logoAutoRota

Privacy

The Privacy Policy for Taxonomy App.

Effective Date: 17th December 2024
Last Updated: 17th December 2024

This Privacy Policy describes how AutoRota (“we,” “us,” or “our”) and the AutoRota Extractor Chrome Extension (“Extension”) collect, use, disclose, and protect your Personal Data when you use our services. These services include our website located at https://myautorota.com (“Website”) and associated offerings. Services are operated by Atticus Intelligence Ltd (company number 16130885). While Atticus Intelligence Ltd develops and operates multiple products, the data collected for each product—such as AutoRota—is treated independently and is not shared across other first-party websites or services. We are committed to safeguarding your privacy and complying with all applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and, to the extent applicable, the EU General Data Protection Regulation (GDPR).

If you have questions, concerns, or requests related to this Privacy Policy, please contact us at:
Email: [email protected]

1. Who We Are

For the purposes of applicable data protection laws, we are the "Data Controller" of your Personal Data. This means we determine how and why your Personal Data is processed.

2. What Data We Collect and How

2.1 Website (AutoRota)

  • Personal Information: When you register an account, we collect your name and email address.
  • Subscription Data: If you subscribe to our paid plans after a trial period, we store your Stripe subscription ID, price ID, and Stripe customer ID. Payment details (e.g., credit card information) are not stored by us; they are processed directly by Stripe, a secure third-party payment processor.
  • Cookies and Similar Technologies: We use session cookies and similar technologies (e.g., Next.js Auth) to manage user sessions, authentication, and to improve the functionality of our Website. For more details, see Section 10 (Cookies & Similar Technologies).
  • Rota Data: You can import and manage your shifts (rota data) on our platform. This may include information you choose to enter about your work schedule, notes, and any shared rota settings.

2.2 Chrome Extension (AutoRota Extractor)

  • Non-Personal Usage Data: The Extension does not require you to log in, nor does it collect personal information or analytics. It only extracts shift data from a third-party shift management website currently open in your browser and allows you to download this data as a CSV file or open directly in the AutoRota Website. The extracted data remains local to your device unless you choose to upload it to the Website.

2.3 Error Management and Analytics

  • PostHog: We use PostHog (an analytics and error management tool) to analyze anonymized user interactions, page visits, and errors. This helps us understand how our service is being used and improve its reliability. For more information, review PostHog's privacy practices at https://posthog.com/privacy.
  • Sentry: We use Sentry for error tracking and performance monitoring. Sentry may collect certain technical data (e.g., IP address, device type, browser type) to help us diagnose and fix errors. All data shared with Sentry is handled in accordance with their Privacy Policy. We configure Sentry to minimize personal data collection and will not knowingly send your personal identifying information to Sentry.

We do not sell or rent your Personal Data to third parties for marketing purposes.

3. Legal Bases for Processing (GDPR/UK GDPR)

We process your Personal Data only when we have a valid legal basis, including:

  • Contractual Necessity: To provide the services you request (e.g., managing your rota, maintaining your subscription).
  • Legitimate Interests: To improve our services, ensure security, prevent fraud, diagnose issues, and analyze performance.
  • Consent: For certain cookies or other processing activities, where required by law. You may withdraw your consent at any time by contacting us or adjusting your browser settings.

4. How We Use Your Data

We use your Personal Data to:

  • Provide and maintain the Website and its functionalities.
  • Manage your account and subscription (including renewals and billing through Stripe).
  • Enable sharing of rotas with other users, subject to your chosen visibility settings.
  • Improve, troubleshoot, and customize our services (including analyzing errors through PostHog and Sentry).
  • Comply with legal obligations and enforce our Terms of Service.

We do not use your data for marketing to third parties.

5. Sharing and Disclosure of Data

We do not share your Personal Data with other companies for their own marketing purposes. We may share your Personal Data with:

  • Service Providers: We use trusted third-party providers like Stripe (for payments), PostHog, and Sentry, who process data on our behalf to help us deliver and improve our services.
  • Legal Compliance: We may disclose your Personal Data if required to do so by law or in response to a valid request by governmental authorities (e.g., law enforcement).

In all cases, we ensure that any third party has appropriate data protection and confidentiality obligations in place.

6. International Data Transfers

Our primary data storage is on a Neon database server in Frankfurt, Germany. If your Personal Data is transferred outside the UK or EU, we ensure an adequate level of protection, typically through standard contractual clauses or other legally recognized compliance mechanisms.

7. Data Retention

We retain your Personal Data for as long as necessary to fulfill the purposes outlined in this Privacy Policy and to comply with our legal obligations. If you delete your account, all associated Personal Data will be permanently removed from our servers within a reasonable timeframe, unless we are required by law to retain certain information.

8. Data Security

We implement appropriate technical and organizational measures to protect your Personal Data against unauthorized access, loss, theft, alteration, or destruction. This includes encryption, secure servers, and access controls. However, no security measures are perfect, and we cannot guarantee absolute security.

9. Your Rights Under GDPR/UK GDPR

You have the following rights regarding your Personal Data:

  • Access: You can request a copy of the Personal Data we hold about you.
  • Rectification: You can ask us to correct inaccurate or incomplete data.
  • Erasure (Right to be Forgotten): You can request the deletion of your Personal Data.
  • Restriction: You can request we restrict how we process your Personal Data in certain circumstances.
  • Portability: You can request we provide your Personal Data in a structured, commonly used, machine-readable format.
  • Objection: You can object to processing based on legitimate interests or direct marketing.

To exercise your rights, please contact us at [email protected]. We will respond to your request in accordance with applicable law.

If you are unsatisfied with our response or have concerns about our data practices, you have the right to lodge a complaint with a supervisory authority, such as the UK Information Commissioner's Office (ICO).

10. Cookies & Similar Technologies

We use cookies and similar technologies to:

  • Maintain your session and keep you logged in.
  • Remember your preferences and improve the Website's functionality.

Most web browsers are set to accept cookies by default. You can adjust your browser settings to refuse cookies or remove previously set cookies. Please note that some features of our Website may not function properly if you disable cookies.

11. Children's Privacy

Our services are not directed to individuals under 13. We do not knowingly collect Personal Data from children under 13. If you become aware that a child has provided us with Personal Data, please contact us. We will take steps to delete such information promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other factors. Any updates will be posted on our Website with a revised "Last Updated" date. If we make significant changes, we will notify you via email or through a prominent notice on our Website.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact: Email: [email protected]

By using our Website and Extension, you acknowledge that you have read and understood this Privacy Policy and agree to our collection, use, and disclosure of your Personal Data as described herein.