Privacy Policy
Effective Date: April 7, 2026
AIIT Secure (“Company,” “we,” “us”) operates the ShiftArmor platform (“Service”). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use the Service or visit our website at www.shiftarmor.net.
1. Information We Collect
1.1 Account Information
When you register, we collect:
- Name and email address
- Company name and size
- Job title / role
- Login credentials (passwords are hashed and stored by AWS Cognito — we never see or store plaintext passwords)
1.2 Customer Data
You and your authorized users submit data through the Service, including:
- Employee/worker names, roles, and contact information
- Work schedules and shift assignments
- Safety incidents, near-misses, and investigation details
- Training records and certification data
- Risk assessments and corrective actions
- Audit checklists and inspection results
You are the data controller for Customer Data. We process it on your behalf as a data processor.
1.3 Usage Data
We automatically collect:
- Pages visited and features used
- Browser type, device type, and operating system
- IP address and approximate location (country/region)
- Timestamps and session duration
1.4 AI Interaction Data
When you use AI-powered features, we log:
- Your prompts/questions to the AI assistant
- AI responses generated
- Metadata (timestamp, user ID, model used)
AI interaction logs are retained for 90 days (full content), anonymized from 90 days to 1 year, and permanently deleted after 1 year. See our AI and Machine Learning section for details.
1.5 Website Visitor Data
When you visit our website (without logging in), we may collect information through cookies and analytics tools, including pages viewed, referral source, and device information. We use Google Analytics for this purpose.
2. How We Use Your Information
We use the information we collect to:
- Provide the Service — scheduling, safety management, risk assessment, compliance tracking
- Generate AI insights — risk predictions, scheduling recommendations, compliance guidance
- Communicate with you — account notifications, service alerts, support responses
- Process payments — subscription billing through Stripe (we never store card numbers)
- Improve the Service — using anonymized, aggregated data to refine algorithms and models (see Section 5)
- Comply with legal obligations — such as OSHA recordkeeping requirements
- Protect security — detecting and preventing unauthorized access or abuse
3. How We Share Your Information
We do not sell your personal information. We share data only as follows:
| Recipient | Data Shared | Purpose |
|---|---|---|
| Amazon Web Services (AWS) | All Service data | Cloud hosting, AI processing (Bedrock), authentication (Cognito), email (SES) |
| Stripe | Name, email, billing info | Payment processing |
| Google Analytics | Anonymized usage data | Website analytics |
| Cloudflare | Website traffic data | CDN, DDoS protection, DNS |
We may also disclose information if required by law, court order, or government request, or to protect the safety and security of our users and systems.
4. Data Security
We implement industry-standard security measures:
- Encryption in transit — TLS 1.2+ for all communications
- Encryption at rest — AWS-managed encryption for databases and storage
- Access control — role-based permissions, multi-tenant data isolation
- Authentication — AWS Cognito with secure password hashing
- Network isolation — databases in private VPC with no public access
- Audit logging — all access and changes are logged
- Regular updates — dependencies monitored and patched via Dependabot
No system is 100% secure. While we take commercially reasonable steps to protect your data, we cannot guarantee absolute security.
5. AI and Machine Learning
5.1 AI-Powered Features
The Service uses AI for:
- Risk prediction and safety scoring
- Scheduling recommendations
- Incident classification assistance
- Compliance guidance
- Natural language Q&A via the AI assistant
All AI outputs are advisory only and require human review. AI does not make decisions or take actions on its own. See our full AI Usage Policy for guardrails and controls.
5.2 How AI Uses Your Data
AI features use your Customer Data to generate insights for your organization only. Your data is never shared with other customers or used to generate insights for other organizations.
5.3 Anonymized Data for Model Improvement
We may use anonymized, aggregated data to improve our machine learning models and prediction algorithms. This means:
- All personally identifiable information is removed before any data is used for model training
- Data is aggregated across multiple organizations so no single organization’s patterns are identifiable
- Where federated learning is employed, only mathematical model weights are transmitted — your raw data never leaves your environment
- Trained models learn general safety patterns (e.g., “overtime correlates with incident risk”), not information about specific individuals or organizations
5.4 Opt-Out of Model Training
You may opt out of having your anonymized data used for model improvement at any time by:
- Contacting us at sam@aiitsecure.com
- Using the opt-out toggle in your organization settings (when available)
Opting out will not affect your access to the Service or AI features. You will still benefit from models trained on other consenting organizations’ anonymized data.
5.5 Third-Party AI Processing
AI processing is performed through AWS Bedrock (Anthropic Claude models). AWS Bedrock does not use customer prompts or responses to train foundation models. All processing occurs within AWS US regions (us-east-1).
6. Data Retention
| Data Type | Retention | Notes |
|---|---|---|
| Customer Data | Duration of account + 30 days | Deleted after account termination (except legal holds) |
| Incident Records | 5 years minimum | OSHA 29 CFR 1904 recordkeeping requirement |
| AI Interaction Logs | 90 days full / 1 year anonymized | Content archived at 90 days, deleted at 1 year |
| Audit Logs | 1 year | Immutable records of system actions |
| Payment Records | As required by tax law | Managed by Stripe |
| Website Analytics | 26 months | Google Analytics default |
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access — Request a copy of the personal data we hold about you
- Correction — Request correction of inaccurate data
- Deletion — Request deletion of your personal data (subject to legal retention requirements)
- Export — Receive your data in a portable format
- Opt out — Opt out of anonymized data use for model training
- Restrict processing — Request limitation of how we process your data
To exercise any of these rights, contact us at sam@aiitsecure.com. We will respond within 30 days.
7.1 California Residents (CCPA)
If you are a California resident, you have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information.
8. Cookies
We use cookies for:
- Essential cookies — Authentication and session management (required for the Service to function)
- Analytics cookies — Google Analytics to understand website usage patterns
You can control cookies through your browser settings. Disabling essential cookies may prevent you from using the Service.
9. Children’s Privacy
The Service is not intended for individuals under 18. We do not knowingly collect data from children. If you believe we have collected data from a minor, contact us immediately and we will delete it.
10. International Data Transfers
The Service is hosted in the United States (AWS us-east-1, Virginia). If you access the Service from outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service at least 30 days before they take effect. The “Effective Date” at the top reflects the latest revision.
12. Contact Us
Questions about this Privacy Policy or your data? Contact us:
- Email: sam@aiitsecure.com
- Web: www.shiftarmor.net/contact