Shift Browser keeps your data protected by encrypting your local storage, network traffic, and saved passwords on your device. Because Shift isolates your workspaces, your data remains secure and inaccessible to outside tracking.

How sign-in works in Shift

When you create an account, you've got a few ways to log in. You can use your Google, Microsoft, or Apple account. You can also create a unique login with an email and a password.

We use AWS Cognito to handle this. It's a trusted service that keeps credentials safe.

• OAuth logins: If you use Google, Microsoft, or Apple, they handle the security. This includes your Multi-Factor Authentication (MFA) and threat alerts.

• Email and password: Shift secures this method using AWS Cognito to encrypt and manage your details.

What happens when you add an email account?

Shift doesn't add your email by default to keep you in control. You'll need to use the Email App, which is a specialized app that lives in your sidebar. This native integration connects your inbox directly to your Space.

Adding your Email App:

1. Open the App Directory in the sidebar.

2. Add the Email App to your setup.

3. Sign in using your provider’s secure login screen.

This process gives the local Shift app permission to show your inbox and send you notifications. Shift doesn't store your email content or your login details. Everything stays on your computer. 

What Shift can and can't access

We've designed Shift to be a "local-first" tool. This means your most sensitive data never reaches our cloud.

Shift can access:

• Identity tokens to verify your account.

• Access tokens for your apps (stored only on your device).

Shift cannot access:

• The content of your messages.

• Your calendar appointments.

• Your private attachments or contacts.

Learn more in our Security in Shift article and Privacy Policy FAQ. 

Importing data from your old browser

When you first download Shift, it'll ask to import your bookmarks and saved passwords. This helps you get started quickly. While Shift accesses your old browser to do this, that data stays local. We don't upload your bookmarks or passwords to any servers.

Why Shift Browser is secure

Shift is very secure because it uses industry-standard tools like OAuth and AWS Cognito. Since your access tokens stay on your device, there's no central database of your messages for anyone to hack. We don't store your inbox content, so your privacy is built into the code.

Related Articles 

• Shift’s Privacy Policy
• Security in Shift
• Shift Privacy Policy FAQ

More questions? Still, feeling a little unsure? Get in touch with our support team to help ease your mind!