.svg)
Privacy Policy
Policy Shift Limited (“Policy Shift”, “we”, “us”, “our”) respects your privacy and is committed to protecting personal data. This Privacy Policy explains how we collect, use, and safeguard personal data when you visit policyshift.io, subscribe for updates, or access and use the Policy Shift platform and services (including PriorityShift).
Use of the Policy Shift platform is also governed by our Terms & Conditions. Where personal data is processed as part of the platform services, the data protection provisions in those Terms apply alongside this Privacy Policy.
1. Who This Policy Applies To
This Privacy Policy applies to two categories of individuals:
a) Website visitors and subscribers
Individuals who visit policyshift.io or subscribe to receive updates using their email address.
b) Platform users
Individuals whose personal data is processed within the Policy Shift platform as part of policy review, acknowledgement, sign-off, compliance reporting, or audit workflows on behalf of their organisation.
2. Information We Collect
a) Subscribers (Email-only)
When you subscribe via our website, we collect:
- Email address
- Subscription preferences
- Basic engagement data (e.g. email opens and clicks)
Subscriber data is stored and managed using our CRM and email systems.
b) Platform Users (Customer-Provided Data)
When the Policy Shift platform is used, we may process:
- Name
- Job title
- Organisation name
- Business email address
- Policy acknowledgements, confirmations, or approvals
- Audit trail and usage data (such as timestamps, logs, and access records)
- Any special category data uploaded by the customer (for example health or equality data), processed strictly in accordance with customer instructions and applicable law
This information is typically provided by the subscribing organisation (your employer or organisation) for compliance and governance purposes.
3. How We Use Your Information
We process personal data only for legitimate business and operational purposes.
Subscribers
- To send product updates, insights, and relevant communications
- To manage subscriptions and preferences
- To improve our website, messaging, and product experience
Platform Users
- To deliver policy management, sign-off, compliance tracking, and audit functionality
- To maintain platform security, integrity, and availability
- To provide customer support and service communications
- To improve platform performance and reliability
We do not sell personal data and do not use platform data for marketing.
4. Lawful Basis for Processing
We process personal data under one or more of the following lawful bases:
- Consent – for marketing communications to subscribers
- Contractual necessity – to provide the platform and services
- Legitimate interests – for platform security, analytics, service improvement, and fraud prevention
- Legal obligation – where compliance, audit, or record-keeping is required
For platform services, Policy Shift acts as a data processor, and the subscribing organisation acts as data controller, unless Policy Shift processes anonymised or identity-protected data independently for security, analytics, or service improvement purposes.
5. Data Sharing and Service Providers
We may share personal data with trusted third-party service providers that support our operations, including:
- CRM and email platforms
- Hosting and infrastructure providers
- Analytics, monitoring, and security services
All service providers are contractually required to protect personal data and process it only in accordance with our instructions and applicable data protection law.
Client platform data is never shared for advertising or unrelated marketing purposes.
6. Data Retention
- Subscriber data is retained until you unsubscribe or request deletion.
- Platform data is retained only for as long as necessary to deliver the Services, meet contractual requirements, or comply with applicable legal or regulatory obligations, as set out in our Terms & Conditions.
Data is securely deleted or anonymised when no longer required.
7. Your Rights
Depending on your location, you may have the right to:
- Access your personal data
- Request correction or deletion
- Object to or restrict certain processing
- Withdraw consent for marketing communications at any time
If you are located in the UK or EU, you have rights under the UK GDPR and Data Protection Act 2018.
If you are a California resident, you have rights under the CCPA/CPRA.
Requests can be made by contacting us at privacy@policyshift.io.
8. Cookies and Analytics
We use cookies and similar technologies to:
- Ensure the website functions correctly
- Understand how the site is used
- Improve performance, usability, and content relevance
You can manage your cookie preferences at any time via our cookie banner or browser settings.
9. Security
We implement appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, or disclosure.
Further details of our security measures are set out in our Terms & Conditions.
10. Contact Us
If you have questions about this Privacy Policy or how we handle personal data, contact us at:
Email: privacy@policyshift.io
11. Updates to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last updated” date.
Cookie Banner Text (Final)
Banner Copy
We use cookies to make our site work, analyse usage, and improve your experience. You can accept all cookies, reject non-essential ones, or manage your preferences.
See our Privacy Policy for more details.
Buttons
- Accept All
- Reject Non-Essential
- Manage Preferences
Preferences Panel (Optional)
Essential cookies
Required for core site functionality and security.
Analytics cookies
Help us understand how the site is used so we can improve it.
Marketing cookies
Used to measure campaign effectiveness and relevance.
The People Behind Trackio
