Version 2026-06-03
Privacy Policy
Last updated June 3, 2026
1. Scope
This Privacy Policy explains how Stafflyt collects, uses, stores, shares, and protects information when you access or use Stafflyt. Stafflyt is an organization-managed internal management tool for coordinating staff, programs, sessions, applications, documents, communications, attendance, and related workflows.
2. Account and Profile Information
We may collect account and profile information such as your name, email address, user role, organization membership, date of birth, T-shirt size, billing address, phone number, login credentials or authentication identifiers, invite status, profile updates, account setup acknowledgements, and support or administrative requests you submit.
3. Organization and Program Information
Stafflyt may store information created or managed by organizations, administrators, managers, and users, including programs, sessions, schedules, applications, application status, manager notes, staff groups, organization invitations, attendance records, worked hours, payroll or hour reports, and operational decisions recorded in Stafflyt.
4. Communications and Email Data
Stafflyt may process communications such as notification emails, invitation emails, application messages, mail merge campaigns, replyable email threads, inbound replies, message metadata, delivery status, and related email content. These records help Stafflyt deliver service messages, support organization workflows, and keep communication history available to authorized users.
5. Documents and File Storage
If documents or files are uploaded through Stafflyt, we may store file names, file metadata, uploader information, access records, and the files themselves. Stafflyt may use storage providers and integrations such as Google Drive, Cloudflare R2, or similar services when an organization enables or configures those features.
6. Technical, Security, and Usage Information
We and our service providers may collect technical information such as IP address, device type, browser type, timestamps, authentication events, cookies, session storage, security logs, error reports, usage events, webhook events, and similar data needed to operate Stafflyt, diagnose problems, protect accounts, prevent abuse, and enforce access controls.
7. How We Use Information
We use information to create and manage accounts, authenticate users, provide organization management features, process invitations and applications, coordinate programs and sessions, display profiles and records to authorized users, send service communications, support administrators, maintain security, prevent abuse, troubleshoot issues, improve Stafflyt, comply with legal obligations, and enforce our rights and terms.
8. How Information Is Shared
Information may be visible to your organization administrators, managers, authorized organization members, and Stafflyt operators as needed for the service. We may share information with service providers that help operate Stafflyt, including database, authentication, hosting, email, storage, analytics, security, infrastructure, and integration providers such as Supabase, Resend or other email providers, Google Drive, Cloudflare R2, Vercel, or equivalent services. We may also disclose information if required by law, legal process, safety needs, fraud prevention, rights enforcement, business transfers, or with your direction or consent.
9. Organization-Controlled Use
Organizations and administrators decide which users are invited, what roles they receive, which records are created, which documents are uploaded, and how Stafflyt is used for their programs. If your account is connected to an organization, contact that organization for questions about its use of your information, required authorizations, retention practices, internal policies, or organization-specific privacy obligations.
10. Data Retention
We may retain information for as long as needed to operate Stafflyt, provide accounts, support organizations, preserve communication and attendance history, maintain documents and backups, protect security, comply with legal obligations, resolve disputes, enforce agreements, and protect Stafflyt and its operator. Retention periods may vary by data type, organization configuration, operational need, and legal requirement.
11. Security
We use reasonable administrative, technical, and organizational safeguards designed to protect information, including role-based access patterns and service-provider security controls. No online service, database, network, storage provider, email system, or transmission method can be guaranteed fully secure. You are responsible for using strong passwords, protecting credentials, and limiting account access.
12. Cookies and Similar Technologies
Stafflyt may use cookies, local storage, session storage, and similar technologies for authentication, session management, security, preferences, analytics, and service operation. Blocking these technologies may prevent Stafflyt from working correctly.
13. Children and Minors
Stafflyt is intended for organization-managed use. Organizations are responsible for determining whether minors may use Stafflyt and for obtaining any required parent, guardian, school, or organizational authorization before inviting minors, collecting information from minors, uploading documents about minors, or managing minor-related program records.
14. Your Choices and Requests
You may update some account information in Stafflyt, including T-shirt size. Date of birth can be changed by an administrator. You may request access, correction, deletion, or other help from your organization administrator or Stafflyt support. Some records may need to be retained for operational, security, legal, backup, audit, dispute-resolution, or organization-controlled reasons.
15. Regional Privacy Rights
Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or receive information about certain personal data. These rights may be subject to verification, legal limits, organization control, security needs, retention obligations, and exceptions under applicable law. Requests can be directed to your organization administrator or Stafflyt support.
16. Changes to This Policy
We may update this Privacy Policy at any time. Continued use of Stafflyt after an update means you acknowledge the updated policy. We may require renewed acknowledgement before you continue using Stafflyt.