Privacy Policy

Last Updated: May 28, 2026

Roster Sync Pro ("we", "our", or "us"), operated by Roster Sync Pro Pte. Ltd. (UEN: 202622453N) is committed to protecting the privacy of our users and their employees. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you use our workforce management platform, marketing website, mobile companion, Public Profile pages, public booking pages, and WhatsApp booking workflows (the "Service").

This Policy should be read alongside our Terms of Service, which is incorporated by reference. By using the Service, you agree to the collection and use of information in accordance with this Policy.

1. Who This Policy Applies To

This Privacy Policy applies to:

  • Workspace owners and managers: individuals who create or manage a team workspace on Roster Sync Pro.
  • Team members: employees or staff whose personal data is entered into the Service by a workspace owner or manager.
  • Visitors: individuals who visit our website, view a published Public Profile, or submit a public or WhatsApp booking request without creating an account.
  • Payroll audit recipients: individuals who receive or open a passcode-protected Payroll Audit Link sent from a workspace.

If you are a team member whose data has been entered by your employer, your employer (the workspace owner or manager) is the data controller for your personal information. Please contact your employer with any questions about how your data is managed within the platform. You may also contact us directly at privacy@rostersyncpro.com if you have concerns about how your data is being handled.

2. Information We Collect

Information You Provide Directly

When you create an account or use the Service, we collect:

  • Account information: your full name, work email address, password, profile image, time zone, sign-in history, confirmation and password-reset records, and optional two-factor authentication setup data.
  • Team information: company name, industry, address, phone number, website, logo, operating hours, departments, positions, app settings, permission settings, and your role within the organization.
  • Contact inquiries: your email address and message content when you contact us through the website.
  • Payroll audit-link recipient information: recipient email addresses, delivery context, passcode verification activity, open/download/revocation records, and related audit metadata when an authorized workspace user sends a Payroll Audit Link.
  • Payment information: billing name and payment details submitted through Stripe-hosted checkout and billing flows. Payment card data is processed and stored directly by Stripe, Inc. and is not stored on our servers. We retain only a tokenized reference to your payment method, subscription, and related Stripe billing identifiers.

Employee Data (Entered by Administrators)

Administrators may input personal data about their team members into the Service, including:

  • Full name, email address, profile image, employment status, and employment dates
  • Job position, department, role, and granular site permissions
  • Work configuration such as maximum hours, days per week, salary basis, wage, allowance, and overtime settings
  • Work schedule and shift records
  • Attendance, QR clocking, manual clock records, and time-tracking records
  • Optional clock-event location evidence when enabled by a workspace owner or manager, including browser-provided latitude, longitude, accuracy, capture time, distance from the configured worksite, verification status, and browser location error. RSP requests this only when a user submits a QR clock-in or clock-out event and does not track employee location in the background.
  • Leave requests, leave records, leave balances, leave ledger entries, and optional supporting attachments such as medical certificates
  • Sales entries, sales targets, attributed sales, labor-cost calculations, payroll handoff review records, Payroll Audit Link records, public holiday pay policy context, schedule financials, and performance metrics where enabled
  • Activity history for high-signal operational actions such as sign-in, permission changes, schedule changes, approvals, finalization, amendments, staff lifecycle actions, and 2FA changes
  • Salary information, used solely for the purpose of calculating labor costs and related workforce metrics within the platform. Salary data is not used for any other purpose, is not sold, and is not shared with third parties except as strictly necessary to operate the Service (see Section 5 - How We Share Your Information).

Public Profile Data

Administrators may publish customer-facing Public Profile content, including business descriptions, opening hours, public contact details, website and social links, WhatsApp booking details, public online booking availability, selected visual themes, photos, menu files, promotion titles, descriptions, offer periods, promo codes, terms, and similar visitor-facing information. Published Public Profile content is intended to be publicly visible. Draft previews are available only to authorized workspace users.

Offers published on a Public Profile are informational. RSP does not track coupon redemption, voucher use, customer purchases, or individual visitor purchases from a promotion.

Booking and Customer Contact Data

When a visitor submits a public booking request, contacts a connected WhatsApp booking channel, or when an authorized workspace user records or manages a booking, we collect the information needed to create, confirm, change, cancel, and operate that booking. This may include the customer's name, email address, phone number, WhatsApp identifier, optional notes or message content, party size, requested or confirmed booking date and time, booking status, booking source and communication channel, cancellation token, reminder and delivery status, and related booking activity.

A workspace may also store a company-scoped customer contact record for repeat service history. Completing a booking does not by itself create marketing permission. Marketing eligibility is tracked separately and defaults to unknown unless an explicit opt-in is recorded by the workspace.

Usage Data (Automatically Collected)

When you use the Service, we automatically collect:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited, requests made, and features used within the Service
  • Date and time of requests, sign-ins, and relevant operational actions
  • Error logs and performance data (via Honeybadger - see Section 5)

Cookies and Tracking

We use cookies, local storage, session storage, and similar browser technologies to operate the Service. These include:

  • Essential cookies: required for the Service to function (e.g. maintaining your login session). These cannot be disabled.
  • Preference cookies: remember your settings and preferences across sessions, such as mobile/PWA install prompts, setup guide visibility, and interface state.
  • First-party marketing event hooks: the public marketing pages include dependency-free hooks for navigation, call-to-action, and contact-form interactions. These hooks do not use third-party analytics or advertising cookies unless we separately configure and disclose such a service.

We do not currently use third-party analytics or advertising cookies. You can control non-essential cookies through your browser settings, though disabling certain cookies may affect the functionality of the Service.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service.
  • Create and manage your account and team workspace.
  • Authenticate users, including password sign-in, Google sign-in, password reset, invitations, and optional two-factor authentication.
  • Process payments and manage your subscription via Stripe.
  • Calculate labor costs, schedule financials, sales-after-labor metrics, and staff performance metrics using data you provide.
  • Verify and audit QR clock-in/out events where a workspace owner or manager enables clock-location verification.
  • Publish and serve Public Profile pages, including selected theme and presentation settings, when workspace owners or managers choose to make them live.
  • Create, secure, confirm, change, cancel, and manage booking requests submitted through published Public Profile pages, manager workflows, or connected WhatsApp booking channels.
  • Maintain customer-contact history for repeat service and process verified booking customer-data redaction requests.
  • Generate aggregate booking demand summaries for schedule planning and reporting without showing customer-identifying booking details in schedule surfaces.
  • Generate CSV imports, direct payroll handoff CSV or XLSX downloads, passcode-protected Payroll Audit Links, Data Export CSV or XLSX files, reports, approvals, final timesheets, amendments, notifications, and activity history.
  • Send transactional communications - account confirmations, billing receipts, trial reminders, and service notifications - via SendGrid (Twilio).
  • Respond to your support requests and inquiries.
  • Monitor application errors and maintain service stability via Honeybadger.
  • Detect, investigate, and prevent fraudulent or unauthorized activity.
  • Comply with legal obligations applicable to us under Singapore law and other applicable laws.

We do not use your data - or your employees' data - for advertising, behavioral profiling, training third-party AI models, or any purpose not described in this Policy.

4. Legal Basis for Processing

We process personal data on the following legal bases:

  • Contract performance: processing necessary to provide the Service under our Terms of Service (e.g. managing your account, processing payments, delivering the roster and attendance features).
  • Legitimate interests: improving the Service, preventing fraud, maintaining service security, and monitoring for errors - where these interests are not overridden by your privacy rights.
  • Legal obligation: where we are required to process or retain data to comply with applicable law (e.g. retaining billing records for tax compliance).
  • Consent: where you have given specific consent, such as for non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of prior processing.

5. How We Share Your Information

We do not sell your personal data or your employees' personal data to any third party. We share data only in the following limited circumstances:

Service Providers (Sub-processors)

We share data with the following trusted third-party service providers who help us operate the Service. Each provider is contractually required to protect your data and may only use it to perform services on our behalf:

  • Stripe, Inc. - payment processing. Your billing name and payment method are processed directly by Stripe. We do not store full card details on our servers. See Stripe's privacy policy at stripe.com/privacy.
  • DigitalOcean, LLC - cloud hosting, database, and file storage infrastructure. Primary application data and uploaded files are hosted on DigitalOcean infrastructure in Singapore where configured. DigitalOcean encrypts data at rest by default. See DigitalOcean's privacy policy at digitalocean.com/legal/privacy-policy.
  • Twilio SendGrid - transactional email delivery (account confirmations, billing receipts, trial reminders, and service notifications). Your email address and message content are transmitted to SendGrid for delivery purposes only. See Twilio's privacy policy at twilio.com/en-us/legal/privacy.
  • Google LLC - optional Google sign-in. If you choose Google sign-in, we receive account information needed to authenticate you, such as your email address and profile name, according to Google's OAuth flow. See Google's privacy policy at policies.google.com/privacy.
  • Honeybadger Industries LLC - application error monitoring. Error reports may include technical context such as request metadata and stack traces. We configure Honeybadger to minimize personal data in error reports. See Honeybadger's privacy policy at honeybadger.io/privacy.
  • Meta Platforms, Inc. - WhatsApp Business Platform services where a workspace connects WhatsApp booking workflows. WhatsApp messages, delivery status callbacks, business account identifiers, phone-number identifiers, and related message metadata may be processed by Meta according to Meta's terms and policies. See Meta's privacy policy at facebook.com/privacy/policy.

Public Profile and External Links

Published Public Profile pages may contain links or actions that take visitors to third-party services such as websites, social platforms, map providers, or WhatsApp. Those services are controlled by their respective providers, and their own terms and privacy policies apply.

Payroll Audit Links

Authorized workspace users may send Payroll Audit Links to external recipients nominated by the workspace. These links can give the recipient passcode-protected, read-only access to selected payroll handoff data and related CSV or XLSX downloads while the link remains valid. We process recipient email addresses, access attempts, openings, downloads, revocations, and related metadata to deliver, secure, and audit this feature.

Legal Requirements

We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Roster Sync Pro, our users, or others.

Business Transfers

If Roster Sync Pro is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.

6. International Data Transfers

Roster Sync Pro is operated from Singapore. Primary application data and uploaded files are hosted on DigitalOcean infrastructure in Singapore where configured. However, some service providers - including Stripe, Twilio SendGrid, Google, Meta, and Honeybadger - may process data on servers outside Singapore.

Where your data is transferred outside Singapore, we take steps to ensure it is protected to a standard consistent with Singapore's Personal Data Protection Act (PDPA), including by entering into data processing agreements with our service providers.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your data may be transferred to countries that the European Commission has not deemed to provide an adequate level of data protection. In such cases, we rely on data processing agreements, standard contractual clauses (SCCs), or other approved transfer mechanisms where required.

By using the Service, you acknowledge that your data may be processed in countries outside your jurisdiction. We commit to applying appropriate safeguards wherever your data is processed.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption in transit: all data transmitted between your browser and the Service is encrypted using TLS/HTTPS (SSL). This applies to all pages and API endpoints.
  • Encryption at rest: production database and file-storage infrastructure uses provider-managed encryption at rest where configured, including for records that may contain salary information.
  • Access controls: access to production systems and personal data is restricted to authorized personnel only, on a need-to-know basis.
  • Product permissions: the Service includes role and permission controls for areas such as billing, staff administration, Schedule & Attendance, Bookings Management, financial visibility, time off, approvals, amendments, and Access Control.
  • Two-factor authentication: users can enable authenticator-app two-factor authentication with backup codes for account protection.
  • Private file storage: uploaded operational and Public Profile files are served through application controls and signed URLs rather than public storage buckets where production storage is configured accordingly.
  • Error monitoring: application errors are monitored via Honeybadger to detect and resolve security or stability issues promptly.

Despite these measures, no electronic transmission or storage system is 100% secure. In the event of a data breach that is likely to result in a risk to your rights, we will notify you and relevant regulatory authorities as required by applicable law.

8. Data Retention

We retain personal data for as long as reasonably needed to provide the Service, support customer operations, maintain security and audit records, comply with legal obligations, resolve disputes, enforce our agreements, and protect our rights. The current retention approach is:

  • Account data (workspace owners and managers): retained while your subscription is active and for a reasonable period after account closure to support export assistance, account recovery, billing, security, dispute resolution, and legal compliance.
  • Employee data (entered by workspace owners or managers): retained while the associated workspace is active and for a reasonable post-termination export and recovery period. After that period, employee records may be deleted or de-identified from active systems in the ordinary course of operations unless retention is required for legal, accounting, security, audit, billing, or dispute-resolution purposes.
  • Public Profile content: including published promotions, retained while the related team account is active or during the post-termination export window, unless removed earlier by a workspace owner or manager, or by us under the Terms of Service.
  • Booking and customer contact data: retained as company-controlled operational booking history while the workspace is active. If we receive and verify a customer-data deletion or redaction request, we may redact customer-identifying details from active booking and customer-contact records while retaining operational history such as booking date, time, party size, status, source, lifecycle events, and de-identified reporting data.
  • WhatsApp booking records and technical diagnostics: linked booking conversations, messages, Flow submissions, notification deliveries, and related event records may be redacted when connected to a verified booking customer-data request. Raw webhook events, error logs, delivery diagnostics, and similar technical records may be retained for operational reliability, security, audit, troubleshooting, legal compliance, or dispute-resolution purposes.
  • Generated export files: retained temporarily after request so authorized users can download them. Ready files are kept for a limited period, and pending, failed, or canceled export requests may be removed sooner. Export metadata and related activity history may be retained separately for audit and security purposes.
  • Usage and error logs: retained for up to 12 months for service improvement and security purposes, then deleted or anonymized.
  • Payment records: billing records are retained for 7 years as required for accounting and tax compliance under Singapore law (Income Tax Act and GST Act). These records may include billing name, subscription identifiers, invoice details, transaction amounts, and related payment metadata, but not full card details.
  • Aggregated or de-identified information: may be retained without a fixed period where it no longer identifies a specific individual and is used for reporting, analytics, product improvement, or operational planning.

To request deletion or redaction of your data, please contact us at privacy@rostersyncpro.com. You can also review our Data Deletion Instructions for account, workspace, and Meta/WhatsApp integration deletion requests. Note that some data may be retained or de-identified where we have an operational need, legal obligation, security need, audit need, billing need, or dispute-resolution need to do so, as described above. Backup copies may persist for a limited period until overwritten or deleted in the ordinary course of operations.

9. Data Export

Administrators can export many operational datasets directly from the Service, including staff lists, schedules, attendance records, payroll review data, payroll audit-link records, sales or finance data where available, team performance where available, leave types, time off records, leave balances, leave ledger entries, and leave history. Available exports depend on your plan, permissions, and the data present in your workspace. Payroll handoff exports may download directly from the handoff page, Payroll Audit Links may allow nominated external recipients to download selected payroll handoff files, and broader Data Export files may be prepared in the background. Export files may be generated as CSV or XLSX files and can include metadata such as requester, company, timezone, date range, filters, selected columns, and generation details. Some plans include saved presets, scheduled report generation into Downloads, and owner oversight metadata. We recommend downloading relevant exports before canceling your account. If you require a broader export or assistance with a data export, please contact us at privacy@rostersyncpro.com before your account is terminated.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal data. We will respond to all requests within 30 days.

  • Access: the right to request a copy of the personal data we hold about you.
  • Correction: the right to request correction of inaccurate or incomplete data. Administrators can update most data directly within the Service.
  • Deletion: the right to request deletion or redaction of your personal data, subject to legal, security, operational, billing, audit, and dispute-resolution retention needs. For booking customer data, this may mean redacting customer-identifying details while retaining de-identified operational booking history.
  • Portability: the right to receive your data in a structured, machine-readable format. Administrators can export data directly from the Service.
  • Objection: the right to object to certain types of processing, including processing based on legitimate interests.
  • Withdrawal of consent: where processing is based on consent, the right to withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at privacy@rostersyncpro.com.

If you are located in Singapore, you may also lodge a complaint with the Personal Data Protection Commission (PDPC) at pdpc.gov.sg.

If you are located in the European Economic Area or United Kingdom, you have the right to lodge a complaint with your local data protection supervisory authority.

11. Data Protection Contact

We maintain a designated data protection contact for privacy matters. For all privacy-related inquiries, data protection requests, complaints, or questions about this Policy, please contact us at privacy@rostersyncpro.com. We are committed to responding to all privacy requests within 30 days.

12. Children's Privacy

The Service is intended for use by businesses and is not directed at individuals under the age of 18 as workspace owners or managers. If an employer, workspace owner, or manager enters staff data for younger workers, that employer, workspace owner, or manager is responsible for ensuring they have a lawful basis to do so and comply with applicable employment and data protection laws. If you believe data has been entered unlawfully, please contact us at privacy@rostersyncpro.com immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and/or by posting a notice within the Service at least 30 days before the changes take effect. The "Last Updated" date at the top of this page reflects the most recent revision. We encourage you to review this Policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@rostersyncpro.com

405B Fernvale Lane #22-113 Fern Spring Singapore 792405