Last updated: 12 July 2026
RotaGrid (“we”, “us”) provides shift-scheduling software. This policy explains what personal data we process, why, and the choices you have. We act as a data controller for account data and as a data processor for the schedule data you enter on behalf of your organization.
We rely on performance of a contract (to provide the service), legitimate interests (to secure and improve the service), consent (for marketing email, which you can withdraw at any time), and legal obligation (e.g. tax records).
We share data with the following processors to run the service:
When you use the assistant, the schedule data needed to answer you (worker names, shifts, absences and related records) is sent to the LLM gateway and on to the provider of the model in use. You can see which model is selected, and change it, from the assistant itself.
The application and backups are hosted in the EU (Germany). Some sub-processors, including the LLM gateway and model providers, may process data outside the EEA under appropriate safeguards such as Standard Contractual Clauses.
We retain account and schedule data for as long as your account is active. When you delete your account, associated personal data is deleted from the live database, and encrypted backups age out on a rolling basis (within 90 days). Billing records may be retained longer where required by law.
Subject to applicable law you may access, correct, export or delete your personal data, and object to or restrict certain processing. You can delete your account from your profile page, or contact us to exercise any of these rights.
We use a single first-party session cookie to keep you signed in. We do not use third-party advertising or cross-site tracking cookies.
Questions or requests: [email protected].