This policy explains what personal information Callshu collects, why we collect it, how we use and protect it, and your rights regarding your data. It applies to all users of the Callshu service and to the employees whose data is processed through the platform.
Callshu is operated by Callshu Inc., a company incorporated in Canada. We provide an automated shift notification service for businesses to contact their own employees about available work shifts.
For the purposes of Canadian privacy law (PIPEDA) and California privacy law (CCPA), Callshu acts as a data processor (service provider) when handling employee data on behalf of our customers. The customer (employer) is the data controller (business) that determines the purposes and means of processing. Callshu processes personal information solely on the documented instructions of the customer, except where required by applicable law.
| Data | Purpose | Retention |
|---|---|---|
| Username, email, password (hashed) | Account authentication | Until account deletion |
| Company name, website | Account vetting and identification | Until account deletion |
| Notification phone number | Sending campaign completion reports via SMS | Until account deletion |
| Timezone, calling hours | Respecting do-not-disturb windows | Until account deletion |
| Usage data (calls made, minutes used) | Billing, trial enforcement, service operation | Until account deletion |
| IP address (on login) | Security audit logging, rate limiting | Audit logs retained for 2 years |
Employee data is provided to us by the customer (employer). We do not collect data directly from employees except for their SMS replies (YES/STOP).
| Data | Purpose | Retention |
|---|---|---|
| Name, phone number | Placing shift notification calls and texts | Until deleted by customer or account deletion |
| Consent status and history | Legal compliance (TCPA/CRTC), opt-in/opt-out tracking | Until deleted by customer or account deletion |
| Call response (accepted/declined) | Shift filling and campaign reporting | Until deleted by customer or account deletion |
| SMS replies | Consent management (YES/STOP), forwarding unrecognised messages to employer | Not stored beyond processing; consent status changes are logged |
We collect and process only the minimum personal information necessary to provide the Callshu service. Our lawful bases for processing include: contractual necessity (to provide the Service you signed up for), consent (employee opt-in for automated communications), and legitimate interests (maintaining security, preventing fraud, and enforcing our Terms of Service). We use personal information solely to provide and operate the Callshu service, authenticate users and maintain account security, place automated phone calls and send SMS messages on behalf of our customers, track and enforce employee consent (opt-in/opt-out), generate campaign reports for customers, send transactional emails (account approval, password resets, trial notifications), maintain audit logs for security and compliance, and enforce our Terms of Service.
We do not sell, rent, or share personal information with third parties for marketing purposes. We do not use personal information for advertising. We do not use employee data for any purpose other than providing the Service to the customer who uploaded it.
We use the following third-party services to operate Callshu. Each processes data only as necessary to provide their specific function:
| Provider | Function | Data Processed | Location |
|---|---|---|---|
| Twilio Inc. | Phone calls and SMS | Employee phone numbers, call audio, SMS content | United States |
| Resend Inc. | Transactional email | Customer email addresses, email content | United States |
| Railway Corp. | Application hosting and database | All application data | United States |
| Netlify Inc. | Frontend hosting | IP addresses (CDN logs) | United States |
| Sentry (Functional Software Inc.) | Error tracking | Error reports, request metadata (no PII by design) | United States |
We may update our sub-processors from time to time as necessary to operate and improve the Service. Material changes to sub-processors will be reflected in this policy, and we will provide notice where required by applicable law. All sub-processors are bound by data protection obligations and Callshu remains responsible for their processing of your data.
Callshu does not record calls. When an automated call is placed, call audio is processed in real-time by our telecommunications provider (Twilio) for speech delivery and keypress detection only. No audio recordings are created, stored, or retained by Callshu or on your behalf. The only data captured from a call is the employee's keypress response (accepted or declined), the call duration, and the call outcome (answered, no answer, busy, or voicemail).
All data is stored in a PostgreSQL database hosted on Railway's infrastructure in the United States. We protect your data using encrypted connections (TLS/HTTPS) for all data in transit, bcrypt password hashing with a cost factor of 12, JWT authentication with algorithm pinning and token versioning, rate limiting on authentication endpoints, Twilio webhook signature verification, and security headers (Helmet, CSP, HSTS). Access to production systems and personal data is role-based and restricted to personnel with a legitimate need to know. We maintain internal incident response procedures to detect, respond to, and recover from security events.
Customer account data is retained until the customer deletes their account or their trial expires and the account is auto-deleted (default: 7 days after expiry). Employee data is deleted when the customer deletes the employee, deletes their account, or when the account is auto-deleted. Campaign history is retained for the lifetime of the customer's account. Audit logs are retained for up to 2 years for security and compliance purposes. Upon account deletion, audit log entries are anonymised (usernames replaced with "[deleted]"). All deletions are performed within 30 days of the triggering event, except where retention is required by applicable law.
Consent record retention after employee removal: When a customer removes an employee from their roster, the employee's name, phone number, consent status, and consent event timeline are retained in a compliance archive for a period of two years from the date of removal. This minimal retention is necessary to demonstrate compliance with applicable telecommunications laws (TCPA, CASL) in the event of a dispute or regulatory inquiry. No other employee data (notes, tags, campaign history) is retained after removal. After two years, the archived consent record is automatically and permanently deleted. If an employee submits a data deletion request, we will respond explaining this retention basis and provide the specific purge date for their record.
You may access your account information at any time through the Account page. You may update your profile, notification preferences, and calling hours at any time. You may delete your account and all associated data at any time through the Account page. Upon deletion, your Twilio phone number is released, all employee records are permanently deleted, all campaign history is permanently deleted, and audit log entries are anonymised.
If you are an employee whose data is stored in Callshu, your employer is the data controller. To exercise your privacy rights, contact your employer first. You may also contact us directly at support@callshu.com. Where we receive a request directly from an employee, we will respond where we are legally required to do so, or forward the request to the relevant customer and assist them in fulfilling it within a reasonable timeframe.
Your rights include the right to know what personal information is held about you, the right to request correction of inaccurate information, the right to request deletion of your personal information, and the right to opt out of automated calls and texts by replying STOP to any message from your employer's Callshu number.
Canadian residents have the right to access their personal information, request corrections, and withdraw consent. To exercise these rights, contact support@callshu.com. If you are unsatisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada.
California residents have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. Callshu does not sell personal information. To exercise your rights, contact support@callshu.com.
Callshu is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe a minor's information has been provided to us, contact us immediately.
In the event of a data breach that poses a real risk of significant harm, we will notify affected customers within 72 hours of becoming aware of the breach, notify the Office of the Privacy Commissioner of Canada as required by PIPEDA, and notify any other relevant regulatory authorities as required by applicable law. Notification will include the nature of the breach, the data affected, and the steps we are taking in response.
Callshu is operated by Callshu Inc. in Canada. Our application infrastructure, database, and sub-processors are located in the United States. By using the Service, your data — including employee personal information — is transferred to and processed in the United States.
Important for Canadian users: Personal information stored or processed in the United States may be accessible to US law enforcement and national security agencies under US laws, including the USA PATRIOT Act and the CLOUD Act. This means there is a possibility that your data could be accessed by US government authorities in circumstances that may differ from Canadian law.
To mitigate these risks, we maintain the following safeguards: all data in transit is encrypted using TLS/HTTPS; all sub-processors are bound by their own privacy policies and data protection commitments; we limit the personal information transferred to only what is necessary to provide the Service (data minimization); access to personal information is restricted to authorized personnel only; and we contractually require sub-processors to protect data in accordance with applicable privacy standards.
If you have concerns about cross-border data transfers, please contact us at support@callshu.com before using the Service.
We may update this Privacy Policy from time to time. Material changes will be communicated by email to registered account holders at least 14 days before taking effect. The effective date at the top of this page will be updated accordingly.
For privacy-related questions, requests, or complaints:
Callshu Inc.
Toronto, Ontario, Canada
Email: support@callshu.com
General support: support@callshu.com