Privacy Policy

Last updated: April 23, 2026

1. Introduction

ShiftDeduct ("we," "us," or "our") operates the ShiftDeduct web application at shiftdeduct.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our travel nurse tax expense tracker service.

2. Information We Collect

Account Information

  • Email address (used for OTP authentication)
  • Full name (optional, for reports and exports)
  • Tax filing preferences (employment type, tax bracket, filing status)

Financial & Tax Data

  • Expense records (amounts, categories, descriptions, dates)
  • Mileage logs (trip details, distances)
  • Assignment details (facilities, agencies, states, stipend types)
  • Receipt images you upload for OCR scanning
  • Tax form recommendations generated based on your inputs

Technical Data

  • IP address and browser user-agent (for security)
  • Session data (to keep you logged in)

3. How We Use Your Information

  • To provide, maintain, and improve the ShiftDeduct service
  • To authenticate you via one-time passcode (OTP) emails
  • To process receipt images using AI-powered OCR
  • To generate AI tax suggestions and form recommendations
  • To generate exports (PDF, CSV, ZIP) for your CPA
  • To process payments through Stripe for paid plans
  • To send transactional emails (OTPs, payment confirmations)
  • To detect and prevent fraud or abuse

4. Third-Party Services

We use the following third-party services to operate ShiftDeduct:

  • Stripe — Payment processing. Stripe handles all payment card data; we never store card numbers. See Stripe's Privacy Policy.
  • OpenAI — Receipt OCR and AI suggestions. Expense data sent to OpenAI for processing is not used to train their models. See OpenAI's Privacy Policy.
  • Email provider — For sending OTP codes and transactional emails.

5. Data Retention

We retain your expense records, mileage logs, and receipt images for as long as your account is active. If you delete your account, all associated data is permanently deleted within 30 days. Receipts and uploaded images are deleted immediately upon account deletion.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encrypted connections (HTTPS/TLS) for all data in transit
  • Passwordless authentication (no password database to breach)
  • Secure session management
  • Limited access to production data

7. Your Rights

You have the right to:

  • Access — Export all of your data at any time from Settings.
  • Correction — Edit any of your records within the app.
  • Deletion — Delete your account and all associated data from Settings.
  • Portability — Download your data in CSV format.

8. Cookies

ShiftDeduct uses only essential session cookies required to keep you logged in. We do not use advertising, analytics, or tracking cookies.

9. Children's Privacy

ShiftDeduct is not intended for users under the age of 18. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy or your data, contact us at support@shiftdeduct.com.