Privacy Policy

1. Introduction

Rosco App Pty Ltd operates roscoapp.com and the Rosco project management platform ("the Service"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service.

By using Rosco, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Account information

When you register, we collect your name, email address, and password (stored as an encrypted hash — we never store your plain text password).

Organisation information

When you create or join an organisation on Rosco, we collect the organisation name and URL slug.

Project data

We store the project data you and your team create within the platform, including project details, drawings, schedules, timesheets, meeting notes, contacts, and any files you upload.

Usage data

We may collect information about how you use the Service, including pages visited, features used, and actions taken, to improve the platform.

Payment information

Payment processing is handled by Stripe. We do not store your credit card details. Stripe's privacy policy applies to payment data: stripe.com/privacy.

3. How We Use Your Information

We use your information to:

• Provide and operate the Service
• Process payments and manage subscriptions
• Send transactional emails (invitations, password resets, billing receipts)
• Respond to support requests
• Improve and develop new features
• Comply with legal obligations

We do not sell your personal information to third parties.

4. Data Storage and Security

Your data is stored securely using Supabase (PostgreSQL database with row-level security) hosted on AWS infrastructure. We implement industry-standard security measures including:

• Encrypted data transmission (HTTPS/TLS)
• Encrypted passwords (bcrypt hashing)
• Row-level security policies on all database tables
• Access controls limiting data access to authorised users only

5. Data Sharing

We share data only with the following trusted third-party service providers who help us operate the Service:

• Supabase — database and authentication (supabase.com)
• Vercel — hosting and deployment (vercel.com)
• Stripe — payment processing (stripe.com)
• Resend — transactional email delivery (resend.com)
• Anthropic — AI features (anthropic.com) — only when you use AI-powered features

We require all third parties to respect your data security and to treat it in accordance with applicable laws.

6. AI Features

When you use AI-powered features in Rosco (such as specification generation or the project assistant), relevant data from your project may be sent to Anthropic's API to generate responses. This data is used only to provide the AI feature and is not used to train AI models. You may configure your own Anthropic API key in Organisation Settings.

7. File Storage

Files you upload (drawings, documents, images) are stored securely via our hosting provider. Files are only accessible to members of your organisation with appropriate permissions.

8. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or compliance purposes.

9. Your Rights

Under Australian Privacy Law (Privacy Act 1988) and applicable regulations, you have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your personal information
• Withdraw consent to data processing where applicable

To exercise these rights, contact us at support@roscoapp.com.

10. Cookies

We use essential cookies and local storage to maintain your login session. We do not use tracking or advertising cookies.

11. Children's Privacy

Rosco is not intended for use by persons under 18 years of age. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by displaying a notice in the app. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us: