Privacy Policy
Information processed
RostrOps processes worker and site-leader identity, badge numbers, ID photos, NFC card identifiers, role and craft assignments, scan-in and scan-out sessions, work areas, attendance status, limited time-off and call-in metadata, administrator email addresses, device tokens, and authentication/audit metadata.
Information not collected
RostrOps does not collect biometric data, Social Security numbers, dates of birth, government IDs, demographic or protected-class data, salary or pay-rate data, bank information, or card payment information. NFC badges are ID tokens, not fingerprints or biometric identifiers.
How information is used
The platform uses data to verify site presence and authority, support site safety and access control, manage attendance and NCNS workflows, process assignments and transfers, support time-off and call-in workflows, generate reports, calculate customer billing, secure the platform, and maintain audit records.
Service providers
RostrOps uses Microsoft Azure for hosting, Resend for transactional email, Expo for mobile push notifications, Anthropic for optional AI features when enabled by the customer, and limited weather/geocoding/timezone services for site-location functionality.
Retention and rights
Operational records are retained for the customer relationship and handled under the customer agreement and DPA. Audit logs and finalized billing records are retained longer for security, integrity, tax, and accounting reasons. Worker data rights requests should generally start with the employer or contractor that controls the workforce data.
Counsel items before publication
- Confirm privacy contact email, mailing address, and TDPSA response/appeal language.
- Confirm retention periods and deletion/export commitments.
- Confirm subprocessor list and whether geocoding/weather providers should be listed.
- Confirm AI-feature disclosure, including residual free-text handling.