1. Who We Are

Midshift is a product of Changeable, based in New Zealand. We are committed to protecting your privacy in accordance with the New Zealand Privacy Act 2020.

2. What Information We Collect

We collect the information needed to provide, secure and improve the Midshift service.

• Account information: name, email address, organisation name, and payment details processed by Stripe. We do not store card numbers.
• Engagement data: process descriptions, stakeholder names and email addresses, interview transcripts, uploaded documents such as SOPs and process documentation, AI-generated analysis outputs, and final reports.
• Usage data: pages visited, features used, login timestamps, and session activity for security purposes.
• Communications: emails you send us and our responses.

3. How We Use Your Information

We use your information to deliver the Midshift service, including facilitating interviews, generating analysis, and producing reports. We also use your information to send transactional emails, including account confirmations, interview invitations, and report delivery; send service communications, including trial reminders and account notifications; improve the service using anonymised, aggregated data; and meet our legal obligations.

We do not use your data for advertising. We do not sell your data to third parties. For related service terms, see the Midshift Terms of Service.

4. AI Processing

Midshift uses the Anthropic Claude API to power stakeholder interviews and analysis. Interview transcripts and engagement context are transmitted to Anthropic’s API for processing. Anthropic’s data handling practices are governed by their privacy policy at anthropic.com/privacy. We use Anthropic’s API under a commercial agreement that includes data protection commitments. For more context on our AI approach, see our Ethical AI page.

5. Who We Share Data With

We share data only with the following service providers, strictly for the purpose of delivering the service:

• Anthropic: AI processing.
• Resend: transactional email delivery.
• Stripe: payment processing.
• Supabase: database hosting in the Sydney, Australia region.

We do not share data with any other third parties without your explicit consent.

6. Data Storage and Security

Your data is stored in Supabase’s Sydney, Australia data centre. Data is encrypted in transit using TLS and encrypted at rest. Access is controlled by row-level security, so users can only access their own data. Administrative access requires multi-factor authentication. For more detail, see the Midshift Data Handling Statement.

7. Data Retention

Active account data is retained for the duration of your account. Upon account termination, data is retained for 90 days then securely deleted. You may request earlier deletion by contacting us.

8. Your Rights

Under the New Zealand Privacy Act 2020, you have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate information.
• Request deletion of your information.
• Withdraw consent to processing where consent is the basis.
• Lodge a complaint with the Office of the Privacy Commissioner.

To exercise any of these rights, contact us at steve@changeable.co.nz.

9. Cookies

Midshift uses essential cookies only for authentication session management. We do not use tracking or advertising cookies.

10. Changes to This Policy

We will notify you by email of material changes to this policy at least 14 days before they take effect.

11. Contact

Changeable
New Zealand
steve@changeable.co.nz
Contact Midshift