Privacy policy

BetterWayIQ Smart Scheduling ("BetterWayIQ," "we," or "us") is built for small businesses to schedule hourly staff. This page explains what data we collect, how we use it, where it lives, and your rights over it. Plain English first; specifics second.

Plain-English summary: We only collect what we need to make the product work — your account email, your team's availability and shifts, and your daily-sales CSVs (when you import them). We don't sell your data, we don't share it with advertisers, and we don't use your business information to train any AI model. Tenants are isolated from each other inside the database via row-level security.

What we collect

Account data

• Your name, email address, and password (hashed) when you sign up.
• Your organization name and the locations you create.

Operational data

• Employees you add: name, role, hourly rate, contact details you provide.
• Availability rules and time-off requests employees submit.
• Schedules and shifts you generate or edit.
• Sales data from CSV imports (Chowbus, Toast, Square, Clover, or other POS exports). Used for forecasting only — never shared.
• An audit trail of changes (who edited what, when) for accountability — also kept inside your tenant.

Telemetry

• Server logs (request paths, response codes, error stack traces) for debugging. Retained 30 days unless tied to a security investigation.
• Application errors are reported to Sentry when configured. Sentry receives error stack traces and the URL the error happened on; we configure it to scrub form input values before they leave the server.
• We do not run third-party analytics (no Google Analytics, no Meta Pixel, no Hotjar). The only cookies we set are the Supabase auth session cookies needed to keep you logged in.

Where your data lives

• Database: Postgres hosted on Supabase(US region). Each tenant's rows are scoped by an organization_id column with PostgreSQL row-level security policies enforcing isolation at the database level — not just in application code.
• File storage: Supabase Storage, same region.
• Application hosting: Vercel (US edge + serverless functions).
• Email delivery: Resend(transactional email only — confirmation, schedule-published notifications). Your data is not used for marketing email; we don't send marketing email today.
• Error reporting: Sentry when enabled, with PII scrubbing turned on.

Who we share data with

We share data only with the sub-processors listed above (Supabase, Vercel, Resend, Sentry), and only what each one needs to do its job. We don't sell your data, we don't share it with advertisers, and we don't share it across tenants.

We may disclose data if required by law (subpoena, court order). If we receive such a request and are not legally prevented from telling you, we'll let you know.

How long we keep data

• While your account is active: we keep your data for as long as you use the product.
• After account deletion: we delete your tenant's data within 30 days, except where we're legally required to retain it longer (for example, transaction records for tax purposes).
• Backups: Supabase keeps automated backups of the database; those roll off on Supabase's schedule (typically 7 days for point-in-time recovery, longer for full snapshots).

Your rights

You can:

• Access and export the data we hold about you and your tenant.
• Correct any inaccuracies (most fields are editable in the product).
• Delete your account and your tenant's data.
• Object to processing, where applicable under your local law.

To exercise these rights, email our contact form with the request. We respond within 30 days.

Security

• All connections are over HTTPS. The database is reachable only via TLS.
• Tenant isolation is enforced at the database level via PostgreSQL row-level security, not just in application code.
• Passwords are hashed by Supabase Auth (bcrypt). We never see or store your password in plaintext.
• Service-role credentials and other secrets are stored in Vercel's environment-variable vault, never committed to source control.
• We track security advisories from our sub-processors and apply patches on a regular cadence.

Children

BetterWayIQ is a workforce-management product for businesses; it's not directed at children. We don't knowingly collect data from anyone under 13.

Changes to this policy

When we update this policy materially, we'll update the "Last updated" date above and, if you have an account, send you an email at the address on file before the change takes effect.

Contact

Questions? Use the contact form and we'll get back to you.