Privacy Policy

When you create an account, we collect personal details such as your name, email address, authentication credentials, and related identifiers necessary to establish and maintain your account.

To provide the Service, we collect authorization tokens and metadata that enable secure connections to third-party calendar providers (e.g., Google, Microsoft Outlook, Apple iCloud). We do not collect or store your passwords.

In the course of providing synchronization services, we may temporarily access event information (such as event title, time, date, recurrence, and metadata) strictly for the purpose of completing the sync. Event contents are not permanently stored in our systems and are deleted once synchronization is completed.

If you subscribe to a paid plan, payment card details, billing addresses, and related information are processed securely by our third-party payment processor (currently Stripe). We do not retain your full payment card details.

We may collect technical and usage information, including Internet Protocol (IP) address, device type, operating system, browser information, error logs, and performance data. This information is collected for security, troubleshooting, and Service improvement purposes.

If you contact us directly (for example, through support requests, emails, or feedback forms), we collect the information you choose to provide, including the content of your communications and any attachments.

We use cookies, web beacons, and similar technologies to authenticate sessions, maintain security, and improve the functionality of the Service. Further details are set out in Section 5 (Cookies & Tracking Technologies).

We use your Account Information, Calendar Connection Data, and Calendar Event Data to enable synchronization between your connected calendars, maintain your account, and deliver the features of the Service. Legal basis (GDPR/POPIA): Processing is necessary for the performance of a contract with you.

We use technical and usage information (including logs, device identifiers, and access tokens) to authenticate sessions, detect unauthorized access, prevent abuse, and protect the integrity of our systems. Legal basis (GDPR/POPIA): Processing is necessary for our legitimate interests in ensuring the security and proper functioning of the Service, and to comply with applicable legal obligations.

We may use your contact details to: Send administrative and transactional messages (e.g., account confirmations, subscription notices, billing updates, service alerts); Provide customer support and respond to enquiries; Where permitted, send product updates, feature announcements, or newsletters that relate to the Service. You may opt out of non-essential communications at any time. Legal basis (GDPR/POPIA): Processing is necessary for the performance of a contract and for our legitimate interests in maintaining customer relationships; in some cases, your consent may be required.

We use payment and billing information to process subscription fees, manage invoices, and comply with financial record-keeping requirements. Legal basis (GDPR/POPIA): Processing is necessary for the performance of a contract and to comply with legal obligations.

We may use aggregated and anonymized usage information, error logs, and feedback to analyze performance, identify trends, fix issues, and develop new features. Individual calendar event content is not permanently stored or used for these purposes. Legal basis (GDPR/POPIA): Processing is necessary for our legitimate interests in improving and expanding the Service.

We may process and, where required, disclose information to comply with applicable laws, lawful requests, and regulatory obligations, including tax, accounting, and data protection requirements. Legal basis (GDPR/POPIA): Processing is necessary to comply with a legal obligation imposed on us.

We may also process your personal information for other purposes that are compatible with those set out above, provided such processing is permitted under applicable data protection laws.

We may share your personal information with trusted third-party service providers who perform services on our behalf, such as: Cloud hosting and infrastructure providers; Payment processors; Customer support and communication tools; Security and analytics providers. These service providers may only access and process your personal information to the extent necessary to perform their contractual obligations to us and are bound by confidentiality and data protection commitments.

We may disclose personal information where required to do so by law, regulation, or legal process, or to protect our rights, safety, or property, and that of our users or others.

If SHFT is involved in a merger, acquisition, restructuring, sale of assets, or other corporate transaction, your personal information may be transferred to the successor entity as part of that transaction. In such cases, this Privacy Policy will continue to apply unless amended by the successor entity.

We may share your information with third parties when you give us your explicit consent to do so.

Am I Free is designed on a privacy-first principle. We do not permanently store the contents of your calendar events. Event information is temporarily processed only as necessary to complete synchronization and is automatically deleted once the sync has been executed.

Account Information: Retained for as long as your account remains active and for a limited period thereafter where required by law or legitimate business needs (e.g., dispute resolution, enforcement of our agreements); Payment and Billing Information: Retained as required under applicable financial, tax, and accounting laws; Logs and Usage Data: Retained for up to three (3) months, unless a longer retention period is required for security, compliance, or legitimate business purposes.

We implement appropriate technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction, including but not limited to: Encryption of data in transit and at rest; Secure OAuth2 authentication for calendar connections (no passwords are stored); Role-based access controls(RBAC) and restricted employee access; Firewalls, intrusion detection, and monitoring of suspicious activity; Regular security reviews, audits, and vendor due diligence.

Personal information may be processed and stored on secure cloud infrastructure operated by reputable third-party providers. These providers are subject to contractual obligations requiring compliance with applicable data protection standards.

While we take appropriate steps to protect your data, you remain responsible for safeguarding access to your accounts and verifying the accuracy of your calendar information.

We do not use cookies or similar technologies for targeted advertising, profiling, or the sale of personal information.

Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies or alert you when cookies are being placed. If you choose to disable cookies, some features of the Service may not function properly.

We may use web beacons, log files, and similar tools in connection with cookies for limited technical and analytical purposes, as described above. These technologies do not collect calendar event contents.

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR) and UK GDPR: Access: Request confirmation of whether we process your personal data and obtain a copy; Correction: Request that inaccurate or incomplete personal data be corrected; Erasure (“Right to be Forgotten”): Request deletion of your personal data where legal grounds permit; Restriction: Request limitation of how your personal data is processed; Portability: Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller; Objection: Object to processing of your personal data where our lawful basis is legitimate interests or for direct marketing; Consent Withdrawal: Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal. You also have the right to lodge a complaint with your local data protection authority.

If you are located in South Africa, the Protection of Personal Information Act, 2013 (“POPIA”) grants you the following rights: Access: Request confirmation that we hold personal information about you and obtain a copy; Correction / Deletion: Request correction or deletion of personal information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or unlawfully obtained; Objection: Object to the processing of your personal information on reasonable grounds relating to your particular situation; Direct Marketing: Object to the processing of personal information for purposes of direct marketing; Complaints: Lodge a complaint with the Information Regulator (South Africa) if you believe your rights under POPIA have been infringed.

If you are a resident of California, or other U.S. states with comparable privacy laws, you may have rights including: Access: Request disclosure of the categories and specific pieces of personal information we have collected about you; Deletion: Request deletion of personal information, subject to applicable exceptions; Correction: Request correction of inaccurate personal information; Opt-Out of Sale/Sharing: Request that we do not “sell” or “share” your personal information, as defined by law. (We do not sell or share personal information.); Non-Discrimination: Exercise your rights without receiving discriminatory treatment.

To exercise any of the rights described above, please contact us at support@amifree.co. We may need to verify your identity before fulfilling your request. We will respond within the timeframes required under applicable law.

As SHFT is established in South Africa, your personal information may be transferred to and processed in countries outside of your country of residence. These countries may have data protection laws that are different from those in your jurisdiction and may not provide the same level of protection.

Where we transfer personal data from the European Economic Area (EEA), the United Kingdom (UK), or Switzerland to a country that has not been recognized as providing an adequate level of protection by the relevant authority (such as the European Commission, UK Information Commissioner’s Office, or Swiss Federal Data Protection and Information Commissioner), we rely on lawful transfer mechanisms, including: Standard Contractual Clauses (SCCs) adopted by the European Commission (Decision 2021/914/EU), supplemented by the UK International Data Transfer Addendum where applicable; Swiss Addendum to the SCCs where required for transfers subject to Swiss data protection law; Data Privacy Framework participation or other recognized transfer frameworks, where applicable.

Where personal information is transferred outside of South Africa, such transfers are conducted in compliance with the Protection of Personal Information Act, 2013 (POPIA), which requires that the recipient jurisdiction or recipient entity provides an adequate level of protection or that appropriate contractual safeguards are in place.

For users in other regions, we implement appropriate technical, contractual, and organizational safeguards consistent with applicable law to ensure that personal information remains protected when transferred internationally.

The Service is not directed to, and may not be used by, individuals under the age of eighteen (18). We do not knowingly collect personal information from anyone under 18 years of age.

By using the Service, you represent that you are at least 18 years old or that you are the parent or legal guardian of a minor who is at least 16 years old and that you consent to such minor’s use of the Service. If you are a parent or guardian and believe your child has provided us with personal information in violation of this Policy, you should contact us immediately at support@amifree.co so that we can take steps to delete such information.

If we become aware that we have inadvertently collected personal information from a person under 18 without appropriate consent, we will promptly delete such information in accordance with applicable laws, including GDPR, POPIA, and relevant U.S. state laws.

We may update or amend this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

If we make material changes, we will provide you with reasonable notice, such as by email, through the Service, or by updating the “Last Updated” date at the top of this Policy.

Your continued use of the Service after the effective date of any revised Privacy Policy constitutes your acceptance of its terms. If you do not agree with the updated Policy, you must discontinue use of the Service.

Email: support@amifree.co

Email: support@shft.tech | Website: www.shft.tech

We will respond to all legitimate requests within the timeframes required under applicable data protection laws, including GDPR and POPIA.