At times, our Support, Engineering and Customer Success teams may need to access your ShiftCare account to investigate an issue, reproduce a problem you've reported, or help configure a feature. This is called "login as" or account impersonation.
We take this access seriously. It is controlled, logged, and limited to what's needed to help you. This article explains when and how it happens, and the safeguards in place to protect your data.
This guide includes:
When ShiftCare accesses your account
A ShiftCare team member may access your account when:
You've raised a support request or reported a bug that we need to see firsthand to resolve.
We're helping you set up or troubleshoot a feature, integration, or configuration.
We're investigating a technical issue affecting your account or data.
We do not access your account to browse, export, or use your data for any purpose unrelated to supporting you.
How access works
When a support team member needs to access your account, they use a dedicated, role-restricted internal tool rather than your password. This means:
They never see or need your login credentials.
The session runs under their own authenticated, identified staff account using multiple layers of authentication.
Every action is attributable to a named team member.
We will ask for your permission before accessing your account, except where access is necessary to resolve an active support request you have raised with us.
Safeguards and controls
Several controls govern how and when our team can access customer accounts:
Restricted, role-based access. Only authorised Support, Customer Success, and Engineering staff have permission to use the account-access feature. Access is granted by role and reviewed regularly.
Audit logging. Every support access session is logged and traceable to the individual team member, including when access started and the actions taken. These logs are retained indefinitely, and are available for security review.
Time-limited access. Access is scoped to the support task and does not remain open-ended. Sessions are closed once the task is complete.
Data privacy compliance. All access is handled in line with our obligations under the Australian Privacy Act and our Privacy Policy. Staff are bound by confidentiality obligations and access only the data needed to resolve your issue.
Your data and privacy
Protecting the personal and health information held in your account is a core responsibility. When our team accesses your account:
Access is limited to what is necessary to assist you.
Your data is never copied, shared, or used outside the scope of supporting you.
All activity is recorded for accountability.
If you'd like a record of when your account was accessed by ShiftCare, contact our Support team and we can provide details from our audit logs.
Frequently asked questions
Does ShiftCare use my password to log in?
No. Our team uses a separate, internal access tool. They never see or use your password.
Will I be told when support accesses my account?
We'll let you know, or ask first, except where you've raised a support request that requires us to access your account to resolve it.
Can I request that ShiftCare not access my account?
Yes. Please advise Support or contact your Customer Success Manager.
Who within ShiftCare can access my account?
Only authorised Support, Customer Success, and Engineering staff whose roles require it. Access is role-restricted and regularly reviewed.
Is account access logged?
Yes. Every session is recorded in our audit logs and is attributable to a named team member. Each session requires a mandatory reason for accessing the account.
How is my data protected during access?
Access is limited to what's needed to help you, all staff are bound by confidentiality obligations, and everything is handled in line with our Privacy Policy and relevant data protection standards.
For further assistance, please contact our Support team via in-app chat or at support@shiftcare.com.