Rostrps
Legal Request policy
Legal center Privacy

Privacy Policy

Status: publication draft for counsel review. Last reviewed: July 8, 2026.

RostrOps is a B2B platform. For most workforce data, the customer controls why the data is collected and Fusion Frameworks LLC processes it to provide the service.

Information processed

RostrOps processes worker and site-leader identity, badge numbers, ID photos, NFC card identifiers, role and craft assignments, scan-in and scan-out sessions, work areas, attendance status, limited time-off and call-in metadata, administrator email addresses, device tokens, and authentication/audit metadata.

Information not collected

RostrOps does not collect biometric data, Social Security numbers, dates of birth, government IDs, demographic or protected-class data, salary or pay-rate data, bank information, or card payment information. NFC badges are ID tokens, not fingerprints or biometric identifiers.

How information is used

The platform uses data to verify site presence and authority, support site safety and access control, manage attendance and NCNS workflows, process assignments and transfers, support time-off and call-in workflows, generate reports, calculate customer billing, secure the platform, and maintain audit records.

Service providers

RostrOps uses Microsoft Azure for hosting, Resend for transactional email, Expo for mobile push notifications, Anthropic for optional AI features when enabled by the customer, and limited weather/geocoding/timezone services for site-location functionality.

Retention and rights

Operational records are retained for the customer relationship and handled under the customer agreement and DPA. Audit logs and finalized billing records are retained longer for security, integrity, tax, and accounting reasons. Worker data rights requests should generally start with the employer or contractor that controls the workforce data.

Counsel items before publication

  • Confirm privacy contact email, mailing address, and TDPSA response/appeal language.
  • Confirm retention periods and deletion/export commitments.
  • Confirm subprocessor list and whether geocoding/weather providers should be listed.
  • Confirm AI-feature disclosure, including residual free-text handling.