Privacy Policy

Last updated: April 2026

1. Introduction

Welcome to RosterOptic. We are committed to protecting your personal data and privacy. This Privacy Policy explains how we collect, use, disclose and secure your information when you use our service.

By using RosterOptic, you consent to the practices described in this policy.

2. Information We Collect

Account Information

When you register an account, we collect:

  • Email address
  • Full name
  • Organization name
  • Password (stored encrypted)

Customer Data

Data you create and store using our service:

  • Staff profiles (names, contact information, roles)
  • Scheduling rules and constraints
  • Generated rosters and shift assignments
  • Site/location information
  • Annual leave requests and time off

Usage Data

Automatically collected information:

  • IP address
  • Pages visited and features used
  • Timestamps of interactions
  • API request logs (for security and debugging)

Payment Information

Payment details are securely processed by our payment provider Paddle. We do not store full credit card numbers on our servers.

3. How We Use Your Information

  • Provide, operate, and maintain our Service
  • Generate AI-powered roster recommendations and optimizations
  • Process transactions and send billing/subscription emails
  • Send transactional emails (password reset, notifications)
  • Provide customer support and respond to inquiries
  • Improve our Service, features, and user experience
  • Detect and prevent fraud, abuse, and security incidents

We do not use your personal data for marketing purposes without your explicit consent.

4. Data Security

We implement appropriate technical and organizational measures to protect your data:

Security measures include:

  • Encryption of data in transit (TLS/SSL)
  • Encryption of data at rest (AES-256)
  • Data isolation between organizations (multi-tenant security)
  • Strong authentication (Clerk + optional MFA)
  • Role-based access controls and audit logging

While we strive to protect your data, no method of transmission over the Internet is 100% secure.

5. Third-Party Services

We use trusted third-party services to operate our platform:

  • Supabase (database hosting, authentication, real-time subscriptions)
  • Paddle (payment processing, tax calculation, subscription management)
  • Vercel (frontend hosting, CDN, serverless functions)

Review their privacy policies for details on how they handle your data.

6. Data Retention

  • Active accounts: Data retained until account deletion
  • Deleted accounts: Data purged within 30 days of deletion request
  • Audit logs: Retained for 1 year for security purposes
  • Billing records: Retained for 7 years as required by tax law

7. Your Rights (GDPR/CCPA)

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correct: Request correction of inaccurate data
  • Delete: Request deletion of your personal data
  • Export: Receive your data in a portable format (JSON/CSV)
  • Object: Object to certain types of processing

To exercise these rights, contact us at support@rosteroptic.comemail.

8. International Data Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards (such as Standard Contractual Clauses) are in place for international transfers.

9. Children's Privacy

RosterOptic is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. Continued use after changes constitutes acceptance.

11. Contact Us

For questions about this Privacy Policy, contact our Data Protection Officer at privacy@rosteroptic.com or write to: RosterOptic Privacy, .

← Back to Home