Privacy Policy

Effective date: 1 May 2026

1. Who we are

Rosta Pty Ltd (ABN pending) operates the Rosta platform and mobile application. We are based in Brisbane, Queensland, Australia. This policy explains how we collect, use, store, and disclose your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

2. What we collect

We collect information you provide directly:

  • Name, email address, and phone number when you register.
  • Identity documents (driver licence, passport) for verification purposes.
  • Work rights status and visa information you self-declare.
  • Certifications and qualifications you upload.
  • Location data (home suburb) used to calculate travel distance to shifts.
  • Device tokens for push notifications (with your consent).

We also collect information automatically when you use the platform:

  • Log data including IP address, browser type, and pages visited.
  • Shift acceptance and attendance data that forms part of your reliability profile.

3. How we use your information

We use your information to:

  • Operate the platform and match you with appropriate shift opportunities.
  • Calculate and maintain your reliability score (SURE score).
  • Verify your identity and work rights as required by law and our terms.
  • Send shift offer notifications and operational communications.
  • Improve the platform and resolve technical issues.

We do not use your information for advertising or sell it to third parties.

4. Disclosure

We share your information only as necessary to operate the platform:

  • With organisations (employers) when you accept a shift or join their team. They see your name, contact details, certifications, and work rights status.
  • With our infrastructure providers (cloud hosting, database, file storage) under strict data processing agreements.
  • With regulators or law enforcement where required by law.

5. Data storage and security

All personal data is stored in Australia (AWS Sydney or equivalent Australian-region infrastructure). We use encryption in transit and at rest. Identity documents are stored in access-controlled object storage and deleted after verification is complete unless you request retention.

6. Your rights

Under the Privacy Act, you have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate or incomplete information.
  • Request deletion of your account and associated data.
  • Complain to the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs.

7. Contact

For privacy enquiries, contact us at [email protected]. We will respond within 30 days.