting, analytics, push notifications.
  • Sendgrid (or equivalent email provider) — outbound transactional emails (account verification, invitation links, time-off responses).

We do NOT share data with advertisers, analytics resellers, data brokers, or any party not listed above.

6. Backups and Retention

We back up the production database weekly to a Google Cloud Storage bucket within the same project. Backups are retained for 90 days, then automatically deleted by a bucket lifecycle rule. When you delete your account (see § 7), your personal data is removed from the live database within 7 days. Backups containing your data will roll off naturally as the 90-day retention window expires.

7. Account Deletion

You can request account deletion by emailing support@ledesign.dev. We will:

  1. Verify the request matches your registered email.
  2. Delete your Firebase Authentication record, your user profile, your role assignments, your notification preferences, your personal notifications, and your tenant memberships.
  3. Tenant-shared data (shifts, schedules, audit logs) remains with the tenant unless the tenant owner also requests deletion.

We aim to complete deletion within 7 business days of receipt.

8. Children

The Service is not intended for users under 18. We do not knowingly collect data from children. If you believe a child has created an account, contact support@ledesign.dev and we will delete it.

9. Cookies and Storage

The Service uses browser local storage (or device storage on mobile apps) to persist your sign-in session and a small set of UI preferences (theme, locale, weekly view start day). We do not use third-party analytics cookies.

10. Changes to This Policy

We may update this Policy from time to time. Material changes will prompt re-acceptance the next time you sign in. The version string at the top of this document changes with every update; we record the version you accepted on your user profile.

11. Contact

support@ledesign.dev