English (US) 
English (GB) 
English (CA) 
English (AU) 
English (NZ) 
English (ZA) 
Español (ES) 
Español (MX) 
Español (AR) 
Português (BR) 
Português (PT) 
Deutsch (DE) 
Deutsch (AT) 
Français (FR) 
Français (BE) 
Français (CA) 
Italiano (IT) 
日本語 (JA) 
中文 (ZH / CN) 
हिन्दी (HI) 
עברית (HE) 
العربية (AR) 
한국어 (KO) 
Nederlands (NL) 
Polski (PL) 
Türkçe (TR) 
Українська (UK) 
Русский (RU) 
Magyar (HU) 
Română (RO) 
Čeština (CS) 
Български (BG) 
Ελληνικά (EL) 
Svenska (SV) 
Dansk (DA) 
Norsk (NB) 
Suomi (FI) 
Bahasa Indonesia (ID) 
Tiếng Việt (VI) 
Tagalog (PH) 
ภาษาไทย (TH) 
Latviešu (LV) 
Lietuvių (LT) 
Eesti (ET) 
Slovenčina (SK) 
Slovenski (SL) 
Hrvatski (HR) 
Македонски (MK) 
Қазақ (KK) 
Azərbaycan (AZ) 
বাংলা (BN) Security
Last updated: April 10, 2025
We take security seriously. It’s not just a statement, but the way we plan, develop, and deliver our product.
Infrastructure Security
Shifton’s services and data are hosted in the EU region.
Network
All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that stop unauthorised requests from reaching our internal network.
Permissions and Authentication
Access to customer data is restricted to authorised employees who need it for their job.
Encryption
All data is encrypted in transit with high-grade encryption. All endpoints, whether Interfaces or APIs, are limited to HTTPS access. We enforce best practices like the use of TLS 1.3, HSTS, and CAA, always achieving the best result at
Qualys SSL labs test
Incident Response
We have a protocol for handling security events that includes escalation procedures, rapid mitigation, and a post-mortem.
Disaster Recovery, Back Ups and Monitoring
We have a multi-region recovery and failover deployment, ensuring customer data safety and high availability. We monitor all system components and effectively respond to issues as they arise.
Product Security Features
SSO
Shifton supports OpenID-based SSO for two of the most popular providers.
- Microsoft Entra ID (formerly Azure AD) – supporting both personal and business accounts. Shifton is a verified Microsoft partner, and our solution adheres to all best practices and is available for easy installation by IT teams on
Azure Marketplace - Google Workspace accounts, both personal and business
Permissions
Shifton implements a sophisticated RBAC system and has multiple built-in roles available for all customers. Combined with a multi-level hierarchy, it allows different fine-grained access levels to be set in the app.
Passwords
All passwords undergo one-way hashing with the bcrypt library and are never stored in plain text.
Enterprise Features
Enterprise customers may qualify for additional security features, including
- Additional custom roles
- Ability to control password strength
- Ability to control sign-on capabilities (login/password, Microsoft SSO, Google SSO)
- Ability to limit invitations to specific domain(s)
Employee Security Commitment
Policies
We have strict, clear policies related to security and privacy. All employees undergo training to be familiar with and stay up to date with all changes.
Confidentiality
All employee contracts include a confidentiality agreement.
Sub-processors
As with any modern SaaS product, we use other platforms to implement some features. None of those products and services have access to customer data beyond the minimal amount required for functionality.
Stripe
We use Stripe as our payment processor. Details about their security and PCI compliance can be found on Stripe’s
security page.
Microsoft
Used for SSO (Entra ID) and website analytics.
Used for website analytics, SSO, push notifications delivery, Maps platform, and other features.
Integration with Crisp
To ensure secure and convenient communication with our clients, we use Crisp.chat—a modern live chat and support platform that meets high security standards.
You can review Crisp.chat’s security practices.