Privacy Policy
Last updated: July 8, 2026
Rostiq ("we", "us", or "our") respects your privacy. This Privacy Policy explains how we collect, use, store, and protect personal information when you visit our website, register a company, or use the Rostiq workforce management platform.
1. Who This Policy Applies To
This policy covers:
- Company administrators who register and manage a Rostiq account
- Employees whose data is entered or collected by their employer through Rostiq
- Website visitors who browse our marketing pages
When your employer uses Rostiq, they are the data controller for employee information. We process that data on their instructions as a data processor.
2. Information We Collect
Company registration and admin accounts
- Company name, industry, and branch details
- Admin full name, email address, and phone number
- Account credentials (passwords are stored in hashed form)
- Geofence zone coordinates configured for work locations
Employee and workforce data
Data entered by your employer may include employee codes, names, phone numbers, email addresses, job roles, branch assignments, currency settings, attendance records, clock-in PINs, payroll rates, payment history, and time-entry logs.
Location and attendance data
When employees clock in or out using GPS verification, we collect device location coordinates (latitude and longitude), timestamps, and the geofence zone associated with the clock event. Location is collected only when a clock action is performed, not continuously in the background.
Technical and usage data
- IP address, browser type, and device information
- Log data such as access times, pages viewed, and error reports
- Authentication tokens and session identifiers
3. How We Use Information
We use personal information to:
- Provide, operate, and maintain the Rostiq platform
- Authenticate users and enforce account security
- Validate attendance against configured geofence zones
- Calculate payroll, track balances, and generate reports
- Communicate service updates, security alerts, and support responses
- Improve platform performance, reliability, and features
- Comply with legal obligations and respond to lawful requests
We do not sell personal information. We do not use employee attendance or location data for advertising purposes.
4. Legal Bases for Processing
Depending on your jurisdiction, we rely on:
- Contract — to deliver the service you or your employer signed up for
- Legitimate interests — to secure the platform, prevent fraud, and improve our product
- Legal obligation — where required by applicable law
- Consent — where required, such as for optional marketing communications
Employers are responsible for establishing a valid legal basis for collecting and processing employee data through Rostiq.
5. How We Share Information
We may share information with:
- Your organisation — admins and authorised users within your company account can access employee and attendance data according to their permissions
- Service providers — cloud hosting, email delivery, analytics, and security vendors who process data under contractual safeguards
- Legal authorities — when required by law, court order, or to protect rights and safety
- Business transfers — in connection with a merger, acquisition, or sale of assets, with notice where required
6. Data Retention
We retain account and workforce data for as long as your company maintains an active Rostiq subscription, and for a reasonable period afterward to allow data export and comply with legal obligations. Attendance logs, payroll records, and payment history may be retained longer where required for audit, tax, or employment law purposes.
When a company account is closed, we will delete or anonymise personal data within a reasonable timeframe unless retention is legally required.
7. Security
We implement technical and organisational measures to protect personal information, including encrypted connections (HTTPS), hashed passwords, access controls, and monitoring for unauthorised activity. No system is completely secure; please report suspected breaches to security@rostiq.com.
8. International Data Transfers
Rostiq may store and process data on servers located outside your country of residence. Where required, we use appropriate safeguards such as standard contractual clauses to protect data transferred internationally.
9. Your Rights
Depending on applicable privacy law (including the Australian Privacy Act 1988 and, where relevant, the GDPR), you may have rights to:
- Access the personal information we hold about you
- Request correction of inaccurate information
- Request deletion of information, subject to legal exceptions
- Object to or restrict certain processing
- Receive a portable copy of your data
- Withdraw consent where processing is consent-based
Employees should contact their employer first for workforce data requests, as the employer is the data controller. Admins and individuals may contact us directly at the address below.
10. Cookies and Website Analytics
Our marketing website may use essential cookies for basic functionality and, with your consent where required, analytics cookies to understand how visitors use our pages. You can manage cookie preferences through your browser settings.
11. Children
Rostiq is a business-to-business service and is not directed at individuals under 16. We do not knowingly collect personal information from children.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be posted on this page with a revised date. We encourage you to review this policy periodically.
Contact
For privacy inquiries or to exercise your rights, contact our privacy team at privacy@rostiq.com. For terms of use, see our Terms of Service.
