Privacy Policy
Privacy Policy
ShiftLineup PTY LTD trading as Urhere
Last updated: 28/05/2026
ShiftLineup PTY LTD, trading as Urhere, is committed to protecting the privacy and security of personal information.
This Privacy Policy explains how we collect, hold, use and disclose personal information when you use Urhere, visit our websites, use our mobile applications, contact us for support, use our integrations, or otherwise interact with us.
This Privacy Policy applies to Urhere’s software applications, websites, mobile applications, support channels, connected services and other services that link to or refer to this Privacy Policy.
In this Privacy Policy, “Urhere”, “ShiftLineup”, “we”, “us” and “our” means ShiftLineup PTY LTD. “Customer” means an organisation that uses Urhere. “User” means a person who accesses or uses Urhere, including account owners, managers, administrators, employees, contractors and other authorised users.
This Privacy Policy should be read together with our Terms and Conditions and any applicable agreement between Urhere and a Customer.
- Our role
Urhere is primarily a business-to-business workforce management platform.
Our Customers use Urhere to manage things such as rostering, time and attendance, clock-in and clock-out records, geofencing, timesheets, payroll exports, employee records, leave, availability, reporting, integrations and related workforce management processes.
In many cases, personal information about employees, contractors and other workers is provided to us by our Customers, or generated through their use of Urhere. In those cases, the Customer is responsible for deciding what personal information is entered into Urhere and how Urhere is configured for their workplace.
We process that information to provide Urhere to the Customer.
If you are an employee, contractor or other worker of one of our Customers and you have questions about how your employer uses Urhere, you should usually contact your employer first. You may also contact us using the details at the end of this Privacy Policy.
- The types of personal information we collect
The types of personal information we collect depend on how you interact with us and how a Customer configures and uses Urhere.
We may collect the following types of personal information.
Account and contact information
This may include:
Name
Business name
Email address
Phone number
Job title
Login details
Support contact details
Billing contact details
Communication preferences
Employee and workforce information
Customers may upload, enter, generate or sync information about their employees, contractors and other workers. This may include:
Name
Address
Email address
Phone number
Date of birth
Emergency contact details
Employment type
Role or position
Work location
Area, team or department
Availability and unavailability
Rosters and shifts
Clock-in and clock-out records
Break records
Timesheets
Leave records
Payroll identifiers
Pay rates, pay templates or payroll configuration
Award, agreement or rate library configuration
Employment commencement dates
Anniversary dates
Training or certification records
Notes entered by authorised users
Other information reasonably required to provide workforce management services
Location and attendance information
Where a Customer enables location-based features, Urhere may collect or process location-related information. This may include:
GPS location at clock-in or clock-out
Location information used for geofence checks
Distance from an approved work location
Device location permissions
Store, site, branch or work area location
Time and date of attendance activity
Records showing whether a clock-in or clock-out occurred inside or outside an approved location
Urhere does not use location information for every Customer or every User. Location collection depends on the Customer’s settings, the features enabled and the permissions granted on the relevant device.
Unless specifically enabled through a feature, Urhere is designed to collect location information for workforce management purposes such as clock-in, clock-out and attendance verification. It is not intended to operate as a continuous employee tracking system.
Photos, files and evidence records
Depending on how a Customer uses Urhere, we may collect or store:
Photos taken during clock-in or attendance processes
Profile images
Uploaded files
Identification documents, where uploaded by a Customer or User
Certificates, licences or training documents
Attachments added to records, reports, notes, events or support requests
Customers are responsible for ensuring they have a lawful basis to upload or require this information.
Payroll, accounting and integration information
Where a Customer connects Urhere to a payroll, accounting, point-of-sale or other third-party system, we may collect, use, store, send and receive information required to operate that integration.
This may include:
Employee records
Payroll employee identifiers
Timesheet data
Pay items
Earnings rates
Leave records
Leave balances
Payroll calendars
Organisation details
Accounting or payroll configuration
Connected organisation identifiers
Integration tokens or connection metadata
Export results, errors and logs
Sales, budget or labour reporting data
Other information required to provide the integration
This may include integrations with platforms such as Xero or other payroll, accounting, POS or business systems.
Third-party platforms have their own privacy policies, security practices and terms. Customers are responsible for deciding whether to connect those systems to Urhere and for ensuring they are authorised to share relevant information with those systems.
Device, browser and technical information
We may collect information about the device, browser or system used to access Urhere. This may include:
Device type
Operating system
Browser type
App version
IP address
Device identifiers
Mobile device information
Crash logs
Diagnostic data
Login activity
Security logs
Date and time of access
Pages, screens or features accessed
Approximate location derived from IP address
Push notification tokens
Some of this information may be collected automatically.
Website, marketing and enquiry information
When you visit our websites, contact us, book a demo, submit a form, subscribe to updates or communicate with us, we may collect:
Name
Email address
Phone number
Business name
Role
Website usage data
Form submission details
Marketing preferences
Communication history
Information you choose to provide to us
Support and customer service information
When you contact us for support, we may collect:
Your contact details
Support request details
Screenshots or files you provide
System logs relevant to the issue
Account and usage information needed to investigate the issue
Communications between you and our support team
Where needed to resolve a support request, authorised Urhere personnel may access relevant Customer account information, subject to internal access controls.
- How we collect personal information
We may collect personal information:
Directly from you
From a Customer that uses Urhere
From administrators or managers using Urhere
From employees or other authorised users using Urhere
When information is uploaded into Urhere
When information is generated through use of Urhere
Through connected integrations
Through our websites, mobile apps and support channels
Through cookies and similar technologies
From third-party service providers, where permitted
From publicly available sources, where relevant
If you do not provide certain personal information, or if required permissions are not granted, some parts of Urhere may not work properly.
For example, if location permission is not granted on a mobile device, GPS or geofence clock-in features may not operate as intended.
- Why we collect, use and hold personal information
We collect, use and hold personal information for purposes including:
Providing Urhere and related services
Creating and managing user accounts
Supporting rostering and scheduling
Managing clock-in, clock-out and attendance records
Supporting geofence and location verification features
Managing timesheets and approvals
Supporting payroll exports and payroll integrations
Supporting accounting, POS and other connected systems
Managing employee records and workforce information
Providing reports, analytics and dashboards
Providing customer support and troubleshooting
Maintaining security and preventing misuse
Detecting, investigating and responding to suspected fraud, misuse or misconduct
Improving Urhere’s products, services, websites and mobile applications
Communicating service updates, release notes and important notices
Managing billing, subscriptions and commercial relationships
Training staff and improving support processes
Complying with legal obligations
Enforcing our Terms and Conditions and other agreements
Protecting our rights, property, users and Customers
We may also use de-identified or aggregated information for analytics, product improvement, benchmarking, reporting, business planning and service development.
- Payroll, rate library and award-related data
Urhere may help Customers manage pay-related configuration, including pay templates, earnings rates, award rules, rate libraries, payroll mappings and payroll exports.
This may require Urhere to process personal information and employment-related information, including timesheet records, pay configuration, payroll identifiers, employment type and other information required to calculate, review or export payroll-related data.
Urhere does not replace a Customer’s responsibility to verify payroll, award coverage, employee classification, pay rates, allowances, leave entitlements, payroll settings or compliance with employment laws.
Customers remain responsible for reviewing and approving payroll information before it is submitted to a payroll system or used for employment-related decisions.
- Mobile app permissions
Urhere’s mobile applications may request access to device features depending on the functionality used by the Customer or User.
This may include:
Location services, for GPS or geofence attendance features
Camera access, for photo capture or upload features
Photo or file access, where a User uploads an attachment
Push notifications, for alerts and workforce notifications
Device information, for security, diagnostics and app functionality
The permissions requested may vary depending on the device, operating system, Customer settings and features being used.
Users can manage app permissions through their device settings. Restricting permissions may limit some features.
- Cookies and similar technologies
We may use cookies, pixels, web beacons, local storage and similar technologies on our websites and applications.
These technologies may be used to:
Operate our websites and services
Remember user preferences
Support login and security features
Understand website and product usage
Improve performance
Measure marketing activity
Prevent fraud or misuse
Personalise content or communications
You can usually manage cookies through your browser settings. If you block or delete cookies, some features may not work properly.
Our websites may use analytics tools such as Google Analytics or similar services. You can find more information about Google Analytics opt-out options at Google’s own opt-out resources.
Our websites may not respond to all “Do Not Track” browser signals.
- When we disclose personal information
We may disclose personal information:
To the Customer that controls or administers the relevant Urhere account
To authorised users of a Customer account, based on permissions and roles
To employees, contractors and service providers who help us operate Urhere
To hosting, infrastructure, security and backup providers
To payment and billing providers
To support, communication and customer success tools
To analytics and diagnostics providers
To payroll, accounting, POS and other third-party systems connected by a Customer
To professional advisers, such as lawyers, accountants and auditors
To regulators, courts, law enforcement or government agencies where required or permitted by law
To another organisation as part of a business sale, merger, restructure, financing or acquisition process
Where needed to investigate security issues, misuse, fraud or misconduct
Where otherwise authorised by you, the Customer or the law
We do not sell personal information.
- Connected third-party systems
Customers may choose to connect Urhere with third-party systems, including payroll, accounting, POS, communication, identity, reporting or other business platforms.
When a Customer enables an integration, Urhere may exchange information with that system as required to provide the integration.
The Customer is responsible for:
Choosing whether to enable an integration
Ensuring they have authority to connect the third-party system
Ensuring the information shared through the integration is accurate and appropriate
Reviewing exports, sync results and integration settings
Understanding the third-party provider’s own privacy policy and terms
Urhere is not responsible for how a third-party platform handles personal information after that information has been lawfully transferred to that platform at the Customer’s direction.
- Overseas disclosure
We are based in Australia, but some of our service providers, technology partners, infrastructure providers or support systems may be located outside Australia or may store or process information outside Australia.
This may include providers located in Australia, New Zealand, the United States, Singapore, the European Union or other countries where our service providers operate.
The countries involved may change over time depending on our technology providers and business operations.
Where we disclose personal information overseas, we will take reasonable steps required by applicable privacy laws to protect that information. APP 8 generally requires an APP entity to take reasonable steps to ensure that an overseas recipient handles personal information consistently with the Australian Privacy Principles, subject to exceptions.
When a Customer connects Urhere to a third-party system, personal information may also be transferred to countries where that third-party system or its providers operate.
- Security
We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification and disclosure.
The measures we use may include:
Access controls
User authentication
Encryption in transit
Infrastructure security controls
Role-based access permissions
Logging and monitoring
Backup and recovery processes
Internal staff access controls
Security reviews
Incident response processes
Supplier and service provider controls
No system is completely secure. Customers and Users also have responsibilities, including keeping login credentials secure, using appropriate access permissions, removing access for people who no longer require it and notifying us promptly if they suspect unauthorised access.
- Data breaches
If we become aware of a suspected data breach involving personal information, we will assess and respond to it in accordance with applicable law and our internal processes.
Where required by the Notifiable Data Breaches scheme, we will notify affected individuals and the Office of the Australian Information Commissioner if a data breach is likely to result in serious harm. The OAIC explains that an eligible data breach can arise where personal information is accessed or disclosed without authorisation, or lost, and serious harm is likely.
Where a data breach relates to information controlled by a Customer, we may notify and work with the relevant Customer as part of the response process.
- Retention of personal information
We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide Urhere, comply with legal obligations, resolve disputes, maintain business records, support audit requirements and enforce agreements.
Retention periods may vary depending on:
The type of information
The Customer’s account settings
Legal and regulatory requirements
Payroll, employment and record-keeping obligations
Backup and disaster recovery processes
The need to investigate or resolve issues
When personal information is no longer required, we will take reasonable steps to delete, destroy, de-identify or anonymise it, unless we are required or permitted to retain it.
Customers may also be able to delete or export certain information from within Urhere, depending on their account permissions and the relevant feature.
- Account deletion and data removal requests
If you wish to request deletion of your Urhere account or personal information, you can contact us at:
support@urhere.com.au
If you are an employee, contractor or other worker of a Customer, we may need to refer your request to that Customer, because the Customer may control the relevant employment or workforce records.
In some cases, we may not be able to delete information immediately or completely, including where retention is required for legal, payroll, audit, security, backup, dispute resolution or legitimate business purposes.
- Access and correction
You may request access to personal information we hold about you.
You may also request that we correct personal information if you believe it is inaccurate, out of date, incomplete, irrelevant or misleading.
To request access or correction, contact us using the details at the end of this Privacy Policy.
We may need to verify your identity before responding to a request. We may refuse access or correction where permitted by law, including where giving access would affect the privacy of others, reveal commercially sensitive information, create a security risk, be unlawful or be otherwise inappropriate in the circumstances.
If you are an employee, contractor or other worker of a Customer, some access or correction requests may need to be handled by the Customer.
- Marketing communications
We may use contact details to send service updates, product information, release notes, training material, event information or other communications relevant to Urhere.
You can opt out of marketing communications by using the unsubscribe option in the communication or by contacting us.
We may still send important service, security, billing, legal or account-related communications.
- De-identified and aggregated information
We may create de-identified or aggregated information from information processed through Urhere.
We may use this information for analytics, benchmarking, product improvement, business planning, reporting, research and service development.
We will take reasonable steps to ensure de-identified or aggregated information does not identify an individual.
- Links to other websites
Our websites, applications or communications may contain links to third-party websites or services.
We are not responsible for the privacy practices, content or security of those third-party websites or services.
You should review the privacy policy of any third-party website or service you use.
- Social media
If you communicate with us through social media platforms such as Facebook, Instagram, LinkedIn or X, the relevant social media provider may collect, hold, use or disclose your personal information in accordance with its own privacy policy.
- Changes to this Privacy Policy
We may update this Privacy Policy from time to time.
When we make changes, we will update the “Last updated” date at the top of this Privacy Policy.
If we make material changes, we may take additional steps to notify Customers or Users, depending on the nature of the change.
- Complaints and questions
If you have a question, concern or complaint about how we handle personal information, contact us using the details below.
We will aim to acknowledge your complaint within a reasonable time and will work with you to resolve it. We may ask for additional information so we can properly assess your complaint.
If you are not satisfied with our response, you may be able to contact the Office of the Australian Information Commissioner.
- Contact us
ShiftLineup PTY LTD trading as Urhere
Suite 18, 2-6 Chaplin Drive
Lane Cove West NSW 2066
Australia
Email: support@urhere.com.au
Phone: 02 8123 2105