English (US) 
English (GB) 
English (CA) 
English (AU) 
English (NZ) 
English (ZA) 
Español (ES) 
Español (MX) 
Español (AR) 
Português (BR) 
Português (PT) 
Deutsch (DE) 
Deutsch (AT) 
Français (FR) 
Français (BE) 
Français (CA) 
Italiano (IT) 
日本語 (JA) 
中文 (ZH / CN) 
हिन्दी (HI) 
עברית (HE) 
العربية (AR) 
한국어 (KO) 
Nederlands (NL) 
Polski (PL) 
Türkçe (TR) 
Українська (UK) 
Русский (RU) 
Magyar (HU) 
Română (RO) 
Čeština (CS) 
Български (BG) 
Ελληνικά (EL) 
Svenska (SV) 
Dansk (DA) 
Norsk (NB) 
Suomi (FI) 
Bahasa Indonesia (ID) 
Tiếng Việt (VI) 
Tagalog (PH) 
ภาษาไทย (TH) 
Latviešu (LV) 
Lietuvių (LT) 
Eesti (ET) 
Slovenčina (SK) 
Slovenski (SL) 
Hrvatski (HR) 
Македонски (MK) 
Қазақ (KK) 
Azərbaycan (AZ) 
বাংলা (BN) Security
Last updated: April 10, 2025
We take security seriously. And it’s not just a statement, but how we plan, develop, and deliver our product.
Infrastructure Security
Shifton’s services and data are hosted in EU region
Network
All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorised requests from reaching our internal network.
Permissions and Authentication
Access to customer data is limited to authorised employees who need it for their job.
Encryption
All data is encrypted on transfer with high-grade encryption. All endpoints, whether Interfaces or APIs, are limited to HTTPS access. We enforce best practices like the use of TLS 1.3, HSTS, and CAA, consistently achieving the best results at
Qualys SSL Labs test
Incident Response
We have a protocol for handling security events, which includes escalation procedures, rapid mitigation, and post-mortem.
Disaster Recovery, Backups and Monitoring
We have a multi-region recovery and failover deployment, ensuring customer data safety and high availability. We monitor all system components and effectively respond to arising issues.
Product Security Features
SSO
Shifton supports OpenID-based SSO for the two most popular providers
- Microsoft Entra ID (formerly Azure AD) – supporting both personal and business accounts. Shifton is a verified Microsoft partner, and our solution adheres to all best practices and is available for easy installation by IT teams on
Azure Marketplace - Google Workspace accounts, both personal and business
Permissions
Shifton implements a sophisticated RBAC system and has multiple built-in roles available for all customers. Combined with a multi-level hierarchy, it allows setting different fine-grained access levels in the app.
Passwords
All passwords undergo one-way hashing with the bcrypt library and are never stored as plain text.
Enterprise Features
Enterprise customers may be eligible for additional security features, including
- Additional custom roles
- Ability to control password strength
- Ability to control sign-on capabilities (login/password, Microsoft SSO, Google SSO)
- Ability to limit invitations to specific domain(s)
Employee Security Commitment
Policies
We have strict, clear policies related to security and privacy. All employees undergo training to stay familiar with and up to date on all changes.
Confidentiality
All employee contracts include a confidentiality agreement.
Sub-processors
As with any modern SaaS product, we use other platforms to implement certain features. None of these products and services have access to customer data beyond the minimal amount required for functionality.
Stripe
We use Stripe as our payment processor. Details about their security and PCI compliance can be found on Stripe’s
security page.
Microsoft
Used for SSO (Entra ID) and website analytics
Used for website analytics, SSO, push notifications delivery, Maps platform, and other features
Integration with Crisp
To ensure secure and convenient communication with our clients, we use Crisp.chat — a modern live chat and support platform that meets high security standards.
You can review Crisp.chat’s security practices.