Roster Sync Pro is currently invite-only. Existing users can log in here.

Interested in early access? Let us know.

Privacy Policy

Last Updated: April 11, 2026

Roster Sync Pro ("we", "our", or "us"), operated by Roster Sync Technologies, LLP (UEN: T26LL0069D) is committed to protecting the privacy of our users and their employees. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you use our workforce management platform (the "Service").

This Policy should be read alongside our Terms of Service, which is incorporated by reference. By using the Service, you agree to the collection and use of information in accordance with this Policy.

1. Who This Policy Applies To

This Privacy Policy applies to:

  • Administrators: individuals who create and manage a team workspace on Roster Sync Pro.
  • Team members: employees or staff whose personal data is entered into the Service by an administrator.
  • Visitors: individuals who visit our website without creating an account.

If you are a team member whose data has been entered by your employer, your employer (the administrator) is the data controller for your personal information. Please contact your employer with any questions about how your data is managed within the platform. You may also contact us directly at privacy@rostersyncpro.com if you have concerns about how your data is being handled.

2. Information We Collect

Information You Provide Directly

When you create an account or use the Service, we collect:

  • Account information: your full name, work email address, and password.
  • Team information: team name, industry, and your role within the organisation.
  • Payment information: billing name and payment card details. Payment card data is processed and stored directly by Stripe, Inc. and is not stored on our servers. We retain only a tokenised reference to your payment method.

Employee Data (Entered by Administrators)

Administrators may input personal data about their team members into the Service, including:

  • Full name and email address
  • Job position and role within the team
  • Work schedule and shift records
  • Attendance and time-tracking records
  • Leave records and balances
  • Salary information, used solely for the purpose of calculating manpower costs within the platform. Salary data is not used for any other purpose, is not sold, and is not shared with third parties except as strictly necessary to operate the Service (see Section 5 - How We Share Your Information).

Usage Data (Automatically Collected)

When you use the Service, we automatically collect:

  • IP address and approximate location (country/region level only)
  • Browser type and version
  • Device type and operating system
  • Pages visited and features used within the Service
  • Date, time, and duration of sessions
  • Error logs and performance data (via Honeybadger - see Section 5)

Cookies and Tracking

We use cookies and similar tracking technologies to operate the Service. These include:

  • Essential cookies: required for the Service to function (e.g. maintaining your login session). These cannot be disabled.
  • Preference cookies: remember your settings and preferences across sessions.

We do not currently use third-party analytics or advertising cookies. You can control non-essential cookies through your browser settings, though disabling certain cookies may affect the functionality of the Service.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service.
  • Create and manage your account and team workspace.
  • Process payments and manage your subscription via Stripe.
  • Calculate manpower costs using salary data you provide (salary data is used for this purpose only).
  • Send transactional communications - account confirmations, billing receipts, trial reminders, and service notifications - via SendGrid (Twilio).
  • Respond to your support requests and enquiries.
  • Monitor application errors and maintain service stability via Honeybadger.
  • Detect, investigate, and prevent fraudulent or unauthorised activity.
  • Comply with legal obligations applicable to us under Singapore law and other applicable laws.

We do not use your data - or your employees' data - for advertising, behavioural profiling, or any purpose not described in this Policy.

4. Legal Basis for Processing

We process personal data on the following legal bases:

  • Contract performance: processing necessary to provide the Service under our Terms of Service (e.g. managing your account, processing payments, delivering the roster and attendance features).
  • Legitimate interests: improving the Service, preventing fraud, maintaining service security, and monitoring for errors - where these interests are not overridden by your privacy rights.
  • Legal obligation: where we are required to process or retain data to comply with applicable law (e.g. retaining billing records for tax compliance).
  • Consent: where you have given specific consent, such as for non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of prior processing.

5. How We Share Your Information

We do not sell your personal data or your employees' personal data to any third party. We share data only in the following limited circumstances:

Service Providers (Sub-processors)

We share data with the following trusted third-party service providers who help us operate the Service. Each provider is contractually required to protect your data and may only use it to perform services on our behalf:

  • Stripe, Inc. - payment processing. Your billing name and payment method are processed directly by Stripe. We do not store card details on our servers. See Stripe's privacy policy at stripe.com/privacy.
  • DigitalOcean, LLC - cloud hosting and data storage. All data is stored on DigitalOcean servers located in Singapore (SGP1 region). DigitalOcean encrypts data at rest by default. See DigitalOcean's privacy policy at digitalocean.com/legal/privacy-policy.
  • Twilio SendGrid - transactional email delivery (account confirmations, billing receipts, trial reminders, and service notifications). Your email address and message content are transmitted to SendGrid for delivery purposes only. See Twilio's privacy policy at twilio.com/en-us/legal/privacy.
  • Honeybadger Industries LLC - application error monitoring. Error reports may include technical context such as request metadata and stack traces. We configure Honeybadger to minimise personal data in error reports. See Honeybadger's privacy policy at honeybadger.io/privacy.

Legal Requirements

We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Roster Sync Pro, our users, or others.

Business Transfers

If Roster Sync Pro is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.

6. International Data Transfers

Roster Sync Pro is operated from Singapore and your data is stored on DigitalOcean servers in Singapore. However, some of our service providers - including Stripe, Twilio SendGrid, and Honeybadger - are based in the United States and process data on servers outside Singapore.

Where your data is transferred outside Singapore, we take steps to ensure it is protected to a standard consistent with Singapore's Personal Data Protection Act (PDPA), including by entering into data processing agreements with our service providers.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your data may be transferred to countries that the European Commission has not deemed to provide an adequate level of data protection. In such cases, we rely on our service providers' compliance with standard contractual clauses (SCCs) or other approved transfer mechanisms as required under the GDPR. Both DigitalOcean and Twilio (SendGrid) maintain GDPR-compliant Data Processing Agreements and participate in the EU-US Data Privacy Framework.

By using the Service, you acknowledge that your data may be processed in countries outside your jurisdiction. We commit to applying appropriate safeguards wherever your data is processed.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption in transit: all data transmitted between your browser and the Service is encrypted using TLS/HTTPS (SSL). This applies to all pages and API endpoints.
  • Encryption at rest: data stored on DigitalOcean's infrastructure is encrypted at rest by default using DigitalOcean's built-in encryption, which applies to all stored data including salary information.
  • Access controls: access to production systems and personal data is restricted to authorised personnel only, on a need-to-know basis.
  • Error monitoring: application errors are monitored via Honeybadger to detect and resolve security or stability issues promptly.

Despite these measures, no electronic transmission or storage system is 100% secure. In the event of a data breach that is likely to result in a risk to your rights, we will notify you and relevant regulatory authorities as required by applicable law.

8. Data Retention

We retain personal data for the following periods:

  • Account data (administrators): retained for the duration of your subscription, plus 30 days following account termination to allow you to export your data. After this period, your account data is permanently deleted from our systems.
  • Employee data (entered by administrators): retained for the same period as the associated team account. Upon account termination, all employee records - including names, positions, attendance records, and salary data - are permanently deleted after the 30-day export window.
  • Usage and error logs: retained for up to 12 months for service improvement and security purposes, then permanently deleted or anonymised.
  • Payment records: billing records are retained for 7 years as required for accounting and tax compliance under Singapore law (Income Tax Act and GST Act). These records contain billing name and transaction amounts only - not full card details.

To request early deletion of your data, please contact us at privacy@rostersyncpro.com. Note that some data may be retained where we have a legal obligation to do so, as described above.

9. Data Export

Administrators can export their team's data - including schedules, attendance records, and leave history - directly from within the Service at any time. We recommend downloading a full export before cancelling your account. If you require assistance with a data export, please contact us at privacy@rostersyncpro.com before your account is terminated.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal data. We will respond to all requests within 30 days.

  • Access: the right to request a copy of the personal data we hold about you.
  • Correction: the right to request correction of inaccurate or incomplete data. Administrators can update most data directly within the Service.
  • Deletion: the right to request deletion of your personal data, subject to legal retention obligations (e.g. billing records).
  • Portability: the right to receive your data in a structured, machine-readable format. Administrators can export data directly from the Service.
  • Objection: the right to object to certain types of processing, including processing based on legitimate interests.
  • Withdrawal of consent: where processing is based on consent, the right to withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at privacy@rostersyncpro.com.

If you are located in Singapore, you may also lodge a complaint with the Personal Data Protection Commission (PDPC) at pdpc.gov.sg.

If you are located in the European Economic Area or United Kingdom, you have the right to lodge a complaint with your local data protection supervisory authority.

11. Data Protection Contact

We have not formally appointed a Data Protection Officer (DPO), as we do not currently meet the thresholds requiring one under applicable law. Privacy matters are handled directly by our founding team. For all privacy-related enquiries, please contact us at privacy@rostersyncpro.com. We are committed to responding to all privacy requests within 30 days.

12. Children's Privacy

The Service is intended for use by businesses and is not directed at individuals under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected such data, please contact us at privacy@rostersyncpro.com immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and/or by posting a notice within the Service at least 30 days before the changes take effect. The "Last Updated" date at the top of this page reflects the most recent revision. We encourage you to review this Policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@rostersyncpro.com

883 North Bridge Road #03-05 Southbank Singapore 198785