Rosterbook — Privacy Policy

Last updated: 25 June 2026

Rosterbook (“Rosterbook”, “we”, “us”) is a staff attendance and payroll app provided by Thirteen Twenty Productions LLP (“the Company”). This policy explains what personal data we collect, why, how we use and share it, and the choices and rights you have. It applies to the Rosterbook mobile app and related backend services.

If you are in India, we process personal data in line with the Digital Personal Data Protection Act, 2023 (DPDP Act). We also describe rights commonly available under other regimes (such as the GDPR) where relevant.

1. Who is responsible for your data

The data controller is Thirteen Twenty Productions LLP, contactable at info@thirteentwenty.com. For employees added by an employer, the employer is also a controller of the attendance and pay data they manage about you; Rosterbook acts as a processor on the employer’s behalf for that data, and as a controller for the account and service data described below.

2. What we collect

Account information. Email address and password (passwords are handled by our authentication provider, Google Firebase Authentication; we never see your raw password).

Employer profile. Name, contact name, business/company name (or a nickname for individuals), business address, GST number (if provided), timezone, and pay-cycle settings.

Employee profile. Name, employee code, designation, monthly salary and pay configuration (overtime, conveyance, working days), address, and driving-licence details where the employer chooses to enter them.

Attendance and location data. When you check in or out, we collect your device’s GPS coordinates and accuracy at that moment, the matched work site, a timestamp, a device identifier, and a flag indicating whether a mocked/fake location was detected. We also store the geofenced work-site locations created by the employer. Location is only read at the moment you punch in or out — Rosterbook does not track your location in the background.

Payroll records. Leave, advances, computed monthly reports and payslips.

Notification tokens. A push-notification token (via Expo and Apple/Google push services) so we can send service alerts such as check-in confirmations and report-ready notices.

Technical data. Basic device/app information and logs needed to operate and secure the service.

3. How we use your data

To provide the core service: recording attendance, verifying you are at the assigned work site, and computing pay.
To authenticate you and keep your account secure.
To send service notifications (check-in/out, conveyance approvals, report-ready).
To detect and prevent fraud or misuse (for example, mocked-location detection).
To support you and to maintain, debug, and improve the app.
To comply with legal and tax obligations.

Legal bases (where applicable): performance of your contract / terms of use; your consent (e.g. for location and notifications, which you can withdraw via device settings); our legitimate interests in operating and securing the service; and compliance with law.

4. Location data — specifics

Location is central to Rosterbook’s purpose: it confirms that a check-in or check-out genuinely happens at the employer’s geofenced site. We access foreground location only, and only during a punch action. We do not run background or continuous location tracking. You can decline or revoke the location permission in your device settings; doing so will prevent geofenced check-in/out from working.

5. Who we share data with

We do not sell your personal data. We share it only with:

Your employer / your employees, as inherent to the service.
Service providers (processors) that run the app: Google Firebase (authentication and push delivery via Firebase Cloud Messaging), Render (application hosting and the database where records are stored), Expo (push-notification delivery), and Apple Push Notification service / Google (delivering notifications to your device).
Authorities or third parties where required by law, or to protect rights, safety, and the security of the service.

These providers process data under their own terms and security obligations and only as needed to provide their service to us.

6. International transfers

Some providers may process data on servers outside your country. Where that happens, we rely on appropriate safeguards as required by applicable law.

7. Data retention

We keep your data while your account is active and as needed to provide the service and meet legal, tax, security, and fraud-prevention obligations. When you delete your account (see below), we delete or anonymise the personal data associated with it, except data we are required or permitted by law to retain.

8. Your rights and choices

Depending on your location, you may have the right to access, correct, delete, or export your data, to object to or restrict certain processing, and to withdraw consent.

Account deletion. You can delete your account and associated personal data from within the app (Settings / Profile → Delete account) or by emailing info@thirteentwenty.com. Attendance and pay records an employer holds about an employee may be retained by that employer as the controller for their own legal needs.
Permissions. You can grant or revoke location and notification permissions at any time in your device settings.

To exercise a right, contact info@thirteentwenty.com. We will respond within the timeframe required by applicable law.

9. Security

We use industry-standard measures including encrypted transport (HTTPS), a managed authentication provider, and access controls. No system is perfectly secure, but we work to protect your data and to address issues promptly.

10. Children

Rosterbook is not directed at children and is intended for adults (employers and working-age employees). We do not knowingly collect data from children under the age defined as a minor in your jurisdiction.

11. Changes to this policy

We may update this policy from time to time. We will revise the “Last updated” date and, for material changes, provide a more prominent notice.

12. Contact

info@thirteentwenty.com · Thirteen Twenty Productions LLP