Security work rarely makes headlines, but today's release is the kind that lets you sleep better without you noticing anything changed.
One token, one use
When an app stays signed in, it holds a long-lived token it trades for fresh access periodically. Until today, that trade did not retire the old token. Now it does: every renewal is single use. If a stolen token is ever replayed, we treat it as theft and revoke every session on the account automatically. Signing out now means signed out, and a password change ends every session everywhere.
Deletion with an undo window
Deleting your ShiftSee account now ends every session immediately and removes your data after a 7 day grace window. If you change your mind, sign back in within the window and restore everything with one tap. Deletion should be easy, and so should regret.
The small ones you will feel
Businesses with an unpaid invoice for a completed shift get a friendly payment-due reminder the next day, once per invoice. And questions asked in the Help section now get an instant answer grounded in our help articles, with a human follow-up when the articles fall short.
The quiet engine for what is next
Behind the scenes we shipped a sync engine that tells any ShiftSee app what changed in the last few seconds: new shifts, claims, connection requests, notifications. Our next mobile app polls it continuously, so updates appear while you watch, no push notification required. And ShiftSee now speaks MCP, the protocol AI assistants use, so you can ask Claude to check your schedule or post Friday's shift. More on that soon.