← Back to Roster ProLegal

Privacy Policy

Last updated · March 2026

This Privacy Policy describes how AI Adaptive Technologies ("we", "us", "our") collects, uses, and protects personal information through RosterPro ("the Service"). We are committed to complying with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) and, where applicable, the EU General Data Protection Regulation (GDPR).

1. Information We Collect

We collect the following categories of personal information:

Account Information

  • Name and email address (provided at registration)
  • Password (stored as a bcrypt hash — we never store plaintext passwords)
  • Organisation name and role within the organisation

Staff and Scheduling Data

  • Staff names, email addresses, phone numbers, and roles
  • Employment type, pay rates, and contracted hours
  • Date of birth (for birthday tracking, optional)
  • Visa type and work hour restrictions (optional, for compliance)
  • Availability preferences and default working days
  • Schedule shifts, shift notes, and roster history
  • Leave requests and approval status

Timeclock Data

  • Clock-in and clock-out timestamps
  • Break start and end times
  • GPS coordinates at clock-in (if geofencing is enabled by the organisation)

Technical Data

  • Browser type and version
  • Device type (desktop, mobile)
  • IP address
  • Push notification subscription details (if enabled)

2. How We Use Your Information

We use personal information to:

  • Provide, operate, and maintain the Service
  • Authenticate users and manage sessions
  • Generate rosters and scheduling reports
  • Track timeclock entries and calculate worked hours
  • Send notifications (push notifications, email reminders for shifts and availability)
  • Process leave requests
  • Generate compliance reports (visa hours, overtime, labour costs)
  • Provide customer support
  • Improve the Service based on usage patterns (aggregated, non-identifying data only)

We do not sell your personal information. We do not use your data for advertising or marketing to third parties.

3. Third-Party Integrations

RosterPro offers optional integrations with third-party payroll and accounting services. If your organisation enables these integrations, limited data may be shared:

These integrations are opt-in and require explicit authorisation by the organisation owner. No data is shared with these services unless the integration is actively connected.

We also use Stripe for payment processing. Stripe collects payment card details directly — we do not store card numbers on our servers. See Stripe's Privacy Policy.

4. Data Storage and Security

Your data is stored in a PostgreSQL database on servers located in Germany (Contabo). We implement the following security measures:

  • HTTPS encryption for all data in transit
  • Passwords hashed with bcrypt
  • Session tokens with automatic expiry (7 days) and refresh
  • Rate limiting on authentication endpoints
  • Organisation-level data isolation (multi-tenant with strict access controls)
  • Audit logging for sensitive operations

5. Cookies and Local Storage

RosterPro uses essential cookies and browser local storage for:

  • Session cookies — to keep you logged in. These are strictly necessary and cannot be disabled.
  • Theme preference — stored in local storage (light/dark mode).
  • Push notification subscription — stored in the browser for delivering notifications.

We do not use analytics cookies, advertising cookies, or third-party tracking scripts.

6. Data Retention

We retain your data for as long as your account is active. After account deletion:

  • Personal account data is deleted within 30 days of the deletion request.
  • Organisation data is retained while other members remain active. If all members delete their accounts, the organisation and all associated data is deleted within 30 days.
  • Audit logs may be retained for up to 12 months for security and compliance purposes.
  • Anonymised, aggregated data (which cannot identify individuals) may be retained indefinitely for service improvement.

7. Your Rights

Under the Australian Privacy Principles and, where applicable, the GDPR, you have the right to:

  • Access — Request a copy of the personal information we hold about you.
  • Correction — Request correction of inaccurate or incomplete information.
  • Deletion — Request deletion of your account and personal data. You can initiate this from the Settings page within the app.
  • Data portability — Request export of your data in a machine-readable format (CSV).
  • Restriction — Request that we limit processing of your data in certain circumstances.
  • Objection — Object to processing of your data where we rely on legitimate interests.

To exercise any of these rights, contact us at privacy@aidaptive.com.au. We will respond within 30 days.

8. Children's Privacy

RosterPro is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

9. International Data Transfers

Our servers are located in Germany. If you access the Service from outside the European Economic Area, your data will be transferred to and processed in Germany. We ensure that appropriate safeguards are in place in accordance with applicable data protection laws.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or an in-app notice. The "Last updated" date at the top of this page indicates when the policy was last revised.

11. Complaints

If you believe we have breached the Australian Privacy Principles, you may lodge a complaint with us at privacy@aidaptive.com.au. If you are not satisfied with our response, you may escalate the complaint to the Office of the Australian Information Commissioner (OAIC).

12. Contact

For privacy-related inquiries, contact us at:

AI Adaptive Technologies
Email: privacy@aidaptive.com.au
Web: aidaptive.com.au