Privacy Policy

AfterShift is operated by Alive and Thrive Trust Pty Ltd (ABN 32 684 676 440), an Australian company. We handle your personal information in line with the Australian Privacy Act 1988 and the Australian Privacy Principles. If you're in the EU/UK, the GDPR rights described below also apply to you.

Questions or requests: aliveandthrive@protonmail.com

AfterShift is a self-guided sleep support tool, not a medical device and not a clinical service. We collect data to personalise your sleep plans and track your progress — not to diagnose or treat any condition. Nothing in the app constitutes medical advice.

Only what the app needs to work:

• Account email — for passwordless sign-in and account recovery. We don't use it for unsolicited marketing.
• Your profile — role (e.g. nurse, trucker), shift pattern, sleep goal, display name, timezone. This shapes your plans, tips, and audio recommendations.
• Check-ins — shift type, how you're feeling, sleep quality and hours, caffeine timing, shift start/end times.
• Journal text — what you write in the post-shift release journal. We treat this as sensitive. It's visible only to you, never used for marketing, and never shared with third parties.
• AI check-in messages — what you type in the AI conversation. See the AI section below for how these are handled.
• Usage events — first-party analytics such as "check-in completed" or "audio played" (event names and counts, not your free text). We use these to see what helps people and fix what doesn't. No third-party ad trackers. No ads, ever.
• Error reports — if the app crashes, we may collect a technical error report (error message, browser/device type) so we can fix the bug.

We use your data to:

• personalise your sleep plans, caffeine cutoff times, and audio recommendations;
• show you your own check-in history and trends;
• operate, maintain, and improve the app;
• send transactional emails (sign-in links, account notices) via Resend.

We don't use your data for advertising, profiling for third parties, or AI model training.

Your account data, check-ins, and journal are stored with Supabase in the Sydney, Australia region (AWS ap-southeast-2), encrypted at rest and in transit. Supabase row-level security ensures each account can only ever read its own rows — your data is not visible to other users.

• Supabase — database, authentication, and file storage. Based in the US; data hosted in Sydney (AWS ap-southeast-2). Supabase's privacy policy applies to their infrastructure.
• Stripe — payment processing. Your card details go straight to Stripe; we never see or store them. We keep only a Stripe customer reference and your subscription status.
• Resend — transactional email delivery (sign-in links). Only your email address is shared with Resend for delivery purposes.
• Anthropic — AI check-in powered by Claude. When you use the AI chat, your messages and recent conversation context are sent to Anthropic's API for processing. We don't use your conversations to train models, and under Anthropic's commercial API terms your inputs aren't used to train theirs either.

We don't share your data with any other third parties.

The AI check-in is powered by Anthropic (the maker of Claude). When you chat, your messages and recent conversation context are sent to Anthropic's API for processing so it can reply. We don't store AI conversations beyond what's needed to display your recent exchange, and we don't use them to train models.

Subscriptions are handled by Stripe. Your card details go straight to Stripe — we never see or store your card number, CVV, or full payment details. We keep only a Stripe customer reference and your subscription status (active / cancelled / trial).

We keep your data for as long as your account is active. You can delete your account at any time in Settings. Deletion permanently and immediately erases your profile, check-ins, journal entries, usage events, and Stripe customer record. It's irreversible — we can't recover deleted accounts.

We may retain anonymised, aggregated usage statistics (e.g. "check-ins completed this month") that cannot be linked back to you after deletion.

We take reasonable technical and organisational steps to protect your data. This includes: encrypted storage and transit (TLS), row-level security so users can only access their own rows, and keeping third-party access to the minimum needed to operate the service.

No internet service can guarantee absolute security. If you become aware of a security issue, please email aliveandthrive@protonmail.com and we'll respond promptly.

AfterShift is intended for people aged 16 and over. We do not knowingly collect personal information from anyone under 16. If you believe a child under 16 has created an account, please contact us and we'll delete it.

• Access & correction — your profile and history are visible and editable in the app (Settings, Trends). If you need to correct something you can't edit yourself, email us.
• Deletion — delete your account any time in Settings. This permanently erases your profile, check-ins, journal, custom resets, events, and Stripe customer record.
• Export — if you'd like a copy of your data before deleting, email us and we'll provide what we hold.
• Objection or restriction — if you want to object to or restrict how we use your data, email us and we'll work through it with you.
• Complaints — email us first; if we can't resolve it, you can contact the Office of the Australian Information Commissioner at oaic.gov.au. EU/UK residents may also contact their local data protection authority.

• No selling or sharing of your data with advertisers or data brokers.
• No third-party tracking pixels or ad SDKs.
• No reading your journal for any purpose other than displaying it back to you.
• No marketing emails without your consent.

This policy is governed by the laws of Victoria, Australia and the Australian Privacy Act 1988.

We'll update this policy if our practices change and note the date above when we do. Material changes will be flagged in the app.

Contact: aliveandthrive@protonmail.com