English (US) 
English (GB) 
English (CA) 
English (AU) 
English (NZ) 
English (ZA) 
Español (ES) 
Español (MX) 
Español (AR) 
Português (BR) 
Português (PT) 
Deutsch (DE) 
Deutsch (AT) 
Français (FR) 
Français (BE) 
Français (CA) 
Italiano (IT) 
日本語 (JA) 
中文 (ZH / CN) 
हिन्दी (HI) 
עברית (HE) 
العربية (AR) 
한국어 (KO) 
Nederlands (NL) 
Polski (PL) 
Türkçe (TR) 
Українська (UK) 
Русский (RU) 
Magyar (HU) 
Română (RO) 
Čeština (CS) 
Български (BG) 
Ελληνικά (EL) 
Svenska (SV) 
Dansk (DA) 
Norsk (NB) 
Suomi (FI) 
Bahasa Indonesia (ID) 
Tiếng Việt (VI) 
Tagalog (PH) 
ภาษาไทย (TH) 
Latviešu (LV) 
Lietuvių (LT) 
Eesti (ET) 
Slovenčina (SK) 
Slovenski (SL) 
Hrvatski (HR) 
Македонски (MK) 
Қазақ (KK) 
Azərbaycan (AZ) 
বাংলা (BN) Security
Last updated: April 10, 2025
We take security seriously. And it’s not just a statement, but a way we plan, develop and deliver our product.
Infrastructure Security
Shifton’s services and data are hosted in EU region
Network
All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorised requests from reaching our internal network.
Permissions and Authentication
Access to customer data is limited to authorised employees who require it for their job.
Encryption
All data is encrypted on transfer with high-grade encryption. All endpoints, whether Interfaces or APIs, are limited to HTTPS access. We enforce best practices such as the use of TLS 1.3, HSTS and CAA, always achieving best results at
Qualys SSL labs test
Incident Response
We implement a protocol for handling security events which includes escalation procedures, rapid mitigation and post mortem.
Disaster Recovery, Back Ups and Monitoring
We have a multi-region recovery and failover deployment, ensuring customer data safety and high availability. We monitor all system components and effectively respond to any issues that arise.
Product Security Features
SSO
Shifton supports OpenID-based SSO for two of the most popular providers
- Microsoft Entra ID (formerly Azure AD) – supporting both personal and business accounts. Shifton is a verified Microsoft partner and our solution adheres to all best practices and is available for easy installation by IT teams on
- Google Workspace accounts, both personal and business
Permissions
Shifton implements a sophisticated RBAC system and has multiple built-in roles available for all customers. Combined with a multi-level hierarchy, it allows the setting up of different fine-grained access levels within the application.
Passwords
All passwords undergo one-way hashing with the bcrypt library and are never stored in plain text.
Enterprise Features
Enterprise customers may be eligible for additional security features, among them
- Additional custom roles
- Ability to control password strength
- Ability to control sign-on capabilities (login/password, Microsoft SSO, Google SSO)
- Ability to limit invitations to specific domain(s)
Employee Security Commitment
Policies
We have strict, clear policies related to security and privacy. All employees undergo training to be familiar with and up-to-date on all changes.
Confidentiality
All employee contracts include a confidentiality agreement.
Sub-processors
As with any modern SaaS product, we use other platforms to implement some features. None of these products and services have access to customer data beyond the minimal amount required for functionality.
Stripe
We use Stripe as our payment processor. Details about their security and PCI compliance can be found on Stripe’s
security page.
Microsoft
Used for SSO (Entra ID) and website analytics
Used for website analytics, SSO, push notifications delivery, Maps platform and other features
Integration with Crisp
To ensure secure and convenient communication with our clients, we use Crisp.chat — a modern live chat and support platform that meets high security standards.
You can review Crisp.chat’s security practices.