Privacy Policy

1. Who we are

Night Shift is operated by TresPies LLC ("we," "us," "our") at nightshift.cash. Questions? Email [email protected].

2. What stays on your phone

By default, the Night Shift app is a Progressive Web App (PWA) that runs in your browser and stores everything locally. The following data is written to your device's storage (IndexedDB / localStorage) and is never transmitted to us:

• Shifts you log (location, hours, gross, fees, net, $/hr)
• Savings jars, goals, and allocations
• Expenses and categories
• Your PIN, if you set one
• App preferences and settings

If you clear your browser data, uninstall the PWA, or switch devices without using the built-in JSON export/import, that data is gone. Unless you turned on encrypted cloud backup, we can't recover it — by default, we never had it.

3. What we receive on our server

Night Shift's server is a small Cloudflare Worker at api.nightshift.cash. It only handles the things the app cannot do entirely on-device:

• Waitlist signup. If you submit the waitlist form, we store your email address, the survey answers you chose (vertical, hustle, pain point, etc.), a one-way hash of your IP address (for spam control), and a truncated browser user-agent string. We do not store your raw IP.
• Sign-in (magic link / Google). If you sign in to enable cloud backup or manage your subscription, we receive your email address (for magic link) or your Google account's basic profile (email + a stable user identifier for OAuth) plus a session token stored in our edge KV. There is no password. Sign-in records live in our Cloudflare D1 database; you can request deletion at any time.
• Encrypted backup (optional). Once signed in, you can choose to upload a snapshot of your data so it survives losing your phone. The snapshot is encrypted at rest with AES-256 and stored on our servers as ciphertext — the encryption runs in our Cloudflare Worker (a trusted processor) using a key we hold, not on your device. We are not a zero-knowledge service: to restore your backup, the worker decrypts it for you. Cloud backup is strictly opt-in; if you never turn it on, your data never leaves your phone.
• Subscription. If you start a paid plan or trial, our checkout flow hands off to Stripe. Stripe receives your payment details directly — we never see your card number. Stripe sends us back your subscription status (active, trialing, past due, canceled), your customer ID, your email, and what plan you're on. We use that to unlock paid features.
• Income verification certificates (legacy). Certificates issued before April 30, 2026 are still readable via their public verification URL (GET /verify/:id). New certificate generation is disabled in V1 — the feature was retired (see ADR 005a). The audit record (certificate ID, timestamp, owner email, totals) for already-issued certificates remains for verification purposes; we do not generate new certificates or accept new $1 charges.
• Launch contest. If you opt in to the contest, we record that you opted in for a vertical, plus your reported running total. The public leaderboard shows aggregate totals only — never an individual's number.
• Transactional email. Welcome, trial-ending, and receipt emails are sent through Resend. Resend receives your email address and the message body for the purpose of delivery.

4. What we don't do

• We don't sell your data. We never will.
• We don't run ad trackers, behavioral analytics, or third-party pixels on the app.
• We don't ask for your bank login, your Plaid credentials, or read-only access to your accounts.
• We don't build a profile of you across other sites or services.
• We don't store your earnings, jar balances, or expense data on our servers — with one exception: the optional encrypted backup you choose to turn on, which we hold only as ciphertext (see §3).

5. Cookies and similar technologies

The app uses your browser's local storage (not cookies) to remember your data between sessions. The marketing site at nightshift.cash may set a small number of first-party cookies for things like remembering whether you've dismissed a banner. We don't use third-party advertising or cross-site tracking cookies.

6. Service providers

A small number of third parties process limited data on our behalf:

• Cloudflare — hosts the website and the API worker. Cloudflare may log standard request metadata for security and abuse prevention. We also use Cloudflare's Web Analytics beacon to measure page performance (Core Web Vitals, load time) and aggregate visit counts. This data is cookieless, contains no personally identifiable information, and is not used for advertising or cross-site tracking.
• Stripe — processes payments and stores billing details. See stripe.com/privacy.
• Resend — delivers transactional email (welcome, receipts, trial reminders). See resend.com privacy.
• Google (OAuth) — if you sign in with Google, Google provides us only the basic profile fields you authorize (email + stable user ID). See Google's privacy policy.

Planned providers (not yet active in V1): ManyChat (for opt-in conversational signup) and Beehiiv (for the optional newsletter) are scheduled to activate later in May 2026. We will update this page before any data flows through them.

Each provider is bound by its own privacy practices and terms. We share only what's necessary for them to do the job we hired them for.

7. Children

Night Shift is not directed at children under 13 (or under 16 in the EU/UK), and we do not knowingly collect their data. If you believe a child has submitted information to us, email [email protected] and we will delete it.

8. Your rights

Because most of your data lives only on your device, you already control it — clearing your browser data or uninstalling the PWA deletes it. For data we do hold (waitlist email, subscription record, certificate audit record), you can:

• Request a copy of what we have on you.
• Ask us to correct or delete it.
• Withdraw consent for transactional email (this will end your subscription and waitlist membership).

Email [email protected] from the address on file. We will respond within 30 days. Depending on where you live, you may have additional rights under the GDPR (EU/UK), the CCPA/CPRA (California), or other local laws. We honor those rights regardless of where you reside.

9. Data retention

We keep server-side records only as long as we need them. Waitlist entries are kept until you ask to be removed or the waitlist is closed. Subscription records are kept while you have an active or recently-active subscription, plus a reasonable period for tax and accounting. Certificate audit records are kept indefinitely so a third party can later verify the certificate — you can ask us to delete one at any time.

10. Security

We use industry-standard transport encryption (HTTPS) for everything in transit. Server-side records are stored in Cloudflare's KV store with access restricted to the worker. No system is perfectly secure, but the smallest attack surface is the data we don't collect — and that's most of it.

11. International users

Night Shift is operated from the United States. If you use the app from outside the U.S., your limited server-side data will be processed on U.S.-based infrastructure (Cloudflare, Stripe, Resend). By using the app, you consent to that processing.

12. Changes to this policy

If we make a material change to this policy, we'll update the date at the top of this page and, where appropriate, notify active subscribers by email. Continuing to use Night Shift after a change means you accept the updated policy.