Legal Information

Our commitment to transparency, privacy, and security. Read our privacy policy and terms of service below.

Privacy Policy

Last updated: March 21, 2026

Shift Harmony AI, Inc. (“Company”, “we”, “our”, or “us”) understands that privacy is important to our users. This Privacy Policy describes our practices regarding the collection, use, sharing, and protection of your personal information for the website located at https://shiftharmony.ai/ (the “Website”), and our related platform and services, including schedule generation, rule configuration, preference collection, administrative tools, analytics, and support (collectively, the “Services”). This Privacy Policy also tells you about the rights and choices you have with respect to your personal information, how you can assert those rights, and how you can contact us to get answers to your questions.

With respect to the personal information that our clients and their vendors collect from you outside of our Services and provide to us via use of the Services (“Service Data”), where permitted by law, we process such information only as a “service provider” or “data processor” (as those terms are defined under applicable data protection laws) on behalf of our clients, who act as the “business” or “data controller” (as those terms are defined under applicable data protection laws). Our clients—namely, health care organizations that utilize the Services and our AI-powered workforce scheduling platform—are the parties that control the use of the Service Data and determine the purposes for which we process such information. While this Privacy Policy describes how we process Service Data on behalf of our clients, our clients are responsible for their own practices in collecting, using, and disclosing information they collect from you. To learn more about such clients’ use of your information and your rights that you may have over such information, please consult the privacy policy of the applicable health care organization.

For more information about how users with disabilities can access this Privacy Policy in an alternative format, please contact info@shiftharmonyai.com.

BY USING OR ACCESSING THE SERVICES, YOU AGREE TO THIS PRIVACY POLICY. IF YOU DO NOT AGREE WITH OUR POLICIES OR PRACTICES, YOU SHOULD NOT USE OR ACCESS THE SERVICES OR PROVIDE US WITH ANY PERSONAL INFORMATION.

As of the date this Privacy Policy was last updated, the Company is not subject to comprehensive consumer privacy laws in the United States, such as the California Consumer Privacy Act (CCPA).

The following links will take you directly to the corresponding sections of this Privacy Policy:

  • Personal Information We Collect from You
  • How We Collect Your Personal Information
  • How We Use Your Personal Information
  • How We Disclose or Share Your Personal Information
  • Links to Other Sites and Social Media Services
  • Interest-based Advertising
  • How We Protect Your Personal Information
  • Data Retention
  • Your Choices
  • Nevada Privacy Rights
  • California Privacy Rights
  • Cross-Border Data Transfers
  • Children’s Privacy
  • Changes to This Policy
  • Contacting Us

PERSONAL INFORMATION WE COLLECT FROM YOU

This Privacy Policy applies to the personal information that we obtain in various contexts. We use the terms “personal information” or “personal data” to refer to information that reasonably identifies, relates to, describes, or can be associated with you. Data that has been deidentified or that otherwise cannot reasonably be related back to a specific person is not considered personal information.

The following are the categories and types of personal information that we or our third-party partners may collect from or about you, depending on how you interact with the Services:

  • Identifiers and contact information, such as your name, email address, mailing address, phone number, and account name;
  • Professional or employment-related information, such as your medical license number, employer, employment history, or resumes and CVs.
  • Device and online identifiers and related information, including internet protocol (IP) address, mobile ad identifiers, data collected from cookies, beacons, and pixel tags, and similar unique identifiers;
  • Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with an internet website, application, mobile app, or advertisement; and
  • Any other personal information that you voluntarily provide us.

HOW WE COLLECT YOUR PERSONAL INFORMATION

Personal Information You Provide

We collect personal information that you provide to us directly. This may include, but is not limited to:

  • Information you provide when you contact us via email, phone, or online messaging, or through other Internet-enabled communications;
  • Information you provide when you register to use our Services or create an account on the Services;
  • Information or content that you submit to the Services;
  • Your responses to surveys or questionnaires that you choose to complete;
  • Details relating to transactions that you carry out through our Services, including any orders that you ask us to fulfill, and any payment or other financial information you provide to us relating to such orders;
  • Any other information that you provide us on or through the Services.

Personal Information We Collect Automatically

When you visit our Services or open or click on emails we send you, we or third parties we work with may automatically collect certain information using technologies such as cookies and other tracking technologies described below.

  • Cookies and Similar Technology: “Cookies” are pieces of information that may be placed on your computer by a website for the purpose of collecting data to facilitate and enhance your communication and interaction with that website. Such data may include, for example, the address of the websites you visited before and after you visited our Services, the type of browser you are using, your Internet Protocol (IP) address, what pages in the Services you visited and what links you clicked on, the region where your device is located, and geographic information based on your IP data. We may store some information on your device or device hard drive as a cookie or similar type of file (such as clear gifs, web beacons, tags, and similar technologies that work on mobile devices) to collect data related to usage of the Services. We may also use cookies to customize your visit to the Services and for other purposes to make your visit more convenient or to enable us to enhance the Services and Services.
  • Tracking Pixels: We use tracking pixels to collect information from users of our Services. A tracking pixel is a transparent graphic image (the size of a 1×1 pixel on your device screen) that is placed on a webpage of our Services and, in combination with cookies, allows us to collect information regarding your use of that webpage. We may also place tracking pixels in our email messages to collect information regarding your interaction with our email and any URL links included in the contents of the email. These tracking pixels trigger ads on participating websites and tell us when an advertisement we run on another website has been clicked on. This information helps us evaluate which advertisements are more appealing to users.
  • Clickstream Data: As you use the Internet, a trail of electronic information is left at each website you visit. This information, which is sometimes referred to as “clickstream data,” can be collected and stored by a website’s server. Clickstream data can tell us the type of computer and browsing software you use and the address of the website from which you linked to the Services. We may collect and use clickstream data as a form of aggregate information to anonymously determine how much time visitors spend on each page of our Website, how visitors navigate throughout the Services, and how we may tailor our web pages to better meet the needs of visitors. This information will be used to improve our Services.
  • Analytics: We may work with third-party vendors who use the technologies described in this section to conduct website analytics to help us track and understand how visitors use our Services and other Services. One such provider is Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to help analyze how users use the Website. The information generated by these cookies about your use (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the Website, compiling reports on activity for its staff, and providing other services relating to web page activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. You may refuse the use of cookies by selecting the appropriate settings in your browser. By using the Website and accepting cookies, you consent to the processing of data about you by Google in the manner and for the purposes set out above. Please refer to the currently available opt-outs for Google Analytics by visiting https://tools.google.com/dlpage/gaoptout/. You may obtain additional information about Google Analytics by visiting the section titled “How Google uses information from sites or apps that use our services,” located at www.google.com/policies/privacy/partners/.
  • Social Media Platforms and Networks: If you interact with us on social media or use features, such as plugins, widgets, or other tools made available by social media platforms or networks (such as Instagram, Facebook, X, or LinkedIn) in connection with our Services, we may collect information that you share with us on social media or that such platforms share with us. Please review the privacy policies and settings of the social media platforms and networks that you use for more information about their privacy practices.
  • Service Data: We may obtain Service Data from our clients (e.g., health care organizations) and their vendors (e.g., integration partners), which we process on behalf of our clients in accordance with our contracts with them.

HOW WE USE YOUR PERSONAL INFORMATION

We collect and use personal information for the following purposes:

  • To communicate with you, which may include:
    • Contacting you about and providing you and our clients with our Services;
    • Responding to your direct inquiries, requests, issues or feedback, and providing customer support;
    • Adding you to our mailing lists and sending you emails from time to time;
  • To provide our services, which may include:
    • Operating the Services, including generating optimized work schedules and facilitating regulatory and labor compliance;
    • Creating, maintaining, and otherwise managing your account or subscription;
    • Delivering content and product and service offerings relevant to your interests;
    • Completing the transactions you have requested, processing your payments, and processing any contracts you enter into;
  • For marketing and promotional purposes, which may include:
    • Marketing Company services or services of those of our affiliates, business partners, and other third parties;
    • Providing you advertising for products and services that may be of interest to you;
  • For analytics and personalization, which may include:
    • Identifying trends and making inferences about you and your interactions with us or our affiliates or our business partners;
    • Conducting research and analytics to improve our services and product offerings or those of our affiliates and business partners;
    • Understanding how you interact with our Services, advertisements, and communications with you to determine which of our products or services are the most popular, and to improve Services and marketing campaigns;
    • Better understanding our customers’ needs;
  • For security and fraud prevention, which may include:
    • Helping maintain the safety, security, and integrity of our Services, databases and other technology assets, and business;
    • Detecting security incidents; protecting against malicious, deceptive, fraudulent, or illegal activity; and prosecuting those responsible for that activity;
    • Investigating suspected fraud, harassment, or other violations of any law, rule, or regulation, or the policies for our Services;
  • To comply with legal obligations, which may include:
    • Establishing or exercising our rights, and to defending against a legal claim;
    • Responding to law enforcement requests and as required by applicable law, court order, legal process, or governmental regulation;
    • Acting in connection with a bankruptcy proceeding or the sale, merger, or change of control of the Company or the division responsible for the services with which your information is associated;
  • For any additional purposes that you specifically consent to.
With respect to Service Data, we use that information to provide the Services to our clients. We reserve the right to supplement your personal information with information we gather from other sources which may include online and offline sources. We may collect information that is not personal information (“non-personal information”), including anonymous or aggregate data, or information lawfully made available from federal, state, or local government records. Because non-personal information does not personally identify you, we may collect, use, and disclose such information for any purpose permitted by law. In some instances, we may combine non-personal Information with personal information. If we combine any non-personal information with personal information, the combined information will be treated by us as personal information to the extent that it is capable of personally identifying you. We reserve the right to develop and derive aggregate data (meaning information that relates to a group or category of individuals, from which individual identities have been removed) from personal information in order to enhance and maintain the Services, and such aggregate data will be treated as non-personal information.

HOW WE DISCLOSE OR SHARE YOUR INFORMATION

In addition to using your personal information ourselves for the reasons stated above (and as otherwise mentioned in this Privacy Policy), we may disclose your personal information to other affiliates and entities in the following instances:

  • Service Providers: We may share your personal information with third-party service providers who may use your information to provide us with services including, but not limited to: website hosting, data analytics services, infrastructure provision, information technology services, email delivery services, payment processing, auditing, and anti-fraud monitoring. These service providers may have access to personal information that is necessary to perform their functions, but they are only permitted to do so in connection with performing services for us. They are not authorized by us to use the information for their own benefit.
  • Business and Advertising Partners: We may share your personal information with third parties who partner with us to promote products and services, provide marketing and advertisements, conduct data analytics, or use the data for other commercial purposes. We do not control how these third parties use and share your personal information once they receive it. You will need to contact such third parties directly for information about their privacy practices or to exercise any rights you may have (including if you would like to opt-out of marketing messages).
  • Legal Compliance and to Defend Our Rights: We may disclose personal information and other information as we believe necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our Terms of Service; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you, or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
  • Business Transfers: We may share your personal information and other information with third parties in connection with a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of the assets of the Company, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which the assets transferred may include information about the users of our Services.
  • Non-Personal Information: We may share non-personal information with unaffiliated third parties, such as business and advertising partners, to improve and enhance your experience using the Services, and for our own market research activities.
Please note that if you specifically consent to additional uses of your personal information, we may use your personal information in a manner consistent with that consent.

With regard to Service Data, our clients provide us with instructions on what to do with such information. These choices and instructions may result in the access, use, disclosure, modification, or deletion of Service Data. Clients and their affiliates determine their own policies for the sharing and disclosure of Service Data. We may transfer Service Data to third parties on our clients’ behalf, and under such circumstances, we do so strictly according to our clients’ instructions.

LINKS TO OTHER SITES AND SOCIAL MEDIA SERVICES

We may create links to other websites that we think may be of interest to you, such as providers of various products and services. We may also provide links that allow you to send or forward a post from our Services through or to third-party social media sites, or other means of electronic communication, such as an email or text messaging service. We do not endorse any other websites, providers, or services by providing such links, and this Privacy Policy applies only to your use of our Services. We are not responsible for the privacy policies of any websites and services we link to on our Services, and you should read the privacy policies of each site you visit to determine what data that site may collect about you.
The Services may also integrate with social media services. We do not control such services and are not liable for the manner in which they operate. While we may provide you with the ability to use such services in connection with our Services, we are doing so merely as an accommodation and, like you, are relying upon those third-party services to operate properly and fairly.
You should be aware that any personal information which you voluntarily include and transmit online in a publicly accessible blog, forum, social network, or otherwise may be viewed and used by others. By using such features, you assume the risk that the personal information provided by you may be viewed and used by third parties.

INTEREST BASED ADVERTISING

  • Targeted Advertising / Behavioral Advertising: We may ourselves, or with third-party vendors, use your information to deliver targeted advertising to you when you visit our Services or other websites. Cookies, clickstream data, and other similar technologies described below may be used in this process. For example, if you are searching for information on a particular product, we or our vendor may cause an advertisement to appear on other websites you view with information on that product. This form of advertising, sometimes called “targeted advertising,” “behavioral advertising,” or “cross-context behavioral advertising,” enables us and our vendors to know about your interests in connection with the delivery of a specific ad. We believe that such advertising is helpful because it allows you to see advertisements that are relevant to your interests. If you would like to opt out of these interest-based advertisements, please follow the opt-out process described in the section titled Your Choices below.
  • Cross-Device Matching: We may use your information to help us, or our third-party vendors, determine if you have interacted with our Services across multiple devices and to match such devices. To accomplish this, we may rely on information (including demographic, geographic and interest-based data) from third parties such as data vendors, pursuant to their own privacy policies, or we may use information we collect in conjunction with such third-party data. Based on this data, we may then display targeted advertisements across devices that we believe are associated with each other, and may further provide services to our advertisers to better enable cross-device targeting and analysis. To opt-out of or restrict our use of certain cross-device data, please see the section titled Your Choices below.

HOW WE PROTECT YOUR PERSONAL INFORMATION

Personal information is maintained on our servers or those of our vendors, and is accessible by authorized employees, independent contractors, representatives, and agents as necessary for the purposes described in this privacy policy. We use reasonable and appropriate physical, technical, and organizational safeguards designed to promote the security of our systems and protect the confidentiality, integrity, availability, and resilience of personal information. However, no method of safeguarding information is completely secure, and we cannot guarantee that our safeguards will be effective or sufficient. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us of the problem by using the information the section below titled Contacting Us.

DATA RETENTION

We will retain your personal information for as long as your inquiry is active or as needed to provide you with the Services, and for a reasonable time thereafter in accordance with our standard procedures or as necessary to comply with our legal obligations, to resolve disputes, and to enforce our agreements. Even if we delete some or all of your information, we may continue to retain and use anonymous or aggregate data, or any other data that constitutes non-personal information. While deletion is pending, we may securely store your personal information in backup archives in accordance with our routine data backup procedures, and if we do so, your data will be securely stored and isolated from any further processing until deletion is possible.

YOUR CHOICES

Consistent with applicable law, you may exercise the choices described in this section regarding your personal information and communications from us. You may also have certain additional rights available depending on laws in your state or country of residence, as described further below in the Privacy Policy.
  • Opting Out of Messages or Services: We may send you marketing messages via email or SMS message. If you receive a marketing message from us, you may unsubscribe from future messages in accordance with our standard unsubscribe process (such as by using the unsubscribe link included in an email or replying STOP to a text message), or by sending an unsubscribe request to us at info@ShiftHarmonyAI.com. We will process your request within a reasonable time after receipt. Please note that if you opt out in this manner, certain aspects of our services may no longer be available to you.
  • Cookies and Tracking Technologies: If you would like to stop or restrict the placement of cookies or flush any cookies that may already be on your computer or device, please refer to and adjust your web browser preferences. Further information on cookies is available at www.allaboutcookies.org. By deleting our cookies or disabling future cookies, you may not be able to access certain areas or features of our Services or some of its functionality may be affected. Note that cookie-based opt-outs must be performed on each device and browser that you wish to have opted out. For example, if you have opted out on your device browser, that opt-out will not be effective on your mobile device. Be advised that cookie-based opt-outs are not effective on some mobile services.
  • Interest-Based Advertising: You may opt out of receiving targeted ads from certain data and advertising partners that participate in certain industry self-regulatory programs. The DAA provides a website at www.aboutads.info/consumers with information about how to opt out of targeted advertising from some or all of the DAA’s participating companies. Additionally, the Network Advertising Initiative (“NAI”) offers a website at http://optout.networkadvertising.org/ where you can opt out of interest-based advertising from some or all of the NAI’s members. Please note that by opting out, you will continue to see generic advertising that is not tailored to your specific interests and activities. In the event that we perform cross-device matching (as described above), once you have opted out on one device (“Opted-Out Device”), we will not use any new data from the Opted-Out Device to identify you on another device for interest-based advertising purposes, and we will not use data from another device for interest-based advertising purposes on the Opted-Out Device.

    For targeted advertisements delivered through mobile apps, users may opt out of certain ads or reset advertising identifiers via their device settings. To learn how to limit ad tracking or to reset the advertising identifier on your iOS and Android device, visit the following links: You can also install the DAA’s AppChoices app on your device to opt out of targeted advertising by certain providers, and to select system-level advertising preferences on your device (such as “Limit Ad Tracking” on Apple devices, or “Opt-out of Interest-based ads” on Android devices).

    Finally, to learn more from the NAI about how to opt out of targeted advertising on websites and mobile devices, you can also visit the following link: https://thenai.org/how-to-opt-out/.

NEVADA PRIVACY RIGHTS

If you are a resident of Nevada, you have the right to opt out of the sale of certain personal information that we have collected (or may collect) from you to third parties. You can exercise this right by emailing us at info@ShiftHarmonyAI.com with the subject line “Nevada Do Not Sell Request.”

CALIFORNIA PRIVACY RIGHTS

Under California Civil Code Section 1798.83 (“Shine the Light”), California residents may have the right to request in writing from businesses with whom they have an established business relationship: (a) a list of the categories of personal information, as defined under Shine the Light, such as name, email address, and mailing address, and the type of services provided to the customer that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes; and (b) the names and addresses of all such third parties. To request the above information, please contact us by email at info@ShiftHarmonyAI.com. If you do not want your personal information shared with any third party who may use such information for direct marketing purposes, then you may opt out of such disclosures by sending an email to us at info@ShiftHarmonyAI.com.

CROSS-BORDER DATA TRANSFERS

If you submit personal information to us, that information may be processed in a jurisdiction where privacy laws may be less stringent than those in your country of residence. By submitting your personal information to us, you agree to the transfer, storage, and processing of such information in foreign jurisdictions including, but not limited to, the United States.

CHILDREN'S PRIVACY

Our Services are intended for users ages 18 and over, and we do not knowingly collect personal information from children under the age of 18. When we become aware that personal information (or other information that is protected under applicable law) from a child under 18 has been collected, we will use all reasonable efforts to delete such information from our databases. If you believe we might have any personal information from or about a child under 18, please contact us by using the information the section below titled Contacting Us.

CHANGES TO THIS POLICY

We reserve the right, at our discretion, to change, modify, add, or remove portions from this Privacy Policy at any time, provided that any such modifications will only be applied prospectively. We encourage you to periodically review the Website for the latest information on our privacy practices. Your continued use of the Services following the posting of any changes to this Privacy Policy means you accept such changes.

CONTACTING US

If you have any questions about our privacy or security practices, you can contact at info@ShiftHarmonyAI.com.

Terms of Service

Last Updated and Effective as of: March 21, 2026

These terms of service (the “Terms of Service”) are an agreement between you, whether personally or on behalf of an entity (“you”) and Shift Harmony AI, Inc. (“Company,” “we,” “us,” or “our”), concerning your access to and use of the website at https://shiftharmony.ai/ (the “Website”) and all related services, products, platforms, websites, and offerings (the “Services”) maintained and operated by Shift Harmony AI, Inc. where a link to these Terms of Service is provided.

Your access and use of our Services is subject to these Terms of Service and all applicable laws. By accessing or using any part of the Services, you accept, without limitation or qualification, these Terms of Service. If you do not agree with all of these Terms of Service, you may not use any portion of the Services, including any portion of the Services. If an individual is accessing the Services on behalf of a business entity, by doing so, such individual represents that they have the legal capacity and authority to bind such business entity to the terms and conditions herein. The term “you” shall refer to both the business entity and the individual accessing the Services on behalf of such business entity.

NOTICE REGARDING DISPUTE RESOLUTION: THESE TERMS OF SERVICE CONTAIN TERMS THAT GOVERN HOW CLAIMS BETWEEN YOU AND US WILL BE RESOLVED. FOR EXAMPLE, SECTION 18 CONTAINS AN ARBITRATION AGREEMENT AND WAIVER OF CLASS ACTION WHICH STATES THAT WE MUST ARBITRATE INSTEAD OF GOING TO A COURT BEFORE A JUDGE AND JURY AND THAT ALL SUCH ARBITRATION CLAIMS MUST BE BROUGHT IN YOUR INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS REPRESENTATIVE OR MEMBER OR OTHERWISE ON BEHALF OF OTHERS IN ANY PURPORTED CLASS, COLLECTIVE OR REPRESENTATIVE PROCEEDING.

ACCESSIBILITY — IF YOU ARE HAVING ANY TROUBLE ACCESSING THE SERVICES, PLEASE CONTACT US BY EMAIL AT INFO@SHIFTHARMONYAI.COM.
  1. Use of the Website and Services: This Website is provided for your personal use and to engage with the Company. Any other use of the Website requires the Company’s prior written consent. By using the Services, you agree that: (i) you will use the Services in compliance with all generally accepted standards in the health care industry, (ii) nothing you do will violate the terms of any licenses, certifications, contracts or understandings to which you are subject, and (iii) you are at least eighteen (18) years of age or are the age of majority in which you reside.
  2. Restrictions: You may not use spiders, robots, data mining techniques or other automated devices or programs to catalog, download or otherwise reproduce, store or distribute content available on the Services. Further, you may not use any such automated means to manipulate the Services, such as automating what are otherwise manual or one-off procedures. You may not take any action to interfere with, or disrupt, the Services or any other user’s use of the Services, including, without limitation, via means of overloading, “flooding”, “mailbombing” or “crashing” the Services, circumventing security or user authentication measures or attempting to exceed the limited authorization and access granted to you under these Terms of Service. You may not frame portions of the Services within another website or application. You may not resell use of, or access to, the Services to any third party without our prior written consent.
  3. Registration and Passwords: In order to access certain services on the Services, you will be required to set up an account (the “Account”) and set a username and password for your Account, as well as providing any further information that we request. Any usernames or passwords provided should be safeguarded at all times. You are solely responsible for keeping your usernames and/or passwords safe and secure, and for all activity using your usernames and/or passwords. You agree to notify us immediately of any unauthorized use of your account or any other breach of security. You agree that, to the extent permitted by law, Company will not be liable for any loss you may incur as a result of someone other than you using your Account to access information, either with or without your knowledge.
  4. Our Proprietary Rights: Company is the owner of or otherwise licensed to use all parts of the Services, including all copy, software, graphics, designs and all copyrights, trademarks, service marks, trade names, logos, and other intellectual property or proprietary rights contained therein. Some materials on the Services belong to third parties who have authorized Company to display the materials, such as associated creative assets, and other proprietary materials. By using the Services, you agree not to copy, distribute, modify or make derivative works of any materials without the prior written consent of the owner of such materials.

    You are hereby granted a limited, nonexclusive, nontransferable, nonsublicensable, and personal license to access and use the Services provided, however, that such license is subject to your compliance with these Terms of Service. If any software, content, or other materials owned by, controlled by, or licensed to us are distributed or made available to you as part of your use of the Services, we hereby grant you a non-commercial, personal, non-assignable, non-sublicensable, non-transferrable, and non-exclusive right and license to access and display such software, content, and materials provided to you as part of the Services, in each case for the sole purpose of enabling you to use the Services as permitted by these Terms of Service.

    All other third-party trademarks, registered trademarks, and product names mentioned on the Services are the property of their respective owners and may not be copied, imitated or used, in whole or in part, without the permission of the applicable intellectual property rights holder. Reference to any products, services, processes or other information by name, trademark, manufacturer, supplier or otherwise does not constitute or imply endorsement, sponsorship, or recommendation by Company.

    You acknowledge and expressly agree that any contribution of feedback regarding the Services that you provide to us (the “Feedback”) does not and will not give or grant you any right, title, or interest in the Services or in any such Feedback. You agree that Company may use and disclose Feedback in any manner and for any purpose whatsoever without further notice or compensation to you and without retention by you of any proprietary or other right or claim. You hereby assign to Company any and all right, title, and interest (including, but not limited to, any patent, copyright, trade secret, trademark, show-how, know-how, moral rights and any and all other intellectual property right) that you may have in and to any and all Feedback.

    Except as expressly set forth in these Terms of Service, no license is granted to you and no rights are conveyed by virtue of accessing or using the Services. All rights not granted under these Terms of Service are reserved by Company.

  5. Prohibited Activities: Company expects all of its users to abide by certain rules and restrictions. The following is a partial list of the types of conduct that are illegal or prohibited on the Services or while using the Services. Company reserves the right to investigate and take appropriate legal or other action against anyone who, in Company’s sole discretion, engages in any of the prohibited activities.

    Without limitation, you agree that you will not post or transmit to the Services or to other users anything that contains content that:


    • is defamatory, abusive, obscene, profane or offensive;
    • infringes or violates another party’s intellectual property rights (such as music, videos, photos or other materials for which you do not have written authority from the owner of such materials to post on the Services);
    • violates any party’s right of publicity or right of privacy;
    • is threatening, harassing or that promotes racism, bigotry, hatred or physical harm of any kind against any group or individual;
    • promotes or encourages violence;
    • is inaccurate, false or misleading in any way, or constitutes impersonation of another person;
    • is illegal or promotes any illegal activities;
    • promotes illegal or unauthorized copying of another person’s copyrighted work or links to them or providing information to circumvent security measures;
    • contains “masked” profanity (i.e., F*@&#);
    • contains software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer software or hardware or telecommunications equipment; or
    • contains any advertising, promotional materials, “junk mail,” “spam,” “chain letters,” “pyramid schemes,” or any other form of solicitation.

    Company is under no obligation to screen or monitor content, but may review content from time to time at its sole discretion. Company will make all determinations as to what content is appropriate in its sole discretion. Company may edit or remove any content at any time without notice.

  6. Corrections: Subject to limitations in the applicable technologies and devices we use, we attempt to be accurate to the extent reasonably possible, however, we do not warrant that any product, measurement or description, photograph, pricing or other information is accurate, complete, reliable, current, or error-free. In the event of an error, whether on the Website, or otherwise, we reserve the right to correct such error and otherwise change or update the information on the Website at any time without notice, and/or refund any amount charged.
  7. No Ideas Accepted: Company does not accept any unsolicited ideas from outside the Company including without limitation suggestions about advertising, promotion or merchandising of our products, additions to our product lines, services, or changes in methods of doing business. We may already be working on or may in the future work on a similar idea. This policy eliminates concerns about ownership of such ideas. If, notwithstanding this policy, you submit an unsolicited idea to the Services, you understand and acknowledge that such idea is not submitted in confidence and Company assumes no obligation, expressed or implied, by considering it. You further understand that Company shall exclusively own all known or hereafter existing rights to the idea everywhere in the world, and that such idea is hereby irrevocably assigned to Company. Without limiting the foregoing, to the extent any such assignment is deemed unenforceable, you hereby grant Company an irrevocable, perpetual, world-wide license to use the idea in any manner, in any medium now known or hereafter developed, without compensation to you.
  8. Third Party Materials: The Services may link to, make available or provide third party products, services, websites, data, software or source code, including without limitation third party websites or social media platforms, and licensed data sources (collectively, “Third Party Materials”). Company has no control over Third Party Materials. Accordingly, Company is not responsible or liable for any Third Party Materials and makes no representation as to the accuracy, usefulness, safety, or intellectual property rights in or relating to such Third Party Materials. While Company has no obligation to monitor Third Party Materials, Company may remove or modify such Third Party Materials in its discretion, including without limitation to comply with applicable law. You agree to comply with all terms and conditions and privacy policies related to any Third Party Materials.
  9. Other Sources of Terms of Service: Certain provisions of these Terms of Service may be superseded by expressly designated legal notices, rules or other terms located on particular pages of the Services, including on any checkout page. In order to participate in or use certain services, promotions that may be run from time to time with respect to the Services (“Offer(s)”), you may be required to agree to additional or different terms and conditions (“Additional Terms”). Certain benefits may be modified or not available in connection with an Offer. Your acceptance or redemption of any Offer constitutes your unconditional acceptance of the Additional Terms. If there is an actual conflict between these Terms of Service and any Additional Terms, the Additional Terms shall control and the non-conflicting provisions in these Terms of Service will continue to apply. For the sake of clarity, silence with respect to a particular term in either these Terms of Service or any Additional Terms does not constitute a conflict.
  10. No Warranties; Limitation of Liability: WHILE COMPANY USES REASONABLE EFFORTS TO INCLUDE UP-TO-DATE INFORMATION ON THE SERVICES, COMPANY MAKES NO WARRANTIES OR REPRESENTATIONS AS TO ITS ACCURACY OR COMPLETENESS AND YOU SPECIFICALLY ACKNOWLEDGE THAT THE SERVICES MAY NOT ALWAYS BE ACCURATE. COMPANY ASSUMES NO LIABILITY OR RESPONSIBILITY FOR ANY ERRORS OR OMISSIONS IN THE CONTENT IN OR AS PART OF THE SERVICES. THE SERVICES, INCLUDING ALL CONTENT MADE AVAILABLE ON OR ACCESSED THROUGH THE SERVICES, IS PROVIDED “AS IS” AND COMPANY MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHATSOEVER FOR THE CONTENT ON THE SERVICES. FURTHER, TO THE FULLEST EXTENT PERMISSIBLE BY LAW, COMPANY DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, NON-INFRINGEMENT, TITLE, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. COMPANY DOES NOT WARRANT THAT THE FUNCTIONS CONTAINED IN THE SERVICES OR ANY MATERIALS OR CONTENT CONTAINED THEREIN WILL BE UNINTERRUPTED OR ERROR FREE, THAT DEFECTS WILL BE CORRECTED, OR THAT THE SERVICES OR THE SERVER THAT MAKES IT AVAILABLE IS FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. COMPANY SHALL NOT BE LIABLE FOR THE USE OF THE SERVICES, INCLUDING, WITHOUT LIMITATION, THE CONTENT AND ANY ERRORS CONTAINED THEREIN. UNDER NO CIRCUMSTANCES WILL COMPANY AND/OR ANY OF ITS AFFILIATES, LICENSORS, LICENSEES, SUCCESSORS OR ASSIGNS BE RESPONSIBLE FOR ANY DAMAGE, LOSS OR INJURY RESULTING FROM HACKING, TAMPERING OR OTHER UNAUTHORIZED ACCESS OR USE OF THE SERVICES, YOUR DATA OR YOUR ACCOUNT OR THE INFORMATION CONTAINED THEREIN. WE RESERVE THE RIGHT AT ALL TIMES TO DISCLOSE ANY INFORMATION THAT WE DEEM NECESSARY TO COMPLY WITH ANY APPLICABLE LAW, RULE, REGULATION, LEGAL PROCESS OR GOVERNMENTAL REQUEST. YOU WAIVE AND HOLD HARMLESS COMPANY AND ITS AFFILIATES, LICENSORS, LICENSEES, SUCCESSORS AND ASSIGNS FROM ANY CLAIMS RESULTING FROM ANY ACTION RELATING TO YOUR ACCOUNT OR TAKEN AS A RESULT OF ANY SUCH DISCLOSURE.

    IN NO EVENT WILL COMPANY BE LIABLE UNDER ANY THEORY OF TORT, CONTRACT, STRICT LIABILITY OR OTHER LEGAL OR EQUITABLE THEORY FOR ANY LOST PROFITS, LOST DATA, LOST OPPORTUNITIES, COSTS OF COVER, EXEMPLARY, PUNITIVE, PERSONAL INJURY/WRONGFUL DEATH, SPECIAL, INCIDENTAL, INDIRECT OR OTHER CONSEQUENTIAL DAMAGES, OR FOR ANY DIRECT DAMAGES, AND/OR ANY OTHER DAMAGES RESULTING FROM YOUR USE OF THE SERVICES, EACH OF WHICH IS HEREBY EXCLUDED BY AGREEMENT OF THE PARTIES REGARDLESS OF WHETHER OR NOT EITHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

    If any part of these warranty disclaimers or limitations of liability is found to be invalid or unenforceable for any reason or if we are otherwise found to be liable to you in any manner, then our aggregate liability for all claims under such circumstances for liabilities, shall not exceed the amount paid by you, if any, for accessing the Services.
  11. Waiver By California Residents: IF YOU ARE A CALIFORNIA RESIDENT, YOU HEREBY WAIVE CALIFORNIA CIVIL CODE SECTION 1542 IN CONNECTION WITH THE FOREGOING, WHICH STATES: “A GENERAL RELEASE DOES NOT EXTEND TO CLAIMS WHICH THE CREDITOR DOES NOT KNOW OR SUSPECT TO EXIST IN HIS OR HER FAVOR AT THE TIME OF EXECUTING THE RELEASE, WHICH IF KNOWN BY HIM OR HER MUST HAVE MATERIALLY AFFECTED HIS OR HER SETTLEMENT WITH THE DEBTOR.”
  12. Changes: All information posted on the Services is subject to change without notice. In addition, these Terms of Service may be changed at any time without prior notice. We will make such changes by posting them on the Services. You should check the Services for such changes frequently. Your continued access of the Services after such changes conclusively demonstrates your acceptance of those changes. We reserve the right to withdraw or amend the Services, and any service or material we provide via the Services, in our sole discretion without notice. We will not be liable if for any reason all or any part of the Services is unavailable at any time or for any period. From time to time, we may restrict access to some parts of the Services or all Services.
  13. Indemnification: You agree to indemnify, defend and hold harmless Company, its employees, directors, officers, agents, business partners, affiliates, contractors, distribution partners and representatives from and against any and all claims, demands, liabilities, costs or expenses, including attorney’s fees and costs, arising from, or related to, any breach by you of any of these Terms of Service or applicable law.
  14. Severability: If any part of these Terms of Service shall be held or declared to be invalid or unenforceable for any reason by any court of competent jurisdiction, such provision shall be ineffective but shall not affect any other part of these Terms of Service, and in such event, such provision shall be changed and interpreted so as to best accomplish the objectives of such unenforceable or invalid provision within the limits of applicable law or applicable court decisions.
  15. Compliance with Laws: You represent and warrant that you will comply with all applicable laws (e.g., local, state, federal and other laws) when using the Services. Without limiting the foregoing, by using the Services, you represent and warrant that: (a) you are not located in, ordinarily resident in, or organized under the laws of any jurisdiction that is subject to a comprehensive U.S. Government embargo (“Embargoed Jurisdiction”); and (b) you are not subject to, and are not affiliated with anyone who is subject to any sanctions administered by an agency of the U.S. Government, any other government, or the United Nations (collectively, “Sanctions”). You may not use, export, or re-export any Services in violation of applicable law, including, without limitation, United States and foreign export laws and regulations. You further covenant that the foregoing shall be true during the entire period of this agreement. We may require you to provide additional information and documents in certain circumstances, such as at the request of any government authority, as any applicable law or regulation dictates, or to investigate a potential violation of these Terms of Service. In such cases, we, in our sole discretion, may disable your Account and block your ability to access the Services until such additional information and documents are processed by us. If you do not provide complete and accurate information in response to such a request, we may refuse to restore your access to the Services.
  16. Waiver; Remedies; Entire Agreement: The failure of Company to partially or fully exercise any rights or the waiver of Company of any breach of these Terms of Service by you shall not prevent a subsequent exercise of such right by Company or be deemed a waiver by Company of any subsequent breach by you of the same or any other term of these Terms of Service. The rights and remedies of Company under these Terms of Service and any other applicable agreement between you and Company shall be cumulative, and the exercise of any such right or remedy shall not limit Company’s right to exercise any other right or remedy. The Terms of Service, the Additional Terms, and our Privacy Policy constitute the sole and entire agreement between you and Company regarding the Services and supersede all prior and contemporaneous understandings, agreements, representations, and warranties, both written and oral, regarding the Services.
  17. International Access: Our Services are provided from the United States of America and all servers that make it available reside in the U.S.A. The laws of other countries may differ regarding the access and use of the Services. We make no representations regarding the legality of this Services in any other country and it is your responsibility to ensure that your use complies with all applicable laws outside of the U.S.A.
  18. Governing Law; Dispute Resolution; Class Action Waiver. The laws of the State of California shall govern these Terms of Service. While we will make reasonable efforts to resolve any disagreements you may have with Company, if these efforts fail you agree that all claims, disputes or controversies against Company arising out of these Terms of Service, or the purchase of any products or services (“Claims”) shall be exclusively submitted to binding arbitration (except for matters that may be taken to small claims court), no matter what legal theory they are based on or what remedy (damages, or injunctive or declaratory relief) they seek. This includes Claims based on contract, tort (including intentional tort), fraud, agency, your or our negligence, statutory or regulatory provisions, or any other sources of law; Claims made as counterclaims, cross-claims, third- party claims, interpleaders or otherwise; and Claims made independently or with other claims. The party filing arbitration must submit Claims to the American Arbitration Association and follow its rules and procedures for initiating and pursuing arbitration. Any arbitration hearing that you attend will be held at a place chosen by the American Arbitration Association in the same city as the U.S. District Court closest to your then current residential address, or at some other place to which you and Company agree in writing, and the arbitrator shall apply California law consistent with the Federal Arbitration Act. You may obtain copies of the current rules, and forms and instructions for initiating arbitration by contacting the American Arbitration Association at using the contact information noted below.

    American Arbitration Association
    App: www.adr.org


    A single, neutral arbitrator will resolve Claims. The arbitrator will be either a lawyer with at least ten (10) years’ experience or a retired or former judge, selected in accordance with the rules of the American Arbitration Association. The arbitration will follow the procedures and rules of the American Arbitration Association which are in effect on the date the arbitration is filed unless those procedures and rules are inconsistent with these Terms of Service, in which case these Terms of Service will prevail. Those procedures and rules may limit the discovery available to you or us. The arbitrator will take reasonable steps to protect your customer account information and other confidential information if requested to do so by you or us. Each party to the arbitration will bear the expense of that party’s attorneys, experts, and witnesses, and other expenses, regardless of which party prevails, but a party may recover any or all expenses from another party if the arbitrator, applying applicable law, so determines. The arbitrator’s award is final and binding on the parties.

    We will not choose to arbitrate any Claim you bring in small claims court. However, if such a Claim is determined by the court to be outside its jurisdiction, the parties agree that the dispute shall then be submitted to arbitration.

    Class Action Waiver: BY USING THE SERVICES, YOU AGREE THAT YOU AND COMPANY ARE EACH WAIVING THE RIGHT TO A TRIAL BY JURY OR TO PARTICIPATE IN A CLASS ACTION, COLLECTIVE ACTION, PRIVATE ATTORNEY GENERAL ACTION, OR OTHER REPRESENTATIVE PROCEEDING OF ANY KIND. CLAIMS AND REMEDIES SOUGHT AS PART OF A CLASS ACTION, PRIVATE ATTORNEY GENERAL OR OTHER REPRESENTATIVE ACTION ARE SUBJECT TO ARBITRATION ONLY ON AN INDIVIDUAL (NON-CLASS, NON-REPRESENTATIVE) BASIS, AND THE ARBITRATOR MAY AWARD RELIEF ONLY ON AN INDIVIDUAL (NON-CLASS, NON-REPRESENTATIVE) BASIS.

    Time Bar: ANY CLAIM YOU HAVE MUST BE COMMENCED WITHIN ONE (1) YEAR AFTER THE DATE OF THE CLAIM.

  19. Privacy: All information we collect via the Services is subject to our Privacy Policy. By using the Services, you consent to all actions taken by us with respect to your information in compliance with the Privacy Policy. Additionally, you acknowledge and agree that transmissions made over the internet are never completely private or secure and that messages or information you send to the Services may be intercepted or read by others.
  20. Questions: Should you have any questions regarding these Terms of Service you may contact us at info@shiftharmonyai.com.

Data Processing Addendum (DPA)

This Data Processing Addendum (“DPA”) forms part of the ShiftHarmony.AI Platform Terms & Conditions between the Customer set forth on an Order Form (“Customer”) and ShiftHarmony.AI (collectively, the “Parties”) for the provision of services by ShiftHarmony.AI (identified either as “Services” or otherwise in the applicable agreement, and hereinafter defined as “Services”) (the “Agreement”) to reflect the Parties’ agreement with regard to the Processing of Customer Personal Information.

In the course of providing the Services to Customer, ShiftHarmony.AI may Process Customer Personal Information on behalf of Customer, and in such case, the Parties agree to comply with the following provisions with respect to Customer Personal Information.

1.

DEFINITIONS

Capitalized terms not otherwise defined herein shall have the meaning given to them in the Agreement. In this DPA, the following terms shall have the meanings set out below:

Aggregate Data” means information that relates to a group or category of individuals, from which individual identities have been removed, and that is not linked or reasonably linkable to any individual or household.

Customer Personal Information” means any Personal Information Processed by ShiftHarmony.AI or ShiftHarmony.AI’s Subprocessor, solely on behalf of Customer, pursuant to the express terms of an applicable statement of work or order under the Agreement.

Data Protection Assessment” means an assessment of the impact of processing operations on the protection of Personal Information and the rights of Data Subjects, which may also be called a “Data Protection Assessment,” “Data Protection Impact Assessment,” or “Risk Assessment” by applicable Data Protection Laws.

Data Protection Laws” means any and all applicable U.S. data protection, security, or privacy-related laws, statutes, directives, or regulations, including but not limited to: (a) the California Consumer Privacy Act of 2018, Cal. Civ. Code § 1798.100 et seq. (“CCPA”), together with any amending or replacement legislation, including the California Privacy Rights Act of 2020 and any regulations promulgated thereunder; (b) the Virginia Consumer Data Protection Act of 2021, Va. Code Ann. § 59.1-571 to -581; (c) the Colorado Privacy Act of 2021, Co. Rev. Stat. § 6-1-1301 et seq.; (d) Connecticut Public Act No. 22-15, “An Act Concerning Personal Data Privacy and Online Monitoring”; (e) the Utah Consumer Privacy Act of 2022, Utah Code Ann. § 13-61-101 et seq.; (f) the Texas Data Privacy and Security Act, 11 Tex. Bus. & Com. Code § 541.001 et seq.; (g) the Oregon Consumer Privacy Act, Or. Rev. Stat. § 646A.570 et seq.; (h) the Montana Consumer Data Privacy Act, Mont. Code Ann. § 30-14-2801 et seq.; (i) the Iowa Consumer Data Protection Act, Ia. Code Ch. 715D; (j) the New Hampshire Data Privacy Act, N.H. Rev. Stat. Ann. 507-H; (k) the Nebraska Data Privacy Act, Neb. Rev. Stat. § 87-1101 et seq.; (l) the Delaware Personal Data Privacy Act, Del. Code § 12D-101 et seq.; (m) the New Jersey Data Privacy Act, N.J. Rev. Stat. § 56:8-166.4 et seq.; (n) the Tennessee Information Protection Act, Tenn. Code Ann. § 47-18-3201 et seq.; (o) the Minnesota Consumer Data Privacy Act, Minn. Stat. § 325O.01 et seq.; (p) the Maryland Online Data Privacy Act of 2024, Md. Code Ann., Com. Law § 14-4601 et seq.; (q) the Kentucky Consumer Data Protection Act, Ky. Rev. Stat. § 367.3611 et seq.; (r) the Indiana Consumer Data Protection Act, Ind. Code § 24-15; (s) the Rhode Island Data Transparency and Privacy Protection Act, R.I. Gen. Laws § 6-48.1-1 et seq.; (t) the Washington “My Health My Data” Act, Wash. Rev. Code § 19.373.005 et seq., and Nev. Rev. Stat. § 603A, as amended by Nevada S.B. 370 (“Washington and Nevada Consumer Health Data Laws”); and (u) all other equivalent or similar laws and regulations in the United States relating to Personal Information and privacy, and as each may be amended, extended or re-enacted from time to time.

Data Subject” means an identified or identifiable natural person whose Personal Information is being Processed. The term “Data Subject” shall refer to a “Consumer” as that term is defined under Data Protection Laws.

Deidentified Data” means information that cannot reasonably identify, relate to, describe, be capable of being associated with, be linked directly or indirectly with, or be reasonably be used to infer information about an identifiable natural person.

Personal Information” means information that is protected by applicable Data Protection Laws or that otherwise that identifies, relates to, describes, is capable of being associated with, or can reasonably be linked, directly or indirectly, with a particular individual or household.

Personnel” means officers, directors, employees, Subprocessors, agents and representatives.

Regulatory Authority” means the applicable public authority or government agency responsible for supervising compliance with Data Protection Laws, including, but not limited to: the California Privacy Protection Agency; and U.S. state attorneys general.

Security Breach” means any security incident that adversely impacts the security of Customer Personal Information.

Subprocessor” means any third party appointed by ShiftHarmony.AI to Process Customer Personal Information as a ShiftHarmony.AI or Processor on behalf of Customer in connection with the Agreement.

The terms “Business,” “Business Purpose,” “Controller,” “Process,” “Processor,” “Sell,” “Service Provider,” and “Share” shall have the same meaning as in the Data Protection Laws, and their cognate terms shall be construed accordingly.

2.

PROCESSING OF PERSONAL DATA

2.1

Roles of the Parties. The Parties acknowledge and agree that with regard to the Processing of Customer Personal Information, Customer is the Controller or Business (as applicable), ShiftHarmony.AI is the Processor or Service Provider (as applicable), and that ShiftHarmony.AI will engage Subprocessors pursuant to the requirements set forth in Section 5 below. The Parties acknowledge and agree that neither Party has reason to believe that the other Party is unable to comply with the provisions of this DPA or otherwise that such Party is in violation of any Data Protection Law. For clarity, ShiftHarmony.AI is not responsible for compliance with any Data Protection Laws applicable to Customer or Customer’s industry that are not otherwise generally applicable to ShiftHarmony.AI.

2.2

ShiftHarmony.AI’s Processing of Personal Information. ShiftHarmony.AI shall treat Customer Personal Information as confidential and shall only Process Customer Personal Information as necessary to perform its obligations on behalf of and in accordance with Customer’s documented instructions for the following permitted purposes: (i) in accordance with the Agreement and applicable order or scope of work and applicable Data Protection Laws (including without limitation, the CCPA); and/or (ii) as applicable, if initiated by Data Subjects in their use of the Services. ShiftHarmony.AI shall not (A) Sell, Share, or otherwise make available Customer Personal Information to any third party in exchange for monetary or other valuable consideration, and (B) retain, use or disclose Customer Personal Information outside of the direct business relationship with the Customer or for any other purpose than what is specified in the Agreement and/or this DPA. When acting as a Service Provider under the CCPA, ShiftHarmony.AI shall not combine Customer Personal Information with Personal Information it receives from, or on behalf of, another person or persons, or that it processes as a Business, except as expressly permitted by Data Protection Laws. ShiftHarmony.AI shall promptly notify Customer after it makes a determination that it can no longer meet its obligations under applicable Data Protection Laws. Nothing herein shall limit or restrict ShiftHarmony.AI’s right to use Aggregate Data and/or Deidentified Data or limit ShiftHarmony.AI’s right to use Customer Personal Information in any manner that is not restricted by specific Data Protection Laws.

2.3

Customer’s Processing of Personal Information. Customer shall, in its use of the Services, Process Personal Information in accordance with the requirements of Data Protection Laws. Customer’s instructions to ShiftHarmony.AI related to the Processing of Customer Personal Information shall comply with Data Protection Laws. Customer instructs ShiftHarmony.AI (and authorizes ShiftHarmony.AI to instruct each Subprocessor) to Process Customer Personal Information, and in particular, transfer Customer Personal Information to any jurisdiction, as necessary for the provision of the Services and consistent with the Agreement and this DPA. Customer represents and warrants that it shall (i) not provide ShiftHarmony.AI with (or instruct ShiftHarmony.AI to Process) any Personal Information unless it shall first have given and received the necessary notices and consents (and honored any opt-out rights) under Data Protection Laws; (ii) not provide ShiftHarmony.AI with Personal Data of Data Subjects outside the United States; and (iii) comply with any other requirements under applicable Data Protection Laws.

2.4

Details of the Processing. The subject matter of Processing, the duration of the Processing, the nature and purpose of the Processing, the types of Customer Personal Information, and categories of Data Subjects Processed under this DPA are specified in Annex I attached hereto.

2.5

Processing of Sensitive Data Prohibited. Customer shall not disclose, transfer, or otherwise make available to ShiftHarmony.AI any of the following categories of information:

2.5.1

Any information that constitutes “sensitive personal information,” “sensitive data,” “sensitive data inferences,” or “special categories of personal data” as those terms are defined under Data Protection Laws;

2.5.2

Any information that constitutes “consumer health data” under the CTDPA or the Washington and Nevada Consumer Health Data Laws;

2.5.3

Any information that constitutes “protected health information” under the Health Insurance Portability and Accountability Act of 1996, 5 U.S.C. § 553 et seq., together with any amending legislation and any regulations promulgated thereunder; and

2.5.4

Any Personal Information that is deemed by Regulatory Authorities as meriting sensitive or other heightened treatment under applicable Data Protection Laws or U.S. state or federal consumer protection laws.

3.

RIGHTS OF DATA SUBJECTS

3.1

The Parties shall reasonably cooperate in responding to Data Subject rights requests (“Data Subject Request”) and complying with requirements of Data Protection Laws in relation thereto.

3.2

If a Data Subject Request is made directly to ShiftHarmony.AI, ShiftHarmony.AI will promptly inform Customer and will advise the Data Subject to submit the request to Customer. Customer will be solely responsible for responding substantively to any such Data Subject Requests or other communications involving Personal Information.

4.

SHIFTHARMONY.AI PERSONNEL

4.1

Confidentiality. ShiftHarmony.AI shall ensure that its Personnel engaged in the Processing of Customer Personal Information are informed of the confidential nature of the Customer Personal Information, and have received appropriate training regarding the Processing of Customer Personal Information.

4.2

Reliability. ShiftHarmony.AI shall endeavor, in the exercise of its reasonable business discretion, to ensure the reliability of any Personnel engaged in the Processing of Customer Personal Information.

4.3

Limitation of Access. ShiftHarmony.AI shall ensure that ShiftHarmony.AI’s access to Customer Personal Information is limited to those Personnel performing the Services in accordance with the Agreement.

5.

SUBPROCESSORS

5.1

Appointment of Subprocessors. With respect to the Processing of Customer Personal Information, Customer authorizes ShiftHarmony.AI to appoint Subprocessors to Process Customer Personal Information for a business purpose on behalf of Customer, and consistent with the business purpose set forth herein, pursuant to a written contract that includes obligations that are at least as protective as those set out in this DPA and as required by Data Protection Laws.

5.2

Notification of New Subprocessors and Customer’s Right to Object. Customer authorizes ShiftHarmony.AI’s engagement of Subprocessors from the list provided at https://shiftharmony.ai/legal/#subprocessors. ShiftHarmony.AI shall give Customer written notice of the appointment of any new Subprocessor, including details of the Processing to be undertaken by the Subprocessor. With the exception of commonly engaged ShiftHarmony.AIs over whom ShiftHarmony.AI exercises little control (such as Google, Amazon, or Facebook), if, within fifteen (15) business days of receipt of that notice, Customer (acting reasonably and in good faith) notifies ShiftHarmony.AI in writing of any objections to the appointment, ShiftHarmony.AI shall cease disclosing any Customer Personal Information to the proposed Subprocessor until reasonable steps have been taken to address the objections raised by Customer and Customer has been provided with notice thereof. ShiftHarmony.AI remains fully liable for any breach of this DPA that is caused by an act, error, or omission of its Subprocessor.

6.

SECURITY

6.1

Controls for the Protection of Customer Personal Information. ShiftHarmony.AI shall maintain appropriate physical, technical and organizational measures designed to protect the security, confidentiality, and integrity of Customer Personal Information. In the event of any (i) unauthorized acquisition, alteration, or disclosure of Customer Personal Information that requires notification to an individual, government or regulatory body, or law enforcement authority under Data Protection Laws, or (ii) breach of Data Protection Laws with respect to Customer Personal Information, ShiftHarmony.AI shall notify Customer promptly.

6.2

Data Security Incident Management and Notification. ShiftHarmony.AI shall maintain security incident management policies and procedures, and if at any time ShiftHarmony.AI determines that there has been a Security Breach, ShiftHarmony.AI shall promptly: (i) notify Customer in writing of such Security Breach; (ii) investigate and take steps to remediate the Security Breach, and (iii) provide information regarding the specific Customer Personal Information adversely impacted by the Security Breach as reasonably requested by Customer.

7.

INFORMATION PROVISION AND COOPERATION

7.1

Audits and Assessments. If required of ShiftHarmony.AI under applicable Data Protection Laws, ShiftHarmony.AI shall reasonably cooperate with Customer at Customer’s expense, in relation to any audit of ShiftHarmony.AI reasonably necessary to enable Customer to comply with its obligations under Data Protection Laws (“Audit”), and shall seek the equivalent cooperation from relevant Subprocessors. Any Audit shall be: (i) subject to a mutually agreed upon scope; (ii) conducted by an independent third party who has signed a nondisclosure agreement with ShiftHarmony.AI or the Subprocessor, as the case may be; and (iii) subject to the confidentiality obligations set forth in the Agreement. Customer shall use reasonable endeavours to minimize any disruption caused to the ShiftHarmony.AI’s (or, Subprocessor’s, as the case may be) business activities as a result of an Audit. Audits shall take place no more than once in any calendar year except as otherwise required of ShiftHarmony.AI under applicable Data Protection Laws. In addition, if required of ShiftHarmony.AI under applicable Data Protection Laws, ShiftHarmony.AI shall allow Customer to take reasonable and appropriate steps to (a) ensure that ShiftHarmony.AI’s Use of Customer Personal Information is consistent with Customer’s obligations under applicable Data Protection Laws, and (b) stop and remediate unauthorized use of Customer Personal Information. Any information disclosed in connection with an Audit shall be the Confidential Information of ShiftHarmony.AI (and/or Subprocessor, as the case may be).

7.2

Data Protection Assessments. Upon Customer’s request and to the extent required of ShiftHarmony.AI under applicable Data Protection Laws, ShiftHarmony.AI shall provide Customer, at Customer’s reasonable expense with the reasonably necessary information needed for Customer to carry out a Data Protection Assessment related to Customer’s use of the Services, to the extent that Customer does not otherwise have access to the relevant information and that such information is reasonably available to ShiftHarmony.AI.

8.

RETURN AND DELETION OF SHIFTHARMONY.AI DATA

ShiftHarmony.AI shall, on the written request of Customer, return all Customer Personal Information to Customer and/or at Customer’s request delete the same from its systems, except as otherwise permitted by applicable Data Protection Laws.

9.

GOVERNING LAW

The Parties to this DPA hereby submit to the choice of jurisdiction stipulated in the Agreement with respect to any disputes or claims howsoever arising under this DPA, including disputes regarding its existence, validity or termination or the consequences of its nullity; and this DPA is governed by the laws of the country or territory stipulated for this purpose in the Agreement.

10.

LIMITATION OF LIABILITY

THE “LIMITATION OF LIABILITY” SECTION OF THE AGREEMENT (OR THE EQUIVALENT THEREOF) SHALL APPLY TO ALL CLAIMS, DEMANDS, SUITS, CAUSES OF ACTION, AWARDS, JUDGMENTS AND LIABILITIES, INCLUDING REASONABLE ATTORNEYS’ FEES AND COSTS, ARISING OUT OF OR ALLEGED TO HAVE ARISEN OUT OF SHIFTHARMONY.AI’S BREACH OF ITS OBLIGATIONS UNDER THIS DPA. WITHOUT LIMITING THE FOREGOING, IF THE AGREEMENT DOES NOT INCLUDE A LIABILITY CAP, SHIFTHARMONY.AI’S AGGREGATE LOSSES OR LIABILITY UNDER THIS DPA, INCLUDING WITH RESPECT TO LIABILITY RELATING TO A SECURITY BREACH, BREACH OF THIS DPA, OR ALLEGED OR ACTUAL VIOLATION OF DATA PROTECTION LAWS, SHALL BE LIMITED TO THE AMOUNT PAID BY CUSTOMER TO SHIFTHARMONY.AI UNDER THE AGREEMENT IN THE 12 MONTHS PRIOR TO THE CLAIM GIVING RISE TO SUCH LOSSES.

11.

CHANGE IN DATA PROTECTION LAWS

In the event of any change to or new Data Protection Law(s), the Parties shall mutually agree upon any reasonably necessary amendments or revisions to this DPA.

ANNEX I: Details of Processing Activities

  1. Subject Matter of Processing of Personal Information: The subject matter of Processing is the provision of ShiftHarmony.AI’s workforce scheduling platform, including the ingestion, structuring, optimization, and output of scheduling data and related workforce information to generate compliant and preference-aware schedules for Customer.
  2. Duration of Processing of Personal Information: The duration of Processing of Personal Information is as set forth in the Agreement.
  3. Nature of Processing of Personal Information: ShiftHarmony.AI will Process Personal Information solely to provide the Services, including collecting, storing, organizing, structuring, analyzing, and processing workforce scheduling data, applying optimization algorithms, generating schedules, and providing related analytics and support functionalities, in accordance with Customer’s instructions.
  4. Purpose of Processing of Personal Information: ersonal Information will be Processed solely for the purposes expressly set forth in the Agreement.
  5. Types of Personal Information Processed (including any “sensitive” Personal Information): Types of Personal Information Processed may include identifiers and contact information (such as name, email address, phone number, and account identifiers), professional and employment-related information (such as role, department, credentials, and work location), scheduling and availability data (such as shift preferences, availability, time-off requests, and assignments), user-generated inputs and preferences submitted through the Services, and technical and usage data related to interaction with the Services (such as log data and device information).

    ShiftHarmony.AI does not Process any “sensitive” Personal Information.
  6. Categories of Data Subjects included in the Processed Personal Information: Categories of Data Subjects include Customer’s current and prospective employees, contractors, and workforce members (such as physicians, nurses, residents, fellows, and administrative staff), Customer personnel responsible for scheduling, operations, human resources, compliance, or administration, and other authorized users of the Services on behalf of Customer. This may also include individuals whose information is provided by Customer or its agents in connection with workforce planning, staffing, credentialing, or scheduling workflows.