Help us deliver Shiftwave Recovery Systems to L.A. fire stations. Learn More →

Privacy policy

Privacy Policy

Last Modified: February 27, 2026

This Privacy Policy describes how Cofactor Systems, Inc., doing business as Shiftwave ("Shiftwave," "we," "us," or "our"), collects, uses, and discloses your personal information when you visit, use our services, or make a purchase from shiftwave.co (the "Site"), use our mobile or tablet applications (the "Apps"), use our wellness chair and its biofeedback features (the "Chair"), or otherwise communicate with us (collectively, the "Services").

For purposes of this Privacy Policy, "you" and "your" means you as the user of the Services, whether you are a customer, website visitor, app user, or another individual whose information is collected through the Services.

This Privacy Policy applies to our e-commerce website, our Apps (including the Shiftwave Control App and Companion App), and the data collected through the Chair and its integrated sensors. If you have any questions or concerns about this Privacy Policy or our data practices, please refer to the Contact Information section below for details on how to reach us.

Important Information and Who We Are

Shiftwave is a science-driven wellness company dedicated to creating innovative products and services that help individuals regulate their nervous system, promote relaxation, and enhance overall well-being.

Our primary focus is on the development of the Shiftwave, a high-end wellness and recovery chair that uses synchronized pulsed pressure waves, whole-body vibration, guided breathwork, and immersive audio to support relaxation, recovery, and performance. The Chair is operated through companion software applications and includes biofeedback sensors that collect physiological data during sessions.

This Privacy Policy applies to our e-commerce website, shiftwave.co, where you can purchase or lease the Shiftwave chair, and to the Apps and digital services used in connection with the Chair.

It outlines how we collect, use, and protect your personal information when you interact with our website, create an account, use the Chair and Apps, or engage with our email or SMS marketing communications.

Shiftwave is operated by Cofactor Systems, Inc., doing business as Shiftwave.

For any questions or concerns regarding this Privacy Policy or our data practices, please refer to the Contact Information section below.

The Data We Collect About You

When you interact with Shiftwave, we may collect the following categories of personal information:

Account and Contact Data

Phone Number: Used to send authentication codes via SMS and, with your consent, marketing messages.

Email Address: Used to communicate important updates, promotions, and notifications, including any account-related changes or confirmations.

Name: If provided during account creation or purchase.

Shipping and Billing Address: Collected during purchase to fulfill your order.

Payment Information: Payment card details are collected and processed by our payment processors (see Service Providers below). We do not store full payment card numbers on our systems.

Device and Technical Data

Device Information: We may collect details about the device you use to access our website, such as device model, operating system, browser version, and IP address, to ensure compatibility and security.

App Device Information: When you use the Control App or Companion App, we collect device identifiers, operating system version, app version, and Bluetooth connection data necessary for the Apps to communicate with the Chair via the ShiftLink module.

Health and Biofeedback Data

Heart Rate (HR): Measured via the pulse oximeter during Chair sessions and displayed in real time through the Control App.

Heart Rate Variability (HRV): A physiological metric derived from pulse oximeter readings that indicates autonomic nervous system activity, used by the BioDrive biofeedback system and the AI Coach.

Blood Oxygen Saturation (SpO2): Measured via the pulse oximeter during sessions to provide wellness insights.

Session Data: Records of your Chair sessions including protocol selections, session duration, frequency, intensity settings, and biofeedback readings over time.

AI Coach Profile: Data generated by the AI Coach based on your Health Data, Session Data, and stated wellness goals, used to create personalized protocol recommendations. See "Automated Decision-Making and Profiling" below.

This information is collected during account creation, purchases, use of the Chair and Apps, and communications with Shiftwave. For more information on how we use and protect your data, please refer to the relevant sections of this Privacy Policy.

Information for EU/UK residents:
The above data is classified as special category data (health data) under Article 9 of the EU/UK GDPR and requires your explicit consent before we process it. See "Lawful Basis for Processing" and "Your EEA/UK Legal Rights" below for more information.

Lawful Basis for Processing

Under the EU General Data Protection Regulation (GDPR) and the UK GDPR, we are required to have a lawful basis for each processing activity. The table below sets out the purposes for which we process your personal data and the corresponding lawful basis.

Purpose

Data Used

Lawful Basis

Account creation and authentication

Phone number, email, name

Performance of a contract (Art. 6(1)(b))

Processing your purchase and delivery

Contact, billing, shipping, payment data

Performance of a contract (Art. 6(1)(b))

Customer support

Contact data, account data, correspondence

Performance of a contract (Art. 6(1)(b))

Operating the Chair biofeedback system

HR, HRV, SpO2 (Health Data)

Explicit consent (Art. 9(2)(a)) + Consent (Art. 6(1)(a))

AI Coach personalised recommendations

Health Data, Session Data, goals

Explicit consent (Art. 9(2)(a)) + Consent (Art. 6(1)(a))

Displaying session history and insights

Session Data, Health Data

Explicit consent (Art. 9(2)(a)) + Consent (Art. 6(1)(a))

Syncing data between Apps

Account data, Session Data, Health Data

Explicit consent for Health Data; Contract for account data

Marketing communications (email/SMS)

Email, phone number

Consent (Art. 6(1)(a))

Website analytics and performance

Device info, cookies, browsing data

Consent for non-essential cookies; Legitimate interest for essential analytics (Art. 6(1)(f))

Security, fraud prevention

Device info, IP address, account activity

Legitimate interest (Art. 6(1)(f))

Improving our products and services

Aggregated, de-identified usage data

Legitimate interest (Art. 6(1)(f))

Legal compliance

As required by applicable law

Legal obligation (Art. 6(1)(c))

 

Where we rely on legitimate interest as the lawful basis, our legitimate interests are: ensuring the security and integrity of our platform and preventing fraud; understanding how our Services are used so we can improve them; and operating our business effectively. We have conducted balancing tests to ensure these interests do not override your fundamental rights and freedoms.

Where we rely on consent, you may withdraw your consent at any time. See "Your Rights" and "Your EEA/UK Legal Rights" below for details.

How We Use Your Personal Data

Shiftwave uses the personal information we collect for the following purposes:

Authentication: We use your phone number and email address to send SMS messages or emails containing one-time authentication codes or links to verify your identity when accessing our website or Apps.

Service Communication: We use your contact information to notify you about your account, service updates, and necessary legal notices through SMS or email. This includes information about your purchase, order status, and any changes to our Services.

Operating the Chair and Apps: We use your Health Data and Session Data to operate the biofeedback system, display real-time metrics during sessions, sync your data across the Control App and Companion App, and provide you with session history and wellness insights (Mini Lab insights). This processing requires your explicit consent.

AI Coach Recommendations: With your explicit consent, the AI Coach analyses your Health Data, Session Data, and stated wellness goals to generate personalised protocol recommendations. See "Automated Decision-Making and Profiling" below for details about how this works and your rights.

Marketing: With your explicit consent, we may send you promotional materials or updates about new features, events, or offers from Shiftwave. You can opt out of these communications at any time by following the opt-out instructions provided in each message.

Shiftwave does not sell, rent, or share your personal information with third parties for their marketing purposes.

We only share your data with trusted service providers in order to facilitate communication or deliver services. These providers are contractually obligated to protect your information and comply with all applicable privacy and security laws.

We may also use your personal data for internal purposes, such as improving our services, analyzing user behavior, and ensuring the security and integrity of our platform. Additionally, we may use your data to detect and prevent fraud, unauthorized access, or other criminal activity.

If you have any questions or concerns about how we use your personal data, please contact us using the information provided in the Contact Information section below.

Automated Decision-Making and Profiling

The AI Coach feature within our Apps uses automated processing to evaluate your personal data. Under GDPR Article 4(4), this constitutes profiling. We want to be transparent about how this works.

What the AI Coach does: The AI Coach analyses patterns in your heart rate, HRV, and SpO2 readings across sessions; considers your session frequency, duration, and selected protocols; incorporates your stated wellness goals and preferences; and generates recommendations for protocols, session intensity, and session scheduling tailored to your profile.

This is profiling, not solely automated decision-making: The AI Coach provides recommendations only. You retain full control over which protocols you use, and you are never required to follow AI Coach suggestions. The AI Coach does not make decisions that produce legal effects concerning you or similarly significantly affect you.

Your rights regarding profiling: You have the right to:

- Request an explanation of how any specific recommendation was generated, including which data inputs were most significant.

- Request human review of any AI Coach recommendation by contacting info@shiftwave.co.

- Express your point of view and contest any recommendation.

- Opt out of AI Coach profiling entirely through the Settings menu in either App, without losing access to the Chair or manual protocol selection.

- Request deletion of your AI Coach profile data at any time.

If we make changes to the AI Coach that would cause it to produce decisions with legal effects or similarly significant effects on you, we will obtain your explicit consent before implementing such changes.

Marketing

At Shiftwave, we respect your preferences regarding marketing communications. If you wish to receive promotional emails or SMS messages about our products, services, or special offers, you must provide your explicit consent.

This consent can be given during the account creation process, through a separate opt-in form, or by replying to a marketing message with your preference.

You may opt out of receiving marketing communications at any time. To do so, simply follow the opt-out instructions included in each message, such as replying with "STOP" to unsubscribe from SMS messages or clicking the "Unsubscribe" link in email communications.

Additionally, you can manage your marketing preferences directly through your account settings on our website or in the Apps, or by contacting us using the information provided in the Contact Information section below.

We may use your email address and phone number to send you marketing messages, including but not limited to updates about new features, events, or offers. However, we will not use your information for marketing purposes without your explicit consent.

If you have any questions or need further assistance regarding our marketing practices, please reach out to us using the contact information provided in the Contact Information section below.

A2P 10DLC Compliance

To ensure compliance with the A2P 10DLC (Application-to-Person 10-Digit Long Code) regulations for SMS messaging, Shiftwave adheres to the following practices:

Consent: We obtain explicit consent before sending any SMS messages. You will be informed about the purpose of these messages during the sign-up or opt-in process.

Opt-Out Options: Every SMS message we send includes an option for you to opt out of further communications by replying "STOP" to unsubscribe.

Data Security: All SMS messages sent are secured in compliance with industry standards to prevent unauthorized access or misuse.

Cookies and Tracking Technologies

When you visit our website, we use cookies and similar tracking technologies to enhance your user experience, analyze site traffic, and improve our services.

These technologies help us understand how visitors use our site, which allows us to make informed decisions to enhance functionality and performance.

Cookie Consent

When you first visit our website, you will be presented with a cookie consent banner that allows you to accept or reject non-essential cookies before they are placed on your device. You may accept all cookies, reject all non-essential cookies, or customize your preferences by category. Non-essential cookies (including analytics cookies) are not activated until you provide your consent. You can change your cookie preferences at any time through the cookie settings link in our website footer.

Types of Cookies

Strictly Necessary Cookies

These cookies are essential for the website to function properly. They enable core features such as localization, shopping cart functionality, checkout security, and session management. Because they are required for site operation, they cannot be disabled.

Cookie Name

Provider

Purpose

Duration

localization

Shiftwave / Shopify

Stores the visitor's country or region to display localized content (e.g., pricing, availability).

~1 year

cart_currency

Shiftwave / Shopify

Remembers the selected currency to ensure consistent pricing during browsing and checkout.

~2 weeks

_shopify_s

Shopify

Maintains session state and enables basic site functionality such as navigation and cart persistence.

~30 minutes

_shopify_essential

Shopify

Enables core commerce and security features, including fraud prevention, secure checkout, and session integrity.

1 year

 

Analytics & Performance Cookies

These cookies help Shiftwave understand how visitors interact with the site so performance and user experience can be improved. The data collected is aggregated and not used to directly identify individuals. These cookies are only activated with your consent.

Cookie Name

Provider

Purpose

Duration

_shopify_y

Shopify

Assigns a unique identifier to recognize returning visitors and support aggregated analytics reporting.

~2 years

_shopify_analytics

Shopify

Collects anonymized usage data (such as page interactions and session behavior) to analyze site performance and improve user experience.

1 year

 

Third-Party Cookies

We use third-party cookies on our website, which are set by external services.

Shopify: The platform that powers our e-commerce website. Shopify may use cookies to manage user sessions, track website performance, and provide analytics.

Managing Your Cookie Preferences

You can manage your cookie preferences at any time by clicking the cookie settings link in our website footer. You may also control cookies through your browser settings. Most browsers allow you to control cookies by adjusting the settings in the browser's privacy or security options.

However, please note that disabling or refusing strictly necessary cookies may result in some parts of our website becoming inaccessible or not functioning properly.

If you have any questions or concerns about our use of cookies or tracking technologies, please refer to the Contact Information section below.

Disclosures of Your Personal Data

We may share your personal data with the following parties for the purposes outlined in this Privacy Policy:

Service Providers: We share your information with trusted third-party service providers who assist us in delivering our Services. These include:

- Shopify: E-commerce platform hosting our website and processing orders.

- Affirm: Financing provider for installment payment options.

- HubSpot: Sales and marketing platform

- TrueMed: HSA/FSA payment processing.

- Consentmo: GDPR consent management and data subject access request processing.

- Supabase: Cloud infrastructure hosting for App data and Health Data storage.

- SMS and email service providers: For authentication codes and marketing communications.

These providers are contractually obligated to protect your information and comply with all applicable privacy and security laws. We have entered into data processing agreements with each provider that include, where applicable, the EU Standard Contractual Clauses.

Legal Obligations: We may disclose your personal data if required by law, regulation, or legal process, or to protect the rights, safety, or property of Shiftwave or others.

Business Transfers: In the event of a merger, acquisition, or sale of all or part of our business, we may transfer your personal data to the relevant third party. Your data will continue to be subject to the same level of protection outlined in this Privacy Policy.

International Transfers: We may transfer your personal data to countries outside of your own, including the United States. For details on the safeguards we use, including the EU-U.S. Data Privacy Framework and Standard Contractual Clauses, please see the International Transfers section below.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Third parties offering products or services through our website will not be given your personal information without your explicit permission.

International Transfers

We are based in the United States and may process, store, and transfer your personal information to countries outside your own, including Thailand, Denmark, and the United States, where privacy laws may differ from those in your country.

When transferring personal data from the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, we ensure an adequate level of protection by implementing appropriate safeguards.

For transfers from the EEA or Switzerland, we rely on the EU-U.S. Data Privacy Framework (DPF), the Swiss-U.S. Data Privacy Framework, and Standard Contractual Clauses (SCCs) as approved by the European Commission (Implementing Decision (EU) 2021/914).

For transfers from the UK, we rely on the UK-U.S. Data Bridge and the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs.

These legal mechanisms ensure that your personal data receives a level of protection comparable to that within the EEA, UK, or Switzerland.

We maintain SCCs and the UK IDTA as additional or alternative transfer safeguards, in case the DPF adequacy decision is invalidated in the future.

If you have any questions about the specific mechanisms used for international data transfers, please refer to the Contact Information section below.

Data Security

We use industry-standard security measures, such as encryption and access controls, to protect your personal data from unauthorized access, use, or disclosure. Shiftwave ensures that our service providers adhere to strict privacy and security obligations.

All personal information collected through our Services is protected using appropriate technical and organizational measures. These include, but are not limited to, encryption of data both at rest and in transit, secure access controls, and regular security audits to identify and mitigate potential vulnerabilities.

Health Data collected through the Chair and Apps is encrypted end-to-end during Bluetooth transmission from the Chair to the Control App, during synchronisation between Apps, and during transfer to our cloud infrastructure. Access to Health Data is restricted to authenticated users of your account.

Access to your personal information is restricted to Shiftwave employees, contractors, and third-party service providers who have a legitimate business need to access such information. These individuals and entities are required to maintain the confidentiality of your data and are subject to contractual obligations to comply with applicable privacy and security laws.

We have implemented procedures to address any suspected data breaches and will notify you and any applicable regulatory authority if a breach occurs and we are legally required to do so.

These security measures apply to the Shiftwave e-commerce website, Apps, and cloud systems. We do not exercise control over how your information is stored, maintained, or displayed by third parties or on third-party platforms.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected. The following specific retention periods apply:

Account and contact data (phone number, email, name): retained for the duration of your account, plus six (6) months following account deletion to handle any outstanding matters.

Transaction and order data: retained for seven (7) years from the date of transaction for tax and legal compliance purposes.

Health Data (HR, HRV, SpO2 session readings): retained for twenty-four (24) months from the date of the session, after which individual readings are aggregated and de-identified.

Session Data: retained for the duration of your account.

AI Coach profile data: retained for the duration of your account or until you opt out of AI Coach profiling, whichever is earlier. Upon opt-out, profile data is deleted within thirty (30) days.

Marketing preferences and consent records: retained for three (3) years from the date of last interaction or until consent is withdrawn.

Cookie and analytics data: retained for the duration specified in the cookie table above.

Guest Mode data: stored locally on the device during the session only and deleted when the session ends, unless the guest creates an account.

If you choose to delete your account or opt out of communications, we will delete your data in accordance with the periods above, except where required by law to retain it.

When your data is no longer required, we take steps to delete or anonymize it securely. Following cancellation or termination of your account, Shiftwave may continue to utilize personally de-identified and anonymized historical data associated with your use of the Shiftwave wellness chair for the purpose of improving our products and services.

Your Rights

You have the right to:

Opt-out of receiving SMS or email messages at any time by following the opt-out instructions provided in each message.

Access, update, or delete your personal information by contacting us.

Withdraw consent for us to use your personal information at any time, where applicable. This includes the ability to withdraw consent for Health Data processing through the Settings menu in either App.

Opt out of AI Coach profiling through the Settings menu in either App.

To exercise these rights, please refer to the Contact Information section below for details on how to reach us, or visit our GDPR Compliance page. We will take reasonable steps to accommodate your request, provided it does not violate any applicable laws or negatively impact the accuracy of the information.

Please note that we cannot delete your personal data except by also deleting your user account. If you wish to delete your account, you may do so through our GDPR Compliance page or by contacting us using the details in the Contact Information section below.

Children's Privacy

Shiftwave's Services are not directed toward children under the age of 16. We do not knowingly collect personal information from individuals under 16 years of age. The Chair may only be purchased by individuals aged 18 or older. If we become aware that a child under 16 has provided us with personally identifiable information, we will take steps to delete such information from our systems as soon as possible.

If you believe that we have collected personal information from a child under 16, please contact us using the information provided in the Contact Information section below so that we can take appropriate action.

Do Not Track Policy

Shiftwave does not respond to Do Not Track ("DNT") signals or other similar privacy preference mechanisms that may be available in your browser or device settings.

This is because the meaning and scope of DNT signals are still evolving, and there is no universally accepted standard for how websites and services should respond to them.

However, you can manage your privacy preferences by adjusting your browser settings, using our cookie consent controls, or using privacy tools to control the collection and use of your data.

Shiftwave respects your right to make choices about how your information is collected and used, and we encourage you to review and update your browser settings and cookie preferences regularly to align with your privacy preferences.

Enforcement and Dispute Resolution

If you have any questions, complaints, or disputes regarding the manner in which Shiftwave handles or protects your personal information, please contact us.

Shiftwave will investigate and attempt to resolve complaints and disputes in a reasonable time and in a manner that complies with the principles described in this Policy.

With respect to any complaints related to this Policy that cannot be resolved through our internal process, you agree to participate in the dispute resolution procedures set forth by the American Arbitration Association.

For EU/EEA/UK residents: The dispute resolution and arbitration provisions in the preceding paragraph are subject to the EU/EEA/UK Addendum to our Terms of Service, which preserves your right to bring proceedings in the courts of your country of habitual residence and disapplies mandatory pre-dispute arbitration requirements. You may also lodge a complaint with your national data protection supervisory authority at any time (see "Your EEA/UK Legal Rights" below).

Shiftwave is headquartered in California, United States of America. The laws of the State of California will govern this Policy, as well as any claim that might arise between you and us, without regard to conflict of law provisions. For EU/EEA/UK residents, this choice of law does not deprive you of the protection afforded by mandatory provisions of the law of your country of habitual residence.

Your California Privacy Rights

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) regarding your personal information. These rights include:

Right to Access: You may request access to the personal information we collect about you.

Right to Delete: You may request the deletion of your personal information, subject to certain legal or operational exceptions.

Right to Opt-Out of Sale: You may opt out of the sale of your personal information. However, we do not sell your personal information, as outlined in our Privacy Policy.

Right to Non-Discrimination: You may exercise any of these rights, and we will not discriminate against you for doing so.

To make any of these requests, please contact us using the information provided in the Contact Information section below.

Your Canadian Privacy Rights

Shiftwave complies with Canadian privacy laws and regulations, including the Personal Information Protection and Electronic Documents Act (PIPEDA).

We collect, use, and disclose personal information only for the purposes outlined in this Privacy Policy or with your explicit consent.

If you are a resident of Canada, you have the following rights regarding your personal information:

Access: You may request access to the personal information we hold about you.

Correction: You may request that we correct any inaccuracies in your personal information.

Opt-out: You may opt out of receiving marketing communications or other uses of your personal information, subject to legal and contractual restrictions.

Complaint: You have the right to file a complaint regarding our handling of your personal information.

To exercise these rights or to contact us regarding your personal information, please reach out to us using the Contact Information section below. For more information about your privacy rights under Canadian law, you may visit www.priv.gc.ca

Your EEA/UK Legal Rights

If you reside in the EEA or UK, you have certain rights under data protection laws in relation to your personal data. These rights apply to all personal data we process about you, including Health Data collected through the Chair and Apps.

Request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data corrected, though we may need to verify the accuracy of the new data you provide.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully, or where we are required to erase your personal data to comply with local law. Note that we may not always be able to comply with your request for erasure for specific legal reasons, which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation that makes you want to object to processing on this ground as you feel it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: if you want us to establish the data's accuracy; where our use of the data is unlawful but you do not want us to erase it; where you need us to hold the data even if we no longer require it as you need it to establish, exercise, or defend legal claims; or you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. You may also request that we transmit your data directly to another controller, where technically feasible.

Withdraw consent at any time where we are relying on consent to process your personal data, including consent for Health Data processing. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent for Health Data processing, the biofeedback and AI Coach features will be disabled, but you may continue to use the Chair with manual protocol selection. You can withdraw consent through the Settings menu in either App or by contacting us.

Rights in relation to automated decision-making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. For details about the AI Coach's profiling and your rights, see "Automated Decision-Making and Profiling" above.

Right to lodge a complaint: If you believe that our processing of your personal data infringes applicable data protection law, you have the right to lodge a complaint with your national data protection supervisory authority. You can find details of your supervisory authority at https://edpb.europa.eu/about-edpb/about-edpb/members_en for EEA authorities, or at https://ico.org.uk for the UK Information Commissioner's Office.

For details on the transfer safeguards we use to protect your data, including the EU-U.S. Data Privacy Framework and Standard Contractual Clauses, please see the International Transfers section above.

If you wish to exercise any of the rights set out above, please visit our GDPR Compliance page or refer to the Contact Information section below. We will respond to your request within one (1) month. This period may be extended by two further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of the request.

Whether provision of data is a statutory or contractual requirement: Providing your contact data (email, phone number) is a contractual requirement for account creation and purchase processing. You cannot create an account or purchase the Chair without providing this data. Providing Health Data is not a contractual requirement; it is based on your explicit consent and you may use the Chair without enabling biofeedback features.

Data Protection Impact Assessment

Shiftwave has conducted a Data Protection Impact Assessment (DPIA) under GDPR Article 35 for the processing of Health Data through the Chair and Apps, including the AI Coach profiling functionality. The DPIA evaluates the necessity and proportionality of the processing, the risks to your rights and freedoms, and the measures we have implemented to mitigate those risks. A summary of the DPIA is available upon request by contacting our Data Protection Officer.

Glossary

Personal Information: Any information that can be used to identify an individual, such as your name, email address, or phone number. At Shiftwave, we collect personal information to provide you with our Services, authenticate your account, and communicate with you about your purchases, account updates, or marketing opportunities.

Health Data: Personal data relating to your physical or mental health that reveals information about your health status. At Shiftwave, this includes heart rate, heart rate variability, and blood oxygen saturation measurements collected through the Chair's biofeedback sensors. Under the EU/UK GDPR, Health Data is classified as special category data requiring explicit consent for processing.

Profiling: Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's health, personal preferences, or behaviour. The AI Coach performs profiling to generate personalised protocol recommendations.

Cookies: Small text files that are stored on your device when you visit our website. Cookies help us improve your experience by remembering your preferences, tracking your activity, and analyzing site traffic. You can manage or disable cookies through your browser settings or our cookie consent controls.

Data Processing: The act of collecting, storing, analyzing, or using personal information for specific purposes. At Shiftwave, data processing is conducted to ensure the proper functioning of our Services, improve user experience, and comply with legal obligations.

Third-Party Service Providers: These are external companies or services that we engage to help us provide our Services. Examples include Shopify, Affirm, TrueMed, SMS gateway providers, email service providers, and cloud infrastructure providers.

Explicit Consent: A clear, affirmative statement by which you specifically agree to the processing of your personal data for a stated purpose. For Health Data, explicit consent requires a separate, specific consent action distinct from acceptance of general terms.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. When we make material changes, we will notify you by posting the updated policy on our website and in the Apps, and, where appropriate, by email or other direct communication. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

Contact Information

If you have any questions, comments, or requests regarding this Privacy Policy or our data practices, please contact us at info@shiftwave.co

You may also reach us by mail at:

Cofactor Systems, Inc.
513 Garden St, STE G
Santa Barbara CA 93101
United States

Data Protection Officer

For data protection enquiries and to exercise your data subject rights:

Email: info@shiftwave.co

You may also exercise your rights through our GDPR Compliance page.

EU/EEA Representative (Article 27 GDPR)

In accordance with Article 27 of the GDPR, we have designated the following representative in the EU:

To be appointed 

UK Representative (Article 27 UK GDPR)

In accordance with Article 27 of the UK GDPR, we have designated the following representative in the United Kingdom:

To be appointed

30-Day Promise

If you're not satisfied, return your Shiftwave within 30 days for a full refund (excluding shipping). We’re confident you won’t.

Premium Support

From personalized setup to ongoing assistance, our expert team ensures you get the most out of your Shiftwave.

Finance Options

For U.S. customers: as low as 0% APR available with Affirm. Subject to eligibility. Commercial financing available.

Pay with HSA/FSA

Save an average of 30% using pre-tax dollars.
Learn More

The Shiftwave Pro

Product
Benefits
How it works
Protocols
Supported Devices
BioDrive® Guide
Research
Try Shiftwave

Company

About
Team
Testimonials
Insights
Events
Social Media
Partner Program

Support

Help Center
Try Shiftwave
Contact Us
Press Room
Refund Policy
513 Garden Street, Ste G
Santa Barbara, CA 93101 +1 (805) 395-2070
BBB Accredited Business

Shiftwave is designed for general wellbeing and is not intended to diagnose, treat, cure, or prevent any disease. Individual experiences may vary.

© 2026 Shiftwave®. 
  • Amazon
  • American Express
  • Apple Pay
  • Diners Club
  • Discover
  • Google Pay
  • Mastercard
  • Visa