Niteshift

Privacy Policy

Niteshift

Last Updated: January 23, 2026

This Privacy Policy describes how Bifrost Technologies Inc., operating as Niteshift ("we," "us," or "our"), collects, uses, and shares information in connection with your use of the Niteshift platform and related services (the "Service"). By using the Service, you agree to the practices described in this Policy. If your organization has a separate written agreement with us (such as an MSA or DPA), that agreement controls to the extent it conflicts with this Policy.

The Service is a business-to-business platform designed for software development teams. It is not intended for use by individuals under 16 years of age.

"Personal Data" means any information that identifies, relates to, or could reasonably be linked to an identified or identifiable individual.

1. Information We Collect and When We Collect It

Account Information

When you create an account, we collect information you provide directly, including your name and email address. If you authenticate via a third-party provider (such as GitHub), we receive profile information and access tokens from that provider as necessary to provide the Service.

Customer Content

"Customer Content" has the meaning given in our Terms of Service.

Usage and Log Data

We automatically collect information about your use of the Service, including IP addresses, browser type, device identifiers, pages visited, features used, timestamps, and error logs. We use this information to operate, secure, and improve the Service.

Integration Data

If you connect third-party services (such as GitHub, Slack, or AI providers like Anthropic, OpenAI, or Google), we collect credentials and tokens necessary to facilitate those integrations. We also receive information from those services as needed to provide the Service (for example, repository metadata from GitHub or workspace information from Slack).

Cookies and Similar Technologies

We use cookies and similar technologies to maintain sessions, remember preferences, and collect analytics. We do not use third-party advertising cookies. You may disable cookies in your browser settings, but some features of the Service may not function properly.

2. How We Use Information

We use the information we collect to:

  • Operate the Service: Provision development environments, process tasks, connect to AI providers, and deliver features you request.
  • Secure the Service: Detect and prevent fraud, abuse, and security incidents; enforce our Terms of Service.
  • Provide Support: Respond to inquiries, troubleshoot issues, and communicate with you about your account.
  • Improve the Service: Analyze usage patterns, diagnose technical problems, and develop new features.
  • Comply with Legal Obligations: Respond to lawful requests from authorities and meet applicable legal requirements.

3. AI Features and Model Training

The Service integrates with third-party AI providers (such as Anthropic, OpenAI, and Google) to offer AI-assisted development features.

We do not use Customer Content to train generative AI models or machine learning models, unless you explicitly opt in.

For details on our model training practices and third-party AI provider obligations, see Sections 2(b) and 3 of our Terms of Service.

4. How We Share Information

We do not sell your personal information. We may share information in the following circumstances:

  • Service Providers: We share information with vendors who help us operate the Service (such as cloud infrastructure providers, analytics services, and monitoring tools). These providers are contractually obligated to use information only to provide services to us.
  • AI Providers: As described above, Customer Content is transmitted to AI providers to deliver AI features.
  • Integrations: If you enable integrations (e.g., GitHub, Slack), information is shared with those services as necessary to provide the integration.
  • Legal Requirements: We may disclose information if required by law, regulation, or legal process, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred to the successor entity.

5. Your Privacy Rights

You may request access to, correction of, or deletion of your personal information by contacting us at the address below. We respond to verified requests within 30 days. You can opt out of marketing emails via the unsubscribe link in our communications.

We do not sell or "share" your personal information as those terms are defined under the California Consumer Privacy Act (CCPA).

6. Data Security

We implement industry-standard security measures to protect your information, including:

  • Encryption of data in transit and at rest.
  • Access controls limiting employee access to Customer Content to personnel with a legitimate need.
  • Logging and monitoring of access to systems containing Customer Content.

No system is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

Security Incident Notification

Our security incident notification obligations are described in Section 10(b) of our Terms of Service.

7. Data Retention and Deletion

We retain personal information and Customer Content as long as reasonably necessary to provide the Service, comply with legal obligations, and resolve disputes. Some information may persist in backups or logs for a limited period after deletion from production systems.

You or your authorized representative may request deletion of personal information and Customer Content by contacting us at the address below. We will process deletion requests within approximately 30 days, subject to legal holds and technical constraints (such as backup retention cycles). We also respond to verified requests to access or delete personal information as required by applicable law.

8. International Data Transfers

The Service is designed for users in the United States. We do not market our services to residents of the UK, European Economic Area (EEA), or other jurisdictions with data protection laws similar to the GDPR. We do not intentionally collect data from users in these locations and have not adopted GDPR-compliant data handling practices. If you access the Service from outside the U.S., you do so at your own risk and are responsible for compliance with your local laws.

9. Sensitive and Regulated Data

The Service is not designed to process protected health information (PHI) subject to HIPAA, payment card data subject to PCI-DSS, or other categories of highly regulated personal data. You agree not to submit such data to the Service.

10. Children's Privacy

The Service is intended for business use by individuals 16 years of age or older. We do not knowingly collect personal information from anyone under 16. If we learn that we have collected information from a child under 16, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated Policy on our website and updating the "Last Updated" date. Your continued use of the Service after changes take effect constitutes acceptance of the revised Policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at:

Bifrost Technologies Inc. 169 Madison Ave STE 38445 New York, NY 10016 Email: legal@niteshift.dev

This Privacy Policy is effective as of January 23, 2026.