Privacy Policy

1. Introduction

Nightshift Automation ("Nightshift," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website or engage us for services.

By using our website or services, you consent to the practices described in this policy. If you disagree, please discontinue use.

2. Information We Collect

Information You Provide Directly

We collect information you voluntarily provide when you:

• Submit a consultation request or contact form (name, email address, phone number, and message)
• Enter into a Client Service Agreement
• Communicate with us by email, phone, or other means

Information Collected Automatically

When you visit our website, we may automatically collect certain technical information, including IP address, browser type, pages visited, and device type. This data is used in aggregate to improve our website.

Information from Service Engagements

In the course of delivering automation services, we access data and systems you provide solely to perform the agreed work. This may include:

• Business process data and workflow inputs
• Customer data, call recordings, and transcripts (which remain Client's property at all times)
• CRM, calendar, and communication platform data as required for integrations

You own your customer data. Nightshift processes it only to deliver and maintain your automation systems.

3. How We Use Your Information

We use collected information to:

• Respond to inquiries and schedule consultations
• Deliver, maintain, and improve automation services
• Communicate about your engagement (project updates, invoices, performance reports)
• Track system-generated bookings for revenue share reporting where applicable
• Send relevant business communications (you may opt out at any time)
• Comply with legal obligations and protect our rights
• Showcase anonymized, aggregated case studies in our portfolio (with no identifying details unless you approve)

We do not sell your personal information. We do not use your information for automated decision-making that produces legal or similarly significant effects.

4. Disclosure of Information

Service Providers & Platforms

We work with trusted third-party platforms to deliver services, including n8n (workflow automation), Stripe (payments), Google Workspace, and hosting providers. These platforms process data subject to their own terms and, where applicable, a Data Processing Agreement (DPA). The standard n8n DPA applies to all automation workflows; a custom DPA is available for enterprise clients.

Legal Requirements

We may disclose information if required by law, court order, or to protect the safety and rights of Nightshift, our clients, or others.

Business Transfers

If Nightshift is involved in a merger or acquisition, your information may transfer as part of that transaction. You will be notified before your data becomes subject to a different privacy policy.

No Third-Party Data Sales

We do not share or sell customer data with any third party except as strictly necessary to deliver your services.

5. Data Ownership & IP

Ownership is clearly separated:

• Client owns: all customer data, call recordings, transcripts, and messages generated through the system
• Nightshift owns: the automation systems, code, and workflows created; Client receives a non-exclusive license to use them

Nightshift may use anonymized, aggregated data about automation performance for internal improvement and portfolio purposes. No identifying client or customer information is ever shared without written approval.

6. Data Storage & Retention

• Client data is stored in Client's own designated accounts (e.g., Google Drive, CRM) wherever possible
• Nightshift maintains encrypted backups for 90 days
• Upon cancellation, all Client data is exported and delivered within 7 business days
• Contact and inquiry records are retained for up to 3 years from last contact
• Client engagement and billing records are retained for up to 7 years to meet legal and tax obligations
• When data is no longer required, it is securely deleted or anonymized

7. Data Security

We implement industry-standard technical safeguards, including:

• Encryption of data in transit (TLS/HTTPS) and at rest
• Secure API connections and access controls
• Role-based access limiting data exposure to authorized personnel only
• Regular security updates and patches

Breach notification: You will be notified within 24 hours of any suspected data breach affecting your systems or data.

No electronic transmission or storage method is 100% secure. We cannot guarantee absolute security, but we take reasonable and appropriate measures to protect your information.

8. Healthcare Data & HIPAA

For clients subject to HIPAA, Nightshift operates as a Business Associate and executes a Business Associate Agreement ("BAA") before accessing any Protected Health Information ("PHI"). PHI is handled strictly in accordance with the BAA and HIPAA's Privacy and Security Rules, including access controls, encryption, audit logging, and breach notification procedures. PHI is never used or disclosed beyond what the BAA and HIPAA permit.

9. Applicable Privacy Laws

Nightshift complies with applicable privacy laws, including but not limited to GDPR (for EU data subjects), CCPA (for California residents), and HIPAA (for healthcare data). If you have rights under any of these laws and wish to exercise them, contact us at the address below.

10. Cookies & Tracking

Our website may use essential and analytics cookies to improve your experience and understand site usage. Analytics data is aggregated and anonymized. You can manage cookies through your browser settings; disabling them may affect certain site features.

11. Your Rights

You may request access to, correction of, or deletion of your personal information at any time by contacting team@nightshiftautomations.com. We will respond within 30 days. Identity verification may be required for certain requests.

12. Children's Privacy

Our services are directed to businesses and professionals. We do not knowingly collect personal information from individuals under 18. If you believe we have done so, contact us and we will delete it promptly.

13. Changes to This Policy

We may update this policy from time to time. Material changes will be noted with a revised "Last updated" date and communicated via email where appropriate. Continued use of our services after changes constitutes acceptance.