Welcome to Rostr ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.
1. Information We Collect
1.1 Information You Provide
- Account Information: Email address, phone number, and name when you create an account
- Profile Information: Profile photo (optional) and role preferences
- Work Information: Availability schedules, shift preferences, and time clock entries
- Communications: Messages and notifications you send through the app
1.2 Information Collected Automatically
- Device Information: Device type, operating system, and unique device identifiers
- Location Data: GPS coordinates when you clock in/out (only when you grant permission)
- Usage Data: App features used, time spent in app, and interaction patterns
- Log Data: IP address, browser type, and error logs
1.3 Information from Third Parties
- Authentication Providers: If you sign in using third-party services
- Payment Processors: Subscription and payment information (processed securely by RevenueCat and app stores)
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve our services
- Process and manage your account and subscriptions
- Enable shift scheduling and time tracking features
- Verify location for clock-in/clock-out (when enabled)
- Send notifications about shifts, schedule changes, and requests
- Provide customer support and respond to inquiries
- Analyze usage patterns to improve user experience
- Detect, prevent, and address technical issues and fraud
- Comply with legal obligations
3. Information Sharing and Disclosure
We may share your information in the following circumstances:
3.1 With Your Employer/Organization
If you use Rostr through an organization, your employer or administrator may have access to your work-related information including schedules, time entries, and availability.
3.2 Service Providers
We share information with third-party service providers who perform services on our behalf:
- Supabase: Database and authentication services
- RevenueCat: Subscription management
- Google Play / Apple App Store: App distribution and payments
- Push Notification Services: For delivering notifications
3.3 Legal Requirements
We may disclose information if required by law, legal process, or government request, or to protect the rights, property, or safety of Rostr, our users, or others.
- Sell your personal information to third parties
- Share your data for advertising purposes
- Use your information for purposes unrelated to our services
4. Data Security
We implement appropriate technical and organizational security measures to protect your information:
- Encryption of data in transit and at rest
- Secure authentication with OTP verification
- Regular security assessments and updates
- Access controls and audit logging
- Secure cloud infrastructure (Supabase)
However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
5. Data Retention
We retain your information for as long as your account is active or as needed to provide services. Specifically:
- Account Data: Until you delete your account
- Time Entries: Retained for payroll and legal compliance (typically 3-7 years)
- Usage Logs: Up to 90 days for troubleshooting
You can request deletion of your account and personal data at any time.
6. Your Rights and Choices
Depending on your location, you may have the following rights:
- Access: Request a copy of your personal data
- Correction: Update or correct inaccurate information
- Deletion: Request deletion of your personal data
- Portability: Receive your data in a portable format
- Opt-out: Unsubscribe from marketing communications
- Location: Disable location services in your device settings
- Notifications: Manage push notification preferences
To exercise these rights, contact us at the email below.
7. Location Data
Rostr uses location data for the following purposes:
- Verifying clock-in/clock-out at work sites (geofencing)
- Ensuring accurate time tracking for payroll
Location access is:
- Only collected when you explicitly grant permission
- Only used during clock-in/clock-out actions
- Not continuously tracked in the background
- Can be disabled at any time in your device settings
8. Children's Privacy
Rostr is not intended for use by children under 16 years of age. We do not knowingly collect personal information from children under 16. If we learn we have collected information from a child under 16, we will delete it promptly.
9. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the new policy on this page
- Updating the "Last Updated" date
- Sending a notification through the app (for significant changes)
Your continued use of Rostr after changes constitutes acceptance of the updated policy.
11. Third-Party Links
Our app may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.
12. Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us:
Email: hi@getrostr.com
13. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed
- Right to opt-out of the sale of personal information
- Right to non-discrimination for exercising your rights
We do not sell personal information. To exercise your CCPA rights, contact us at the email above.
14. European Privacy Rights (GDPR)
If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):
- Right of access, rectification, and erasure
- Right to restrict or object to processing
- Right to data portability
- Right to withdraw consent
- Right to lodge a complaint with a supervisory authority
Our legal basis for processing includes: contract performance, legitimate interests, and consent.