Privacy Policy
Last updated: 2026-05-06 · Version 1.0 (beta)
1. Who we are
RosterPilot, based in Melbourne, Victoria, Australia. Contact: melbourneairostering@gmail.com. We are the data controller for workspace owner data and the data processor for staff records on behalf of each operator.
2. What we collect
| From whom | What | Why |
|---|---|---|
| Workspace owner | Email, name, password (hashed), business name, address, ABN, bank details (via Stripe) | Account, billing, support |
| Staff (added by owner) | Name, email, phone, hourly rate, role, TFN, visa expiry, bank, emergency contact, shift records, timesheets, leave | Roster, payroll, payroll compliance |
| Automatic | IP, device, log events, error reports | Security, debugging, abuse prevention |
3. How we use it
- Operate the service (login, billing, rostering, payroll calculations).
- Send notifications (shift published, daily reminders, supplier orders).
- Improve the service (aggregated analytics, no individual profiling).
- Comply with legal obligations.
We do not sell your data. We do not use it for advertising. We do not train AI models on staff personal data.
4. Sensitive data (TFN, bank, visa)
- TFN, bank details, visa info are highly sensitive. They are stored in Firestore with strict access rules: only the staff member themselves and the workspace owner can read.
- We do not log these fields. We do not display them in the service after they are entered (masked by default).
- If you suspect compromise, contact us immediately.
5. Where it lives
- Primary database: Google Firebase Firestore, hosted in australia-southeast1 (Sydney).
- Authentication: Google Firebase Authentication.
- Payments: Stripe (USA + EU). We never see your card details.
- Email delivery: SendGrid (USA, owned by Twilio).
- SMS delivery: Twilio (USA).
- Logging: Google Cloud Logging.
6. Sharing
We share your data only with:
- Service providers above (Google, Stripe, SendGrid, Twilio) under their privacy policies.
- Law enforcement when legally required (we will notify you unless prohibited).
- A buyer of our business (you'll be notified).
7. Your rights (Australian Privacy Principles)
- Access: ask for a copy of your data.
- Correction: ask us to fix incorrect data.
- Deletion: cancel and we delete after 90-day grace period.
- Complaint: email us first; if unresolved, contact OAIC (oaic.gov.au).
Email melbourneairostering@gmail.com to exercise any right. We respond within 30 days.
8. Staff data (the people working at the workspace)
You — the workspace owner — are the data controller for your staff data. You decide retention, you respond to their requests. RosterPilot is your data processor.
You must inform staff that their data is processed by RosterPilot and provide them this Privacy Policy URL.
9. Security
- HTTPS everywhere.
- Multi-tenant isolation: each workspace's data separated by Firestore rules + auth claims.
- Passwords hashed by Firebase Authentication.
- Card details handled by Stripe only.
- Sensitive fields (TFN, bank) protected by per-collection rules.
10. Retention
- Workspace data: kept while subscription is active.
- Cancelled accounts: 90-day grace period then permanently deleted.
- Payroll records: kept up to 7 years (Australian Tax Office requirement).
- Logs: 30 days.
11. Children
The service is for businesses, not children. We do not knowingly collect data from anyone under 16 (except in the staff context where parents/guardians have consented).
12. Changes
We notify operators by email 30 days before any material change.