Privacy Policy

This policy explains how Roster (“we”, “us”) handles personal data when you use rosterforms.com. For your own account data we are the controller. For the lead data your forms collect from your customers, you are the controller and we process it on your behalf.

Account data: your name, email address and mobile number, the business details and branding you enter, and your plan and billing status.

Lead data: the details your published forms collect from your customers, for example their name, contact details and answers. This is yours; we store and process it so we can deliver it to you and run your follow-ups.

Payment data: handled by our payment provider. We do not store full card numbers.

Usage data: basic information about how the service is used, to keep it secure and improve it.

We use account data to provide the service, take payment, and contact you about your account (performance of our contract with you). We use lead data only to provide the service to you and on your instructions. We rely on legitimate interests to keep the platform secure and working, and on consent where the law requires it.

We use trusted providers to run Roster, and share data with them only as needed: hosting and database (Supabase), application hosting (Vercel), payments (Stripe), email delivery (Resend), and WhatsApp delivery through an approved business messaging provider. These act as our processors under contract. We do not sell your data.

When your customers fill in your forms, you are responsible for telling them how their data is used and for having a lawful basis to contact them. Roster simply stores and routes that data for you. If you close your account, you can export or delete your lead data, and we will delete it after a reasonable period.

We keep account data while your account is active and for a reasonable period afterwards to meet legal and accounting obligations. Lead data is kept while your account is active or until you delete it.

You have the right to access, correct, delete or export your personal data, to object to or restrict certain processing, and to withdraw consent where we rely on it. To exercise these rights, email hello@rosterforms.com. You can also complain to the UK Information Commissioner’s Office (ico.org.uk).

We use essential cookies to keep you signed in and the service working, and may use limited analytics to understand usage. You can control cookies through your browser settings.

Some of our providers may process data outside the UK; where they do, we rely on appropriate safeguards. We use industry-standard measures to protect data, though no method of storage or transmission is completely secure.

Roster is for businesses and is not intended for children. We do not knowingly collect data from anyone under 18.

We may update this policy from time to time and will note the date above. For any privacy question, email hello@rosterforms.com.