Privacy Policy

Last Updated: March 4, 2026

Welcome to RosterRadar. We respect your privacy and are deeply committed to protecting your personal data. This Privacy Policy will inform you as to how we handle and protect your personal data when you use the RosterRadar application, in compliance with the European Union's General Data Protection Regulation (GDPR) and applicable national data privacy laws.

1. Important Information and Who We Are

Data Controller

RosterRadar is the data controller and is responsible for your personal data. If you have any questions about this Privacy Policy or our privacy practices, please contact us at privacy@webfms.app.

2. The Data We Collect About You

We may collect, use, store and transfer different kinds of personal data about you to provide our services:

  • Identity Data: Full name, airline, and home base location.
  • Contact Data: Email address.
  • Technical Data: Internet protocol (IP) address, your login data, timezone setting, and browser environment details.
  • Schedule Data: Your flight roster events, duties, layover locations, and associated times, fetched securely via the calendar (ICS) URL you provide.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data).

3. How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use it in the following circumstances:

  • Performance of a Contract: To register you as a new user, manage your roster calendar, and actively sync your professional flight duties to display upon your dashboard.
  • Legitimate Interests: To allow you to connect with fellow crew members ("Friends") within the app and view each other's schedules and overlapping layovers, pending your explicit acceptance of connection requests.

4. Data Security & Storage

We have put in place robust security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. Your account passwords are mathematically hashed using industry-standard BCRYPT algorithms.

We do NOT sell your data. Your schedule and identity data remain strictly confined to the RosterRadar ecosystem and are only shared with fellow crew members you have explicitly authorized.

5. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

If you choose to delete your RosterRadar account, your identity data, connection requests, and stored schedule events will be permanently purged from our active databases.

6. Cookies and Tracking

We use essential cookies to maintain your login session and application preferences:

  • Session Cookies: Temporarily store your active session state and are deleted when you exit your browser.
  • "Remember Me" Cookies: If you consciously opt-in by checking "Remember me" upon login, we drop a cryptographically secure, HttpOnly token in your browser lasting 30 days to facilitate automatic logins. This cookie cannot be intercepted by third-party scripts.

7. Your Legal Rights (Under GDPR)

Under European data protection laws, you have rights in relation to your personal data, including the right to:

  • Request access: Receive a copy of the personal data we hold about you.
  • Request correction: Have any incomplete or inaccurate data we hold about you corrected.
  • Request erasure: Ask us to delete or remove personal data where there is no good reason for us continuing to process it.
  • Object to processing: Object where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object.
  • Request restriction of processing: Ask us to suspend the processing of your personal data.
  • Request transfer (Portability): Request your personal data be transferred to you or to a third party automatically.
  • Withdraw consent: Withdraw your consent at any time where we are relying on consent to process your data.

If you wish to exercise any of the rights set out above, please contact us at the email provided.