← Back to RotaKeep

Privacy Policy

Last updated: 3 January 2026

1. Introduction

RotaKeep ("we", "us", or "our") operates the RotaKeep staff scheduling application and website (rotakeep.co.uk). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

By using RotaKeep, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our service.

2. Information We Collect

2.1 Account Information

• Business name and subdomain
• Owner name and email address
• Password (stored securely using one-way hashing)

2.2 Staff Information

• Names and email addresses
• Job roles and departments
• Work schedules and shift patterns
• Holiday and absence records
• Hourly rates or salary information (for payroll calculations)
• Phone numbers (optional)
• Date of birth (optional, for age verification)

2.3 Usage Information

• Login times and activity logs
• Device information and browser type
• IP address

2.4 Push Notification Tokens

If you enable push notifications, we store device tokens to send you alerts about published rotas and schedule changes.

3. How We Use Your Information

We use the information we collect to:

• Provide and maintain the RotaKeep service
• Send you notifications about your work schedule
• Process password resets and account recovery
• Calculate wages and generate reports
• Improve our service and develop new features
• Respond to your enquiries and support requests
• Detect and prevent fraud or abuse

4. Third-Party Services

We use the following third-party services to operate RotaKeep:

• Firebase (Google Cloud) - Database hosting, authentication, and hosting. Data is stored in secure Google Cloud data centres.
• Resend - Transactional email delivery for password resets. Only email addresses are shared.
• Firebase Cloud Messaging - Push notification delivery to mobile devices.

These services have their own privacy policies and are GDPR-compliant.

5. Data Storage and Security

Your data is stored securely on Firebase (Google Cloud Platform) servers located in the European Union. We implement appropriate technical and organisational measures to protect your data, including:

• Encryption of data in transit (HTTPS/TLS)
• Encryption of data at rest
• Secure password hashing
• Access controls and authentication
• Regular security reviews

6. Data Retention

• Account data: Retained while your account is active, deleted within 30 days of account closure
• Activity logs: Automatically deleted after 30 days
• Password reset tokens: Expire after 1 hour
• Push notification tokens: Removed when you unsubscribe or tokens become invalid

7. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Right of access - Request a copy of your personal data
• Right to rectification - Correct inaccurate or incomplete data
• Right to erasure - Request deletion of your personal data
• Right to data portability - Receive your data in a structured format
• Right to object - Object to processing of your personal data
• Right to withdraw consent - Withdraw consent at any time

To exercise any of these rights, contact us at [email protected].

8. Children's Privacy

RotaKeep is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal data, please contact us immediately.

9. Push Notifications

You may opt in to receive push notifications about your work schedule. You can disable notifications at any time through your device settings or the app. We do not use push notifications for marketing purposes.

10. Cookies

We use essential cookies and local storage to:

• Keep you logged in to your account
• Remember your preferences
• Ensure the security of your session

We do not use cookies for advertising or tracking across other websites.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: [email protected]
• Website: rotakeep.co.uk