Browse businesses Browse shifters How it works AI on ShiftSee NEW Pricing For businesses For shifters Help About
Sign in Sign up free

← All posts

Sessions that cannot be replayed

Single-use sign-in tokens with automatic theft response, account deletion with a 7 day undo window, payment-due reminders, instant help answers, and the real-time engine behind our next mobile app.

  • security
  • reliability
  • mobile

Security work rarely makes headlines, but today's release is the kind that lets you sleep better without you noticing anything changed.

One token, one use

When an app stays signed in, it holds a long-lived token it trades for fresh access periodically. Until today, that trade did not retire the old token. Now it does: every renewal is single use. If a stolen token is ever replayed, we treat it as theft and revoke every session on the account automatically. Signing out now means signed out, and a password change ends every session everywhere.

Deletion with an undo window

Deleting your ShiftSee account now ends every session immediately and removes your data after a 7 day grace window. If you change your mind, sign back in within the window and restore everything with one tap. Deletion should be easy, and so should regret.

The small ones you will feel

Businesses with an unpaid invoice for a completed shift get a friendly payment-due reminder the next day, once per invoice. And questions asked in the Help section now get an instant answer grounded in our help articles, with a human follow-up when the articles fall short.

The quiet engine for what is next

Behind the scenes we shipped a sync engine that tells any ShiftSee app what changed in the last few seconds: new shifts, claims, connection requests, notifications. Our next mobile app polls it continuously, so updates appear while you watch, no push notification required. And ShiftSee now speaks MCP, the protocol AI assistants use, so you can ask Claude to check your schedule or post Friday's shift. More on that soon.