ShiftGuard

Hourly workers lose $50 billion a year to wage theft. ShiftGuard catches it in 30 seconds: snap your paystub, we audit every line and tell you exactly what you're owed. For workers and their unions.

Comment

Inspiration

All five of us, Ayaan, Musa, Rayyan, Golam, and Nameer, walked into this hackathon with the same thing in our heads even though we'd never said it out loud. We'd all grown up watching someone close to us get underpaid and just eat it.

One of our dads drove a taxi for close to twenty years. The fleet's dispatch software always rounded his meter time down, never up. That's real money over twenty years that he never saw. Another of us watched an uncle pull double shifts at a halal restaurant, bussing tables and cooking, and the tip pool at the end of the night was always mysteriously lighter than what had come in. One of us worked a warehouse summer job where you clock in at 7:45 and the system docks you back to 8:00 every single day. Another of us has a cousin who does home care, and she doesn't get paid for the twenty minutes she drives between clients even though it's still work.

These aren't stories we made up for a pitch deck. This is our community. MSA is where a lot of these conversations first got said out loud, because MSA is full of people whose parents drove taxis, ran corner stores, worked gas stations, and bussed tables to put us through school. Most of those parents have stories exactly like the ones above.

So we went and talked to the people we're trying to help. We ran 5 in-depth interviews with hourly workers across industries and 25 more people completed our questionnaire. A nurse at a big Texas hospital who'd been fighting her employer for six months over a night differential they kept "forgetting" to pay. A DoorDash driver whose in-app earnings didn't match his bank deposits three weeks in a row. A woman who works six days a week at a nail salon and has never been paid overtime in her life. A warehouse worker whose break time counts against his paid hours but whose off-the-clock setup work doesn't. A home health aide who works three twelve-hour shifts and was told the "break" during the patient's nap doesn't count, even though she's required to stay on site. Thirty real people gave us thirty real reasons this had to exist.

The pattern in those conversations was brutal and consistent: the people most exposed to wage theft are the people with the least room to lose it. The Economic Policy Institute backs this up. Low-wage workers lose an average of $3,300 a year to minimum-wage violations alone, which is roughly a quarter of their annual earnings. Over $50 billion a year gets stolen from American workers, more than every property crime (robbery, burglary, car theft) combined. Black and Latino workers are two to three times more likely than white workers in the same jobs to be shorted. Workers with limited English, undocumented workers, and anyone in cash-heavy industries like restaurants and home care are the most exposed of all. Those are the people in our families and in our MSA.

ShiftGuard is for them. A tool that does the math on your own phone, before you sign off on the paycheck. No HR department, no lawyer, no forms. Thirty seconds that tells you whether you got paid what you actually earned.

What it does

You take a photo of your paystub and ShiftGuard tells you if the numbers add up. Under the hood it runs in two stages. OCR.space reads the image and keeps the table structure intact, which matters because paystubs have side-by-side columns (current pay next to year-to-date) that vision models love to mash together. Claude then maps the extracted text into a fixed JSON shape. A comparison engine checks every line against federal overtime rules, your state's rules, industry-specific stuff like healthcare night differentials or restaurant tip-credit floors, and any union contract premiums if you're covered. Anything short shows up in a line-by-line ledger with the exact dollars missing.

On top of that, there's a shift logger for punching hours, a geofence feature that reminds you to clock out when you leave your worksite, an Ask Your Paychecks tool that answers questions about your saved stubs entirely on-device, an overtime calculator that knows your state's actual rules, and five walkthrough demos (an ICU nurse, a warehouse worker, a long-term care aide, a restaurant server, and a nurses union organizer). Pro is $7.99 a month. Deep Audit is a $14.99 one-time six-month look-back. The org plan is seat-based for healthcare labor organizations like NNU.

How we built it

React 19, Vite 8, Tailwind v4 on the front end. Anthropic Claude Sonnet 4.6 for structured paystub mapping, OCR.space Engine 2 for the first-pass text extraction. Everything runs in the browser. We do not run a server that stores any of your data.

The hybrid parsing pipeline was a rewrite from a pure Vision-API version that kept losing column structure on anything more complex than a clean ADP stub. OCR first, then text-to-JSON, jumped accuracy immediately and cut per-parse cost because text tokens are cheaper than image tokens.

For security, every sensitive blob (paystubs, shifts, timesheets, the vault, verification history) is encrypted with AES-GCM 256 before it touches localStorage. The key comes from your password through PBKDF2-SHA256 at 200,000 iterations, cached in sessionStorage for the life of the tab. Reload keeps you unlocked, close the tab and you're locked. Guest mode uses a random device key so even without an account nothing is in plaintext. Strict CSP locks down where the app can talk to, and a sanitizer scrubs anything that looks like an API key out of error messages before they hit the UI.

Challenges we ran into

The paystub layout collapse was the biggest one. Claude Vision kept smashing adjacent columns together on multi-column stubs. We spent most of a day trying to prompt around it before giving up and building the hybrid pipeline, which fixed it in one commit.

Async encryption was the other hard one. SubtleCrypto is all Promises and our storage layer had roughly forty synchronous call sites. Rewriting all of them was not realistic. We built a decrypted in-memory cache that bootstraps once on sign-in, which kept reads synchronous and made writes encrypt-and-persist in the background. You don't feel it at all.

API errors kept wanting to leak. Anthropic's raw "x-api-key header is required" was showing up in the UI whenever the proxy wasn't configured, which reads like the app broke. We caught every variant, collapsed them into a single "assistant not configured" state, and made the RAG tool fall back to a deterministic on-device answer so nothing feels broken.

Accomplishments that we're proud of

We did the user research. 5 in-depth interviews and 25 completed questionnaires before we wrote a line of code. That changed what we built. The shift logger exists because one interviewee told us she couldn't remember her hours week to week. The geofence feature exists because another said he'd forget to clock out half the time. Ask Your Paychecks exists because someone told us she wished she could just ask a question about her paycheck without reading a legal document. This is a real tool shaped by real people, not something we imagined from a distance.

Our encryption is real, not a marketing word. AES-GCM 256, PBKDF2 at 200,000 iterations, session-scoped, zero plaintext on disk for anything sensitive, and invisible to the rest of the app. We ship a dedicated security page that says out loud what we protect against and what we don't, because being honest about the threat model mattered more than sounding impressive.

The hybrid OCR pipeline is the third one. Obvious in hindsight, took iteration to commit to, a lot better than anything either tool gets alone.

And we're proud that every claim on the landing page is true. Guest mode really does encrypt. The RAG tool really does run on your device. The demos really do stay inside their own industry without bleeding into each other.

What we learned

Our user research changed our minds more than once. We walked in thinking the main feature was going to be a big comparison engine and walked out knowing the most useful part of the product is often the simplest: just tell me, in plain language, how much I got shorted. Every piece of copy we wrote got better the shorter it got.

On the technical side, splitting a pipeline into specialized tools beats asking one model to do everything. sessionStorage is the right tool for "stay logged in until you close the tab." Strict CSP is not as painful as people make it out to be if you plan for it early. And defaults matter more than options. The app has to work the second you clone it.

What's next for ShiftGuard

Near term, real CBA ingestion so a union can upload a contract and get an automatic rule pack, SMS nudges for the geofence feature, and native multi-page PDF handling at the OCR layer.

Medium term, a proper organizer dashboard for healthcare labor orgs with SSO, cohort views, and per-member audit export. Mid-size nurses unions are where we think this has the most leverage.

Longer term, we want to take this outside the US. Wage theft isn't an American problem, it's a labor problem. A French chef, a UK care worker, or a Canadian server should be able to drop a payslip in and get the same answer.

The thing we care most about is the moment that started this whole project. Someone in our community picks up a short paycheck, takes a photo, and thirty seconds later knows exactly what was taken from them. Every other thing we build is in service of making that moment happen for more people.

Built With

Share this project:

Updates