Legal

Privacy Policy

We are committed to protecting your privacy and being transparent about how we collect, use, and safeguard your information.

Last updated: January 13, 2026

1. Introduction

Rostr ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our restaurant management platform and mobile application (collectively, the "Service"). By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, phone number, and business details when you create an account
  • Team Member Information: Names and phone numbers of team members you invite to join your organization
  • Schedule and Communication Data: Shift schedules, team messages, cleaning checklists, and other work-related information

Phone numbers for team members are collected only after obtaining explicit consent if SMS invitation is the chosen method.

2.2 Information Collected Automatically

  • Device Information: Device type, operating system, and app version
  • Usage Data: How you interact with our Service, including features used and time spent
  • Location Data: General location information for scheduling and communication features

3. SMS Communications and Consent

Rostr uses SMS messaging exclusively for one-time invitations to join organizations and download the Rostr app. SMS is optional and not required to use Rostr, join an organization, receive schedules, or communicate with a team

3.1 SMS Opt-In Process

SMS is optional and not required to join an organization, use Rostr, receive schedules, or communicate with your team—alternatives like email or in-person invitations are always available.

Consent must be explicit, affirmative, and voluntary—it cannot be implied simply by providing a phone number or as part of hiring/onboarding/employment requirements. Managers obtain consent separately using one of these methods:

  • Recommended: Standalone Checkbox (e.g., on onboarding forms or digital intake):
    "☐ I voluntarily consent to receive one one-time SMS invitation from Rostr to download the app and join my organization. I understand this is optional, not required for employment or using Rostr, and I can be invited via email or in-person instead."
  • Verbal Consent (if no form): Use this scripted language and document the response (e.g., note "Yes" in records):
    "Would you like to receive one one-time text message from Rostr inviting you to download our app and join the team? This is completely optional—you can join via email or in-person. Do you consent? (Yes/No)"

Important:

We do not send recurring, scheduling, marketing, or any other SMS—only the single invitation after explicit consent.

3.2 Example SMS Messages

Sample Invitation SMS (one-time only):

"Hello! You've been invited to join [Organization Name] on Rostr. Download the app and accept your invite here: [Link]"

Frequency: One message per invitation. No recurring messages.

3.3 Opt-Out Rights

You can opt out of SMS at any time by replying STOP (or equivalents like UNSUBSCRIBE, END, CANCEL, QUIT). You can also contact your manager/organization administrator.

  • Reply "STOP" to opt out
  • Reply "HELP" for help
  • Contact your manager or organization administrator

Opting out affects SMS only and does not impact employment, access to schedules, or use of Rostr. We maintain opt-out records to prevent future SMS to opted-out numbers.

4. How We Use Your Information

We use collected information to:

  • Provide and maintain our restaurant management services
  • Send one-time SMS invitations only to individuals who have provided explicit, voluntary consent (with email or in-person alternatives available; consent has no impact on employment or service access)
  • Manage employee schedules and shift assignments
  • Facilitate team communication and collaboration
  • Ensure platform security and prevent unauthorized access
  • Comply with legal obligations and enforce our terms
  • Improve our services and develop new features

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • With Your Consent: When you explicitly agree to share information
  • Within Your Organization: Team members' contact information is shared with authorized users within their organization for scheduling and communication purposes
  • Service Providers: With trusted third-party service providers who help us operate our platform (e.g., SMS delivery services like Twilio)
  • Legal Requirements: When required by law or to protect our rights and safety

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. This includes encryption of data in transit and at rest, secure server infrastructure, and regular security assessments.

7. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations. Team member information is retained while they are active members of your organization and may be retained for a reasonable period thereafter for business and legal purposes.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure that such transfers comply with applicable data protection laws and implement appropriate safeguards.

9. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal information
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your personal information
  • Portability: Request transfer of your data to another service
  • Restriction: Request limitation of how we process your information
  • Objection: Object to our processing of your information

10. Children's Privacy

Our Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@rostr.us