Contact us

Completing this form brings you one step closer to meeting Shiftic

Security by design

Built to meet the standards of modern organizations. From encryption and access control to GDPR and flexible deployment.

GDPR & ISO 27001

GDPR-compliant and progressing towards ISO 27001 certification.

Secure Access & Sign-On

Enterprise SSO via SAML and OIDC, as well as Social Sign-On with Microsoft and Google

Data Encryption

Users can only access authorized data. All data is encrypted at rest (AES-256) and in transit (TLS 1.2+).

No AI Model Training

Agreements with AI subprocessors prohibit use of customer data to train their models.

Trusted Partners

We work with Microsoft, Google, Clerk, and other leading providers to keep data secure.

Flexible Deployment

Shiftic runs as a fully managed SaaS solution, but can also be deployed on your cloud infrastructure if needed.

"Shiftic’s ability to meet our security and infrastructure requirements was a key reason we could move forward. Their team worked closely with ours to make it happen."
Head of Change & Transformation
Global manufacturing company

Frequently asked questions

What sub-processors do you rely on?

Core service sub-processors include Microsoft Azure, Google Cloud, Clerk, Featurebase, Mailchimp, Betterstack, and Mixpanel. All sub-processors are reviewed before onboarding, bound by data processing agreements, and audited annually. We publish our current platform delivery sub-processor at shiftic.com/legal/sub-processors

How does Shiftic handle a data breach?

Shiftic maintains a formal Incident Response Plan with defined severity levels and escalation procedures. If a breach affects your data, we will notify you within 72 hours, including a description of what happened, the data involved, likely consequences, and the steps we are taking. Post-incident reviews are conducted to prevent recurrence.

Does Shiftic support Enterprise SSO?

Yes. Shiftic supports Enterprise Single Sign-On via SAML and OIDC on the Enterprise plan, in addition to OAuth2 Social Sign-On with Microsoft and Google which is available on all plans. Contact us to discuss your identity provider requirements.

Will our data be used to train AI models?

No. Shiftic does not use your data to train or fine-tune AI models. Our LLM provider Microsoft Azure is contractually prohibited from training on user data.

Who can access what is created and uploaded in Shiftic?

Only authorized users in your organization who are explicitly invited to a project can access it. The Shiftic team does not have access to user data, unless permission is given for support cases. Your organisation retains full ownership of all data and content created in Shiftic.

Can we run Shiftic in our own cloud environment?

Yes. While Shiftic is typically delivered as a fully managed SaaS solution, we also offer the option to deploy Shiftic in your own cloud infrastructure. Available on our Enterprise Plan, subject to additional fees.

What security certifications do your infrastructure partners have?

Our infrastructure partners hold leading certifications ISO 27001 (Microsoft Azure, Google Cloud, Mixpanel) and SOC 2 (Featurebase, Clerk, Mailchimp, Betterstack).

How does Shiftic support responsible AI use?

Shiftic is built with privacy by design. Personal identifiers are minimized before content reaches the AI — only the minimum necessary context is included in prompts. The platform actively guides users to anonymize or remove sensitive data when it's detected. Our LLM provider operates under a zero-data retention policy, meaning prompts are processed in real time and never logged or reused. Customer data is never used to train AI models.