Rosterly Health
Sign inBook a demo
Privacy policy

What we collect, why, and how we protect it.

Plain-language summary of our handling of personal information for hospital scheduling — aligned to PIPEDA, Ontario's PHIPA, Quebec's Law 25, BC's PIPA, and Alberta's HIA.

Version 1.0Last updated April 30, 2026

Who we are

Rosterly Health is a software platform used by hospital scheduling teams to build clinician rosters. This policy describes how we collect, use, retain, and protect the personal information that hospitals (the health information custodian under PHIPA) entrust to us as their agent.

What information we collect

We collect only what we need to build a roster. Our customers configure who shows up on which roster, and we only see the data they put into the system.

  • Identity: name, email, phone, specialty, contract type, start date — for each clinician on the roster
  • Scheduling preferences: recurring block-outs, time-off dates, hospital scope, monthly quotas, must-work commitments, free-form notes
  • Generated schedules: shift assignments, manual overrides, coverage warnings, fairness counts
  • Account & access: Cognito-managed login records, role assignments, invite history, audit log of changes
  • Operational: server logs and request metadata for security and support

We do not collect or process patient health information. Rosterly Health stores staff scheduling data only.

Why we collect it

  • To run the schedule generator and honour each clinician's rules
  • To let clinicians sign in and update their own preferences
  • To let schedulers and admins manage rosters and respond to changes
  • To produce audit trails of who changed what and when
  • To send service notifications related to schedules and account access
  • To investigate security incidents and support requests

We don't use customer data for advertising. We don't train models on customer data without explicit written consent.

Where it's hosted

Each customer's data lives in a single AWS region matching their jurisdiction and never leaves it.

  • Canada: AWS Canada (Central) — Montreal / Toronto. Aligned to PIPEDA, PHIPA (Ontario), Law 25 (Quebec), PIPA (BC), HIA (Alberta).
  • United Kingdom & EU: AWS Europe regions; UK GDPR / DPA 2018 and EU GDPR.
  • United States: AWS US regions; HIPAA-aligned controls available under a Business Associate Agreement.
  • Australia: AWS Sydney; Australian Privacy Act 1988 and the Notifiable Data Breaches scheme.

On-prem and sovereign-region deployments available on request.

How long we keep it

  • Active rosters and preferences: retained for the life of the customer's subscription
  • Audit logs: retained for at least 7 years (or longer where the customer's record-keeping policy requires it)
  • Account / access logs: retained for 12 months
  • After cancellation: a full export is provided in CSV and JSON; production data is destroyed within 30 days; backups age out within a further 60 days

Who we share it with

We use a small number of carefully-vetted sub-processors to run the service. The current list is published on our Security page. We notify customers in advance if it changes.

We do not sell personal information. We disclose only when compelled by valid legal process and we notify the customer before doing so unless legally prohibited.

Your rights

Where the law gives a clinician rights over their own personal information — including under PIPEDA, PHIPA, Law 25, PIPA, HIA, and the GDPR family — we honour them through our customer (the health information custodian).

  • Access: request a copy of everything we hold about you
  • Correction: ask the custodian to correct inaccurate information
  • Erasure: ask for deletion subject to retention requirements
  • Complaint: contact your custodian's privacy officer, or the Information and Privacy Commissioner of Ontario for PHIPA matters

Requests should be made through your hospital's privacy officer. They will reach us through our customer support channel and we'll respond within statutory timelines.

Security

All data is encrypted at rest (AES-256) and in transit (TLS 1.2+). Access is role-based, audit-logged, and protected by multi-factor authentication for administrative roles. Detailed controls are summarised on our Security page.

Breach notification

If we discover a security incident affecting your data we notify the customer (the health information custodian) at the first reasonable opportunity, with the information they need to meet their own notification obligations under PHIPA s. 12.3 and Regulation 329/04, the equivalent provincial regimes, PIPEDA breach reporting under the Breach of Security Safeguards regulations, GDPR Article 33, and any other applicable law.

Changes to this policy

We'll update this policy when our practices change. Material changes are announced to customers in advance and shown at the top of this page; the version and last-updated date above always reflect the current revision.

Contact

Privacy questions: privacy@rosterlyhealth.com

Security incidents: security@rosterlyhealth.com

General: hello@rosterlyhealth.com