Legal

Privacy Policy

Effective May 25, 2026

DutyPay is a free shift-tracking and paycheck-projection tool for public-safety workers. This policy explains what we collect, how we use it, and the choices you have.

1. What We Collect

DutyPay collects the following data when you use the Service:

  • Account information:email address, timezone, and professional role (e.g., “Firefighter,” “Police Officer,” “Paramedic,” “Corrections Officer”).
  • Pay structure data: department or employer name, base hourly rate, overtime rules, differential rules, pay-period configuration, and rotation or platoon pattern.
  • Shift data: clock in/out times, break minutes, time off, applied differentials, and calculated earnings.
  • Analytics: aggregate, anonymized page views and feature usage via Vercel Web Analytics.

2. What We Do Not Collect

DutyPay does not collect medical records, patient information, incident or case reports, or any operational data from your agency. We handle your pay structure and shift timing — nothing about the calls you run, the people you serve, or the work you do on shift. Because no protected health information (PHI) is collected, stored, or transmitted, DutyPay is not subject to HIPAA.

We do not collect payment information. DutyPay is free, and we do not process payments or store any card or billing data.

3. How We Use Your Data

  • Calculate and display your earnings, overtime, and differentials.
  • Operate your account and send sign-in emails (magic links) through Supabase.
  • Improve the Service through anonymized, aggregate usage analytics.

We do not sell your data. We do not share your data with advertisers.

4. Data Storage

Your data is stored in a Supabase-managed PostgreSQL database hosted on AWS infrastructure. The application is deployed on Vercel. All connections use TLS encryption in transit. Row-level security (RLS) ensures you can only access your own data.

5. Cookies

DutyPay uses essential cookies for authentication (your Supabase session). These are required to keep you signed in and cannot be disabled while you use the Service. We use Vercel Web Analytics, which is privacy-friendly and does not use tracking cookies. You can manage your preferences from the consent banner shown on your first visit.

6. Your Rights

You have the right to:

  • Access: request a copy of the data DutyPay holds about you.
  • Export: request your data in a portable, machine-readable format.
  • Delete: request permanent deletion of your account and all associated data. Deletion is irreversible.
  • Opt out of analytics: decline optional analytics from the consent banner. Essential authentication cookies cannot be disabled.

To exercise any of these rights, email privacy@dutypay.app and we will action your request. These rights apply regardless of your location, including under GDPR (EU), CCPA (California), and similar state privacy laws.

7. Data Retention

Your data is retained as long as your account is active. If you request deletion, all personal data is permanently removed within 30 days. Anonymized analytics data may be retained indefinitely.

8. Third-Party Services

  • Supabase — authentication, email delivery, and database hosting.
  • Vercel — application hosting and privacy-friendly web analytics.

9. Children

DutyPay is designed for working adults. We do not knowingly collect data from anyone under 16.

10. Changes

We may update this Privacy Policy from time to time. Material changes will be reflected on this page with a revised “Effective” date at the top.

11. Contact

Privacy questions? Email privacy@dutypay.app.