SmenoBack

Privacy Policy

Employee Scheduling App

Last updated: May 21, 2026

This Privacy Policy ("Policy") explains the information collection, use, and sharing practices of Smeno ("we," "us," and "our"), the operator of the Employee Scheduling App browser extension and web application (also distributed under localized names in some markets, including "Schichtplaner Online" and "Schemaläggningssystem").

This Policy describes and governs the information collection, use, and sharing practices with respect to your use of our browser extension, web application, and services ("Services") we provide and/or host on our servers.

Before you use or submit any information through or in connection with the Services, please carefully review this Privacy Policy. By using any part of the Services, you understand that your information will be collected, used, and disclosed as outlined in this Privacy Policy.

If you do not agree to this privacy policy, please do not use our Services.

Our Principles

Smeno has designed this policy to be consistent with the following principles:

  • Privacy policies should be human readable and easy to find.
  • Data collection, storage, and processing should be simplified as much as possible to enhance security, ensure consistency, and make the practices easy for users to understand.
  • Data practices should meet the reasonable expectations of users.

Information We Collect

We collect information in multiple ways, including when you provide information directly to us, when we passively collect information from you such as from your browser or device, and from third parties.

Information You Provide Directly to Us

We will collect any information you provide to us, including:

  • Email address: When you register or sign in to access full features
  • Name: Optionally provided during registration
  • Team data: Employee names, roles, work hours, and scheduling rules you create
  • Support requests: Any information you voluntarily provide when submitting feedback or bug reports

Information that Is Automatically Collected

Installation Data

When you install the extension, we automatically collect:

  • Random User ID: A UUID generated locally on your device (not linked to your email or identity)
  • Browser language: Your browser's language setting (e.g., "en-US", "ru-RU")
  • Timezone: Your system timezone (e.g., "Europe/Moscow")
  • Extension version: The version of the extension you installed

Important: This data collection happens immediately upon installation to enable core functionality. The User ID is a random identifier that cannot be linked to your personal identity.

Usage Analytics

We collect information about how you use the extension:

  • Feature usage: Which features you use (adding employees, generating schedules, etc.)
  • Onboarding progress: Which setup steps you complete and how long they take
  • Session information: Session ID and timestamps
  • Success/failure events: Whether operations succeeded or failed

Schedule Generation Data

When you generate schedules, we process:

  • Employee information: Names, roles, and weekly hours you've entered
  • Shift types: Work shift definitions (names, start/end times)
  • Scheduling rules: Natural language rules you provide (e.g., "Anna is off Feb 14-20")
  • Coverage requirements: How many employees per role are needed per shift

Note: Schedule generation requires sending this data to our servers for AI processing. The generated schedule is returned to your browser.

Business Qualification Data

During setup, you may optionally provide:

  • Business type: Restaurant, retail, healthcare, etc.
  • Employee count range: 1-10, 11-20, 21-50, etc.
  • Your role: Owner, manager, HR, etc.
  • Country/region: For labor law compliance suggestions

Analytics Events We Track

We track the following categories of events to understand usage patterns and improve the product:

CategoryEventsPurpose
OnboardingStep started/completed, section completedIdentify where users get stuck
Team SetupEmployee/role added/deletedUnderstand typical team sizes
Shift ConfigurationShift types added/modifiedImprove default templates
RulesRules parsed successfully/failedImprove AI parsing accuracy
ScheduleGenerated, viewed, exported, copiedMeasure core value delivery
AuthenticationSign-in shown, completed, dismissedOptimize sign-in flow
ErrorsError occurred with type and messageDebug and fix issues

Privacy guarantee: Analytics events do NOT contain employee names or specific schedule details. We track that you added an employee, not who you added.

How We Use Your Information

We may use the information we collect from and about you to:

  • Provide and improve the Services, including to develop new features
  • Generate AI-powered work schedules based on your team data and rules
  • Parse natural language scheduling rules using AI
  • Send you schedule reminders and notifications (if you opt in)
  • Process and respond to your support requests and inquiries
  • Conduct analytics, research, and reporting to improve service quality
  • Identify and fix technical issues and bugs
  • Comply with legal obligations and protect the safety, rights, and property of our users
  • Enforce our Terms of Use

We may aggregate and/or de-identify information collected through the Services. We may use de-identified and/or aggregated data for any purpose, including research and service improvement.

When We Disclose Your Information

We may disclose and/or share your information under the following circumstances:

Service Providers

We use the following third-party services to operate our extension and web application:

  • AI / Large Language Model providers: Natural-language text you enter (such as your free-form scheduling prompt and rules like "Anna is off Feb 14-20") is sent to a third-party LLM provider to be parsed into structured scheduling data. We use a fallback chain across multiple providers for reliability; on any given request your text may be processed by one of the following:
    • DeepSeek (primary) — privacy policy: DeepSeek
    • xAI Grok (fallback) — privacy policy: xAI
    • OpenAI (fallback) — privacy policy: OpenAI
    We use these providers' API endpoints only; per their API terms, content submitted via API is not used to train their models. Each provider may retain request data for a limited period for abuse monitoring as described in their respective policies.
  • Supabase (PostgreSQL): Encrypted database storage for user data, teams, and schedules. Privacy policy: Supabase
  • Resend: Email delivery for authentication and notifications. Privacy policy: Resend
  • Railway (global API hosting) and a self-managed VPS (Russia API hosting): infrastructure providers that run our backend. Your data transits these providers' networks to reach our application. Privacy policy: Railway

Important: We do NOT sell or share your data with advertisers or data brokers. Third-party services are used strictly for technical functionality.

Legal Compliance and Protection

We may disclose your information if required to do so by law or to: (a) comply with legal process; (b) enforce our Terms of Use; (c) respond to claims; (d) protect the rights, property, or safety of our users and the public.

Business Transfers

If we engage in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity.

Consent

We may disclose your information to any third parties based on your consent to do so.

Aggregate/De-identified Information

We may disclose de-identified and/or aggregated data for any purpose, including service improvement and research.

Legal Basis for Processing Personal Data

For users in jurisdictions requiring disclosure of legal grounds for processing (such as the EU/EEA), our legal grounds are:

To Honor Our Contractual Commitments to You

Much of our processing is to provide services you requested when using our extension, such as generating schedules based on your team data.

Legitimate Interests

We handle information to further our legitimate interests and those of our users, including:

  • Providing customer service and technical support
  • Analyzing and improving our services
  • Managing legal issues and protecting our users
  • Detecting and preventing fraud and abuse

Legal Compliance

We may process information to comply with legal obligations.

Consent

Where required by law, we handle information based on your consent. You have the right to withdraw consent at any time.

Your Choices and Data Subject Rights

Email Unsubscribe

You may unsubscribe from our emails at any time by clicking the "unsubscribe" link in emails or by contacting us at support@smeno.app.

EU/EEA and UK Data Subject Rights

Individuals in the European Economic Area (EEA), UK, and other jurisdictions have certain legal rights, including:

  • Right to access: Obtain confirmation of what personal data we hold
  • Right to rectification: Correct inaccurate personal data
  • Right to erasure: Request deletion of your personal data
  • Right to restrict processing: Limit how we use your data
  • Right to data portability: Receive your data in machine-readable format
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Where we rely on consent

To exercise these rights, email us at support@smeno.app with "Data Subject Request" in the subject line. We will respond within 30 days.

California Privacy Rights (CCPA)

California residents have the right to:

  • Know what personal information is collected, used, shared, or sold
  • Delete personal information held by us
  • Opt-out of sale of personal information (Note: We do NOT sell personal information)
  • Non-discrimination for exercising CCPA rights

Contact us at support@smeno.app to exercise these rights.

Data Retention

We retain information as follows:

  • User accounts: Retained while your account is active
  • Team data (employees, rules, schedules): Retained while your account is active
  • Analytics events: Retained for 12 months, then automatically deleted
  • Support tickets: Retained for 24 months for quality assurance

Information may persist in backups for business continuity purposes for additional time.

You can request deletion of your data at any time by contacting support@smeno.app.

International Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may not offer the same level of data protection as your jurisdiction.

When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or reliance on adequacy decisions.

By using our Services, you acknowledge and consent to such transfers.

Data Storage and Security

Security Measures

We have implemented technical, physical, and organizational security measures to protect your information, including:

  • Encryption in transit: All data transmitted over HTTPS/TLS
  • Encryption at rest: Database encrypted by Supabase (AES-256)
  • Access control: Row Level Security (RLS) policies ensure users can only access their own data
  • Authentication: Secure passwordless authentication via email codes
  • Token security: Short-lived access tokens with secure refresh mechanism

However, no Internet transmission is completely secure. We cannot guarantee absolute security of your information.

Local Storage

The extension stores some data locally on your device using Chrome's storage API:

  • Your User ID and authentication tokens
  • Cached team data for offline access
  • Your preferences and settings

This data remains on your device and is not accessible to other extensions or websites.

Children's Privacy

Our Services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will take steps to delete it promptly.

For users in the EU, we do not knowingly collect personal data from children under 16 without parental consent.

Third-Party Links and Services

Our Services may contain links to third-party websites and services. We are not responsible for the privacy practices of these third parties. Their collection, use, and disclosure of your information will be subject to their privacy policies.

We encourage you to read the privacy statements of every website and service you use.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post any changes on this page and revise the "Last Updated" date above.

If we make material changes, we will provide notice through the extension or our website as required by law. We encourage you to review this Privacy Policy periodically.

Frequently Asked Questions

Q: What data do you collect when I install the extension?

A: Upon installation, we collect a randomly generated User ID (UUID), your browser language, timezone, and extension version. This happens automatically to enable core functionality. The User ID cannot be linked to your personal identity.

Q: Do you store my employee names and schedules?

A: Yes, when you save your team configuration or generate schedules, this data is stored on our servers to enable features like web access and schedule sharing. You can delete this data at any time.

Q: What data is sent to AI services?

A: When you write scheduling rules in natural language (e.g., "Anna is off next week") or describe your team in the onboarding prompt, this text is sent to a third-party LLM provider via API for parsing. We use a fallback chain across DeepSeek (primary), xAI Grok, and OpenAI for reliability — see the "Service Providers" section above for details. Employee names you include in the text are sent along with it. Per these providers' API terms, your data is not used to train their models; each provider may retain request data for a short period for abuse monitoring as described in their respective privacy policies.

Q: Do you sell my data?

A: No. We do NOT sell, rent, or share your personal information with advertisers or data brokers. Your data is used only to provide and improve our services.

Q: Can I use the extension without creating an account?

A: Yes. Core features work without authentication. However, some features (like copying schedules to the web app or accessing from multiple devices) require signing in with your email.

Q: How do I delete my data?

A: You have two options:

  • From inside the extension: open the extension, click the "Contact Support" icon in the top toolbar, choose "Ask a question" as the type, and write that you would like your data deleted (e.g. "GDPR deletion request"). Provide the email address associated with your account in the "Email for reply" field.
  • By email: write to support@smeno.app from the email address associated with your account. If you used the extension without signing in, briefly describe the data you would like removed so we can locate it.

Either way, we will delete all associated data within 30 days.

Q: What happens to my data if I uninstall the extension?

A: Local data stored by the extension is deleted when you uninstall. Data stored on our servers (if you signed in) remains until you request deletion or your account becomes inactive for 24 months.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

  • General inquiries & privacy requests (GDPR/CCPA): support@smeno.app
  • Website: smeno.app

Compliance

This extension and web application comply with:

  • Chrome Web Store Developer Program Policies
  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • UK Data Protection Act
  • Children's Online Privacy Protection Act (COPPA)