Back to home

Privacy Policy

Last updated: February 2026

1. Introduction

EDRota ("we", "our", "us") provides a rota management platform for emergency department staff. This Privacy Policy explains how we collect, use, and protect your personal data when you use our service.

2. Data We Collect

We collect the following categories of personal data:

  • Account information: name, email address, and role within your department.
  • Work schedule data: shift assignments, time-off requests, and rota patterns.
  • Usage data: how you interact with the platform, including login times and feature usage.
  • Authentication data: managed by our authentication provider (Clerk) to secure your account.
  • AI feature usage: when you use AI-powered features, we log the number of tokens processed and whether the request succeeded, for cost monitoring and service improvement. We do not log the content of your requests or AI responses.

3. How We Use Your Data

Your data is used to:

  • Provide and maintain the rota management service.
  • Display shift schedules and enable shift swaps between staff.
  • Generate workforce statistics and reports for department administrators.
  • Send notifications about schedule changes relevant to you.
  • Maintain audit trails of rota changes for accountability.

4. Data Sharing

We do not sell your personal data. Your data may be shared with:

  • Your department: administrators and colleagues can see your name and shift assignments as necessary for rota management.
  • Service providers: we use trusted third-party services for authentication (Clerk), database hosting (Neon), AI processing (Anthropic), and application hosting, all bound by data processing agreements.
  • Shared rota links: if you generate a shareable link, your name and shift schedule are visible to anyone with that link. You can revoke access at any time.

5. AI-Powered Features & Data Processing

EDRota uses AI technology (provided by Anthropic) to power several optional features. Below is a summary of what data each feature sends to the AI service and how it is handled.

Photo/PDF Rota Import

When you upload a photo or PDF of a rota schedule, the image is sent to the AI service for text extraction. If the rota image contains names of other staff members, those names will be visible to the AI service as part of the image. No other personal data (emails, addresses, patient information) is sent. We recommend cropping or blurring other people's names from rota images before uploading if you have privacy concerns.

Quick Add (Voice & Text)

When you use natural language to add or edit shifts, the text you type or dictate is sent to the AI service along with your shift template names and existing shift dates/times. No staff names, emails, or personal identifiers are included.

Pattern Detection & Import Matching

These features send only shift dates, times, and template label names to the AI service. No personal data is included.

AI Data Handling

  • Data sent to the AI service is processed in real time and is not used to train AI models (per Anthropic's API data usage policy).
  • Data is not stored by the AI provider beyond the duration of the API request.
  • We log only metadata (token counts, success/failure status) for cost monitoring — we do not log the content of AI requests or responses.
  • All AI features are optional. The core rota management functionality works without AI.

6. Data Security

We take reasonable measures to protect your data, including encrypted connections (HTTPS), secure authentication, role-based access controls, and regular security reviews. Access to personal data is limited to authorised personnel.

7. Data Retention

Your data is retained for as long as your account is active or as needed to provide the service. Audit trail records are kept for operational accountability. If you wish to have your data deleted, please contact your department administrator or reach out to us directly.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data.
  • Object to or restrict processing of your data.
  • Receive your data in a portable format.

To exercise any of these rights, please contact your department administrator or email us directly.

9. Cookies

We use essential cookies required for authentication and session management. We do not use advertising or third-party tracking cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes through the platform. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact

If you have questions about this Privacy Policy or your personal data, please contact your department administrator or reach out to us at the email address provided in your organisation's onboarding materials.

© 2026 EDRota. All rights reserved.