English (US) 
English (GB) 
English (CA) 
English (AU) 
English (NZ) 
English (ZA) 
Español (ES) 
Español (MX) 
Español (AR) 
Português (BR) 
Português (PT) 
Deutsch (DE) 
Deutsch (AT) 
Français (FR) 
Français (BE) 
Français (CA) 
Italiano (IT) 
日本語 (JA) 
中文 (ZH / CN) 
हिन्दी (HI) 
עברית (HE) 
العربية (AR) 
한국어 (KO) 
Nederlands (NL) 
Polski (PL) 
Türkçe (TR) 
Українська (UK) 
Русский (RU) 
Magyar (HU) 
Română (RO) 
Čeština (CS) 
Български (BG) 
Ελληνικά (EL) 
Svenska (SV) 
Dansk (DA) 
Norsk (NB) 
Suomi (FI) 
Bahasa Indonesia (ID) 
Tiếng Việt (VI) 
Tagalog (PH) 
ภาษาไทย (TH) 
Latviešu (LV) 
Lietuvių (LT) 
Eesti (ET) 
Slovenčina (SK) 
Slovenski (SL) 
Hrvatski (HR) 
Македонски (MK) 
Қазақ (KK) 
Azərbaycan (AZ) 
বাংলা (BN) Security
Last updated: April 10, 2025
We take security seriously. And it’s not just a statement, but a way we plan, develop and deliver our product.
Infrastructure Security
Shifton’s services and data are hosted in EU region
Network
All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorised requests getting to our internal network.
Permissions and Authentication
Access to customer data is limited to authorised employees who require it for their job.
Encryption
All data encrypted on transfer with high-grade encryption. All endpoints, either Interfaces or APIs limited to HTTPS access. We enforce best practices like use of TLS 1.3, HSTS and CAA, always receiving best result at
Qualys SSL labs test
Incident Response
We implement a protocol for handling security events which includes escalation procedures, rapid mitigation and post-mortem.
Disaster Recovery, Back Ups and Monitoring
We have a multi-region recovery and failover deployment, assuring customer data safety and high availability. We monitor all system components and effectively respond to issues that arise.
Product Security Features
SSO
Shifton supports OpenID-based SSO for two most popular providers
- Microsoft Entra ID (ex, Azure AD) – supporting both personal and business accounts. Shifton is a verified Microsoft partner and our solution adheres to all best practices and is available for easy installation by IT teams on
Azure Marketplace - Google workspace accounts, both personal and business
Permissions
Shifton implements a sophisticated RBAC system and has multiple built-in roles available for all customers. Combined with multi-level hierarchy, it allows setting different fine-grained access levels in the app.
Passwords
All passwords undergo one-way hashing with bcrypt library and are never stored in plain text.
Enterprise Features
Enterprise customers may be eligible for additional security features, among them
- Additional custom roles
- Ability to control password strength
- Ability to control sign-on capabilities (login/password, Microsoft SSO, Google SSO)
- Ability to limit invitation to specific domain(s)
Employee Security Commitment
Policies
We have strict clear policies related to security and privacy. All employees undergo training to be familiar and up to date with all changes.
Confidentiality
All employee contracts include a confidentiality agreement.
Sub-processors
As with any modern SaaS product, we use other platforms to implement some features. None of those products and services have access to customer data, beyond the minimal amount required for functionality.
Stripe
We use Stripe as our payment processor. Details about their security and PCI compliance can be found at Stripe’s
security page.
Microsoft
Used for SSO (Entra ID) and website analytics
Used for website analytics, SSO, push notifications delivery, Maps platform and other features
Integration with Crisp
To ensure secure and convenient communication with our clients, we use Crisp.chat — a modern live chat and support platform that meets high security standards.
You can review Crisp.chat’s security practices.