“Smarter Scheduling. Better Business.”
Privacy Policy
RotaHub Privacy Policy
Last updated: 9 July 2026
RotaHub is provided by Arran Hewitson, trading as RotaHub ("RotaHub", "we", "us"), a sole trader based in the United Kingdom. This policy explains what data RotaHub collects, why, where it's stored, and what control you have over it.
This policy covers:
- The RotaHub desktop app (Mac and Windows), used by business owners and managers to build schedules and manage staff
- The RotaHub mobile app (Android, and iOS once released), the free companion app used by employees and managers to view rotas and request time off
- The www.rotahubapp.com website, including the checkout flow for paid subscriptions
- The RotaHub API, the backend service the apps talk to
If you're an employee using the mobile app, most of this policy is about you. If you're a business owner or manager, sections on employer/account data and payment data are most relevant.
1. The short version
- Your staff data stays on your device. Staff profiles, wages, availability, shift rules, and generated rotas are stored locally on the business owner/manager's computer, not on our servers.
- We store the minimum needed to run accounts and sync published rotas: email addresses, Business/Employee IDs, display names, published rota contents, and time-off requests.
- We never sell your data, and we don't use analytics or advertising trackers of any kind.
- Payment details never touch our servers — Stripe handles all card processing directly.
- You can delete data yourself, in-app — see Section 7.
2. Data we collect
2.1 Employer data — stays on your device, never sent to us
If you're a business owner or manager using the desktop app, the following is stored only in your browser's local storage on your own computer, and is never transmitted to RotaHub's servers:
- Staff names, contact details, hourly wages, and job roles
- Staff availability, personal start/end times, and holiday entries
- Weekly staffing requirements, shift bands, and scheduling rules
- Generated rota history
We have no access to this data, no copy of it, and no way to recover it if you clear your browser storage or uninstall the app — it is entirely your responsibility to back it up if needed.
2.2 Account and scheduling data — stored on our servers
To provide login, cross-device rota syncing, and the mobile employee app, we store the following on our servers:
| Data | Collected from | Purpose |
|---|---|---|
| Email address | Owners, managers, employees | Login identifier, account recovery, service emails |
| Password | Owners, managers, employees | Stored as a salted hash (via ASP.NET Core Identity) — we never store or can see your plain-text password |
| Display name | Employees (managers/owners see it) | Shown on PTO requests and notifications so managers know who's asking |
| Business ID / Employee ID | All accounts | Links your account to your employer's business, and links an employee account to their entry in the manager's local staff list |
| Published rota contents | Written by owners/managers when they publish a rota | Lets employees view their shifts from the mobile app; contains shift dates, times, roles, and which Employee ID each row belongs to. Wage data is never included |
| Time-off (PTO) requests | Employees | Start date, end date, an optional free-text reason, and approval status. Note: the reason field is optional free text you write yourself — please avoid including sensitive health details unless you're comfortable with your manager seeing them, since managers can read it to make an approval decision |
| In-app notifications | Generated by the system | e.g. "new time-off request submitted" — visible only to the relevant business's owners/managers |
| Account creation date, role | All accounts | Determines trial period, permissions |
2.3 Payment data — handled by Stripe, not us
Subscription payments are processed by Stripe. When a business owner subscribes, card details are entered directly into Stripe's own checkout page — RotaHub never receives, stores, or has access to card numbers. We only store a Stripe customer/subscription reference ID and your subscription tier and status, so we can check whether your business's subscription is active.
2.4 Security and technical logs
Our hosting providers (Microsoft Azure and Supabase, see Section 4) generate standard web server logs for the API, which may include IP addresses and request metadata. These are used only for security, abuse prevention, and troubleshooting, are not linked to your account for any other purpose, and are not used for analytics or profiling.
2.5 What we do not collect
- No advertising or analytics tracking of any kind (no Google Analytics, no ad SDKs, no cross-app tracking)
- No location data
- No access to your device's camera, photos, contacts, or microphone
- No wage or financial data on the mobile app or our servers — wages exist only in the employer's local desktop storage (see 2.1)
3. Legal basis for processing (UK GDPR)
We process your data under the following legal bases:
- Performance of a contract — most of our processing (accounts, rota publishing, PTO requests, billing) exists to actually provide the service you or your employer signed up for.
- Legitimate interests — security logging, fraud/abuse prevention, and service reliability.
- Consent — where you optionally provide free-text information (e.g. a PTO reason), you choose what to include.
4. Who we share data with
We use a small number of service providers ("sub-processors") to run RotaHub. We do not sell your data to anyone, and we don't share it for advertising purposes.
| Provider | Purpose | Data involved |
|---|---|---|
| Microsoft Azure (UK West) | Hosts the RotaHub API | All account, rota, and PTO data passes through here |
| Supabase (PostgreSQL, EU-hosted) | Database storage | All account, rota, and PTO data at rest |
| Stripe | Payment processing and billing portal | Card details (Stripe only — never us), email, subscription status |
| Twilio SendGrid | Transactional email (e.g. notifying a manager of a new PTO request) | Recipient email address, message content. Currently inactive — no API key is configured, so no emails are sent yet as of this writing |
Each of these providers is contractually restricted to using your data only to provide their service to us, not for their own purposes.
International transfers
Stripe and SendGrid are US-headquartered companies that may process data outside the UK/EEA. Where this happens, it's covered by their own standard contractual clauses and data protection commitments — see Stripe's privacy policy and Twilio's privacy policy for details.
5. Data retention
- Account data is kept for as long as your account or your employer's business account is active.
- Published rotas and PTO history are retained even if an individual employee's account access is later revoked (see below) — this is intentional, so a business keeps an accurate record of shifts worked and time off taken for its own employment/payroll purposes. Revoking an employee's login access does not delete their historical records.
- If a business account is deleted entirely (see Section 7), all of the above is permanently deleted, with no retained history.
6. Children's privacy
RotaHub is a workplace scheduling tool intended for use by employed staff and their employers. It is not directed at children, and we do not knowingly collect data from anyone who is not old enough to be lawfully employed in their jurisdiction.
7. Your rights and in-app controls
Under UK GDPR you have the right to access, correct, export, or request deletion of your personal data, and to object to or restrict certain processing. Many of these are available directly in the product:
- Employees: can view and update their own display name and time-off requests in the mobile app. To fully close an account, contact your employer (who can revoke your access — see below) or contact us directly at the email in Section 10.
- Owners/managers — revoke an employee's access: in Settings → Employee Accounts on the desktop app, an owner or manager can revoke any employee's login at any time (e.g. when someone leaves). This immediately and permanently deletes that person's login credentials and stops them from signing in — but deliberately keeps their historical rota and PTO records intact as part of the business's own employment records (see Section 5).
- Owners — delete the entire business account: in Settings, a business owner can permanently delete their business account. This cancels any active Stripe subscription and permanently deletes every account, published rota, PTO request, and notification associated with the business — this action cannot be undone.
- Manual requests: if you'd rather we action a request directly — access, correction, export, deletion, or anything not covered by the in-app tools above — email us at the address in Section 10 and we'll respond within a reasonable time.
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk if you believe your data has been mishandled.
8. Security
- All communication between the apps and our API is encrypted in transit (HTTPS/TLS).
- Passwords are hashed, never stored in plain text.
- Access to the API is controlled with short-lived JWT access tokens and rotated refresh tokens, which can be revoked server-side.
- Employer data in the desktop app (staff details, wages, rotas) stays on your own device and is not transmitted anywhere unless you choose to publish a rota.
No method of transmission or storage is 100% secure, but we take reasonable technical measures appropriate to the sensitivity of the data involved.
9. Changes to this policy
We may update this policy as RotaHub's features change. We'll update the "Last updated" date at the top of this page when we do. If changes are significant, we'll aim to highlight them in-app.
10. Contact us
For any question about this policy, or to make a data access, correction, or deletion request, contact:

