Privacy Policy
Summary
Rostura is built private by design. Your emails and calendar content are never stored on our servers. Only structured shift data — dates, times, employer names — passes through our systems. Your employers never know Rostura exists.
1. Information We Collect
Account information
When you create an account, we collect your email address and a hashed password. If you sign in with Apple, we receive only the identifiers Apple provides.
Employer and shift data
When you add employers and connect calendar feeds, we store: employer names you provide, iCal/WebCal URLs, and the structured shift data extracted from those feeds (date, time, location, shift title). We also store hourly rates you enter for pay tracking.
What we never store
- Email content (Gmail, Outlook, or any email provider)
- Full calendar content beyond shift events
- Personal messages or contacts
- Location tracking or GPS data
- Employer login credentials
2. How We Use Your Data
- Display your combined shift calendar
- Detect scheduling conflicts across employers
- Calculate combined pay and tax estimates
- Send shift reminders and conflict alerts (with your permission)
- Improve Rostura's functionality
3. Data Storage and Security
Your data is stored in Supabase (hosted on AWS in Australia where available). All data is encrypted in transit (TLS) and at rest. OAuth tokens and sensitive credentials are stored on your device only using secure storage (iOS Keychain via Expo SecureStore) — they never reach our servers.
4. Third-Party Services
We use the following services to operate Rostura:
- Supabase — authentication and database hosting
- Vercel — web hosting
- PostHog — privacy-friendly analytics (no personal data shared)
- Resend — transactional emails
- Stripe — payment processing (for premium subscriptions)
We do not sell, rent, or share your personal data with third parties for marketing purposes.
5. Employer Visibility
Rostura is designed to be completely invisible to your employers. We access shift data through standard iCal/WebCal feeds that your employer's scheduling platform provides to you as an employee. We have no relationship with your employers and do not communicate with them in any way.
6. Data Retention and Deletion
Your data is retained as long as you have an active account. You can delete your account at any time, which permanently removes all your data from our systems within 30 days. Shift data stored locally on your device is removed when you uninstall the app.
7. Your Rights
You have the right to:
- Access your personal data
- Correct inaccurate data
- Delete your account and all associated data
- Export your data
- Withdraw consent for notifications at any time
8. Children
Rostura is not intended for use by anyone under the age of 16.
9. Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes via email or an in-app notification.
10. Contact
For privacy questions or data requests, contact us at privacy@rostura.com.