Last updated: December 2025

Privacy Policy

We built Datashift so teams can keep humans in control of AI-powered workflows. That mission extends to how we handle your data. This policy describes what we collect, how we use it, and the options available to you.

Information We Collect

Datashift stores only the data required to operate review queues and the surrounding compliance controls.

  • Account details such as name, email address, organization, and role assignments when you register or are invited to a workspace.
  • Operational data that flows through review queues, including task payloads submitted by AI agents via API or MCP, reviewer decisions, comments, and audit timestamps.
  • Usage and diagnostics, like feature adoption, notification delivery metrics, and SLA performance, which help us improve routing, analytics, and reliability.
  • Security signals gathered from authentication, access logs, and integrations (for example, Slack or identity providers) to defend against abuse.

How We Use Information

We use personal and operational data to provide the human-in-the-loop workflow promised in our product overview.

  • Operate and secure the Datashift platform, including reviewer assignment strategies, AI-first workflows, and SLA notifications.
  • Maintain immutable audit trails and compliance exports so that every review action is attributable and tamper-evident.
  • Provide support, respond to inquiries, and recommend best practices for calibrating AI vs. human reviewers.
  • Improve product performance through aggregated analytics that surface where AI reviewers need tuning or queues require new automation.

Legal Bases & Sharing

We process data under contractual necessity or legitimate interests, and we limit disclosures to essential scenarios.

  • Vetted subprocessors that host infrastructure, deliver notifications, or provide usage analytics under strict data processing agreements.
  • Regulators or other parties when required by law, including to enforce terms, investigate abuse, or respond to lawful requests.
  • Corporate transactions such as a merger or acquisition, where reasonable notice will be provided.

Security & Retention

Security is built into Datashift's compliance-first architecture.

  • Encryption in transit and at rest across production services, along with private networking for API and MCP traffic.
  • Granular access controls tied to organization roles plus assignment strategies that restrict who can view queue content.
  • Immutable audit logs with cryptographic hash chains so review history cannot be altered without detection.
  • Retention settings that follow your subscription tier (e.g., 30 days on Free, one year or more on paid plans). You can request deletion of queue data that is no longer required by law or contract.

Your Choices

Depending on your region, you may have rights to access, correct, export, or delete personal data.

  • Workspace owners can configure data retention, notification channels, and reviewer permissions from the dashboard.
  • Users can update profile data or revoke integrations within the application settings.
  • Submit privacy requests to support@datashift.io. We will respond in accordance with applicable data protection laws.

International Operations

Datashift may process data in the United States and other jurisdictions where our infrastructure or partners operate.

  • When transferring data internationally, we rely on standard contractual clauses or other approved safeguards.
  • We continually assess subprocessors for compliance with security and privacy obligations.

Questions or requests?

Email support@datashift.io and our team will help with privacy questions, audits, or data requests.