1. Introduction

RosterThat ("we", "us", or "our") operates the rosterthat.com website and platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully. By using the Service, you consent to the practices described in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

Account Information: When you create an account, we collect your name, email address, and password.
Organization Data: Organization name, settings, and configuration preferences.
People Records: Names, email addresses, phone numbers, and notes for individuals you add to your organization's rosters. This data is entered by organization administrators and may include personal information of third parties.
Roster and Scheduling Data: Roster configurations, assignments, availability, group memberships, swap requests, and related scheduling information.
Billing Information: When you subscribe to a paid plan, payment processing is handled by Stripe. We do not store your full credit card number. We receive limited billing details (such as the last four digits of your card and billing address) from Stripe for record-keeping purposes.

2.2 Information Collected Automatically

Usage Data: We may collect information about how you interact with the Service, including pages visited, features used, and actions taken.
Device and Browser Information: IP address, browser type, operating system, and device identifiers.
Cookies: We use essential cookies to maintain your session and authentication state. We do not use third-party tracking or advertising cookies.

3. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve the Service
Process your account registration and manage your subscription
Send roster assignment notifications, swap request emails, and portal links on your behalf
Process payments and manage billing
Respond to your inquiries and provide customer support
Monitor and analyze usage trends to improve the Service
Detect, prevent, and address technical issues or security threats
Comply with legal obligations

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following limited circumstances:

Service Providers: We use third-party services to operate the platform, including:
- Supabase — database hosting and authentication
- Stripe — payment processing
- Resend — email delivery
- Vercel — application hosting
These providers only access your data as needed to perform their services and are bound by their own privacy policies.
Within Your Organization: Other members of your organization may see roster data, people records, and assignments as permitted by their role.
Portal Access: When you generate portal links for individuals, those individuals can view their own assignments and submit availability information.
Public Rosters: If you enable public sharing for a roster, anyone with the share link can view that roster's assignments.
Legal Requirements: We may disclose your information if required by law, regulation, legal process, or government request.

5. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or compliance purposes. Organization data (rosters, people records, assignments) is deleted when the organization is deleted by its owner.

6. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS/SSL), secure authentication, and row-level database security to ensure organization data isolation. However, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate or incomplete data.
Deletion: Request deletion of your personal data, subject to legal retention requirements.
Data Portability: Request your data in a structured, machine-readable format (CSV export is available within the Service).
Opt-Out: You may opt out of non-essential communications at any time.

To exercise any of these rights, please contact us at support@rosterthat.com.

8. Third-Party People Data

Organization administrators may enter personal information (names, emails, phone numbers) of individuals who are not direct users of the Service. If your personal information has been added to RosterThat by an organization administrator and you wish to access, correct, or delete this data, please contact the organization administrator directly or reach out to us at support@rosterthat.com.

9. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and how it is used, the right to request deletion, and the right to non-discrimination for exercising your privacy rights. We do not sell personal information as defined by the CCPA.

10. Children's Privacy

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected data from someone under 18, we will take steps to delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

12. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us at:

Email: support@rosterthat.com

Address: 383 US-51, Batesville, MS 38606, United States