Privacy Policy

Last Updated: January 5, 2026

1. Introduction

The SHIFT Institute ("we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us.

We comply with applicable data protection laws and regulations, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Personal Information Protection and Electronic Documents Act (PIPEDA), the Australian Privacy Act, and the New Zealand Privacy Act.

By using our Services, you consent to the collection and use of your information as described in this Privacy Policy. If you do not agree with our practices, please do not use our Services.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide to us, including:

  • Contact Information: Name, email address, phone number, mailing address
  • Account Information: Username, password, account preferences
  • Payment Information: Credit card details, billing address (processed securely through third-party payment processors)
  • Profile Information: Professional background, interests, goals, photographs
  • Communication Data: Messages, feedback, survey responses, testimonials
  • Program-Related Information: Progress data, assessment responses, coaching notes

2.2 Information Collected Automatically

When you access our Services, we automatically collect certain information, including:

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages visited, time spent, click patterns, referring URLs
  • Location Data: General geographic location based on IP address
  • Cookies and Tracking Technologies: As described in Section 7 below

2.3 Information from Third Parties

We may receive information about you from third parties, including social media platforms (when you connect your account), payment processors, analytics providers, and marketing partners, in accordance with their privacy policies.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, maintain, and improve our Services, including processing transactions and delivering courses and coaching
  • Communication: To respond to inquiries, send service-related notifications, and provide customer support
  • Marketing: To send promotional materials, newsletters, and updates (with your consent where required)
  • Personalization: To customize your experience and provide relevant content and recommendations
  • Analytics: To analyze usage patterns, measure effectiveness, and improve our Services
  • Security: To detect, prevent, and address fraud, unauthorized access, and other harmful activities
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes
  • Business Operations: To manage our business, including billing, accounting, and internal administration

4. Legal Basis for Processing

We process your personal information based on the following legal grounds:

  • Contractual Necessity: Processing necessary to fulfill our contract with you (e.g., delivering Services you purchased)
  • Consent: Processing based on your explicit consent (e.g., marketing communications)
  • Legitimate Interests: Processing necessary for our legitimate business interests, provided they do not override your rights
  • Legal Obligation: Processing necessary to comply with applicable laws

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: With trusted third-party vendors who assist in operating our business (e.g., payment processors, email service providers, hosting providers, analytics services)
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, where your information may be transferred to the acquiring entity
  • Legal Requirements: When required by law, legal process, or government request
  • Protection of Rights: To protect our rights, privacy, safety, or property, or that of our users or others
  • With Your Consent: When you have given us explicit permission to share your information

All third-party service providers are contractually obligated to protect your information and use it only for the purposes we specify.

6. International Data Transfers

Your information may be transferred to, stored, and processed in countries other than your country of residence. These countries may have data protection laws that differ from your jurisdiction.

When we transfer personal information internationally, we implement appropriate safeguards to ensure your information remains protected, including standard contractual clauses, adequacy decisions, and other legally approved transfer mechanisms.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website. These include:

  • Essential Cookies: Necessary for the website to function properly (e.g., session management, security)
  • Performance Cookies: Help us understand how visitors interact with our website (e.g., Google Analytics)
  • Functionality Cookies: Remember your preferences and settings
  • Marketing Cookies: Used to deliver relevant advertisements and track campaign effectiveness

You can control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

We also use tracking pixels, web beacons, and similar technologies in emails to measure engagement and improve our communications.

8. Data Retention

We retain your personal information for as long as necessary to:

  • Fulfill the purposes for which it was collected
  • Provide our Services to you
  • Comply with legal, accounting, or reporting requirements
  • Resolve disputes and enforce our agreements

When we no longer need your information, we will securely delete or anonymize it. Specific retention periods vary based on the type of information and legal requirements.

9. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Portability: Request your data in a structured, machine-readable format
  • Restriction: Request restriction of processing in certain circumstances
  • Objection: Object to processing based on legitimate interests or for direct marketing
  • Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
  • Opt-Out of Marketing: Unsubscribe from marketing communications at any time

To exercise any of these rights, please contact us using the information provided in Section 14. We will respond to your request within the timeframes required by applicable law.

Please note that some rights may be limited by applicable law or our legitimate business needs.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (SSL/TLS) and at rest
  • Secure access controls and authentication
  • Regular security assessments and monitoring
  • Employee training on data protection
  • Incident response procedures

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

11. Children's Privacy

Our Services are not intended for individuals under 18 years of age (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately, and we will take steps to delete such information.

12. Third-Party Links and Services

Our website may contain links to third-party websites, services, or applications. This Privacy Policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access through our website.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website with a new "Last Updated" date. For significant changes, we may also notify you via email. We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

The SHIFT Institute

Data Protection Contact

Email: Contact Us

Website: www.shiftinstitute.com

If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.

15. Additional Information for Specific Jurisdictions

For Residents of Certain Regions

Depending on your location, you may have additional rights under local law. These include:

  • The right to know what personal information is being collected
  • The right to know whether your personal information is sold or disclosed and to whom
  • The right to say no to the sale of personal information
  • The right to equal service and price, even if you exercise your privacy rights
  • The right not to be subject to automated decision-making

We do not discriminate against users who exercise their privacy rights. To exercise any of these rights, please contact us using the information provided above.