Security at RosterProject
RosterProject handles your staff's personal data — names, contracts, availability, leave, and (if you enter it) pay. This page explains how that data is protected. Last updated 12 July 2026.
Where your data lives
All workspace data is stored in a managed PostgreSQL database operated by Supabase on AWS in Singapore (ap-southeast-1)— a stable, well-regulated hosting jurisdiction. The web application is served by Vercel's global network. The roster solver is stateless: it receives scheduling data only for the seconds a roster is being computed and stores nothing.
Encryption
Data is encrypted in transit (TLS 1.2+ on every connection — app, database, and internal services) and at rest (AES-256 on the database and its backups, per AWS infrastructure standards).
Workspace isolation
Every table is protected by PostgreSQL row-level security keyed to workspace membership. Isolation is enforced by the database itself on every query — not just by application code — so one hotel's data can never be returned to another hotel's session, even in the event of an application bug.
Sign-in and access control
- Manager accounts sign in with a password (stored only as a bcrypt hash), a one-time email link, or Google / Microsoft single sign-on. Optional two-factor authentication (authenticator-app codes) can be enabled per account.
- Two permission tiers — owner and manager. Each manager's access is scoped per outlet, and pay carries separate permissions: salary access (view and edit individual pay) and labor-cost access (roster totals only). A manager without them cannot read the figures at all — enforced at the database layer, not just hidden on screen.
- An owner can block a team member instantly; a blocked account loses access to all workspace data at the database layer.
- Rank-and-file staff never need accounts or passwords. Each staff member gets an unguessable personal link that shows only their own shifts and leave; links can be rotated by a manager at any time.
Payments
Subscriptions are processed by Stripe, a PCI DSS Level 1 certified payment provider. Card details are entered on Stripe's pages and never touch RosterProject servers.
Backups and continuity
The database runs on Supabase's managed infrastructure with automated backups. Your workspace can also be exported as a single file at any time from the dashboard (Export data) — you are never dependent on us to get your data back.
Data ownership, export, and deletion
Your workspace data belongs to your company, not to us. You can export it at any time. If a subscription lapses the workspace becomes read-only — nothing is deleted or held hostage. On termination, we delete workspace data on request within 30 days, with residual copies removed as backups expire. See the Data Processing Agreement for the full commitments.
Incident response
If we become aware of a breach affecting your personal data, we will notify you without undue delay — our target is within 72 hours of confirmation — with what happened, what data was involved, and what we are doing about it.
Subprocessors
We use a small number of infrastructure providers to run the service. Each is bound to protect your data at least as strongly as we commit to:
| Provider | Purpose | Data location |
|---|---|---|
| Supabase | Database, authentication, storage | AWS Singapore |
| Vercel | Application hosting and delivery | Global edge network (US company) |
| Stripe | Subscription payments | United States / Hong Kong |
| Resend | Transactional email (sign-in links) | United States |
We give customers 30 days' notice before adding a subprocessor that handles personal data.
Questions
Security questionnaire to fill in, or anything to clarify? Email support@rosterproject.com — we answer procurement and IT reviews quickly.