Privacy Policy

MyRoster — Google User Data

This section specifically addresses how MyRoster accesses, uses, stores, and shares Google user data across both platforms, in full compliance with the Google API Services User Data Policy and the Google APIs Terms of Service.

Data Accessed

MyRoster for iOS accesses the following Google user data via OAuth with your explicit consent through the Google Sign-In consent screen:

• Google Sign-In (OAuth scopes: openid, userinfo.profile, userinfo.email) — your Google account name, profile picture, and email address. This data is used to identify your account within the app and personalise your experience.
• Google Calendar (OAuth scope: auth/calendar) — read and write access to your Google Calendar, used to sync your shifts as calendar events. This includes event titles, dates, times, and descriptions that you have authorised the app to create.

MyRoster for Android accesses the following device-level permissions and Google services:

• Device Calendar (android.permission.READ_CALENDAR, android.permission.WRITE_CALENDAR) — read and write access to the device's local calendar, used to sync your shifts as calendar events. This accesses the on-device calendar database (which may be synced by Google Calendar on your device) and includes event titles, dates, times, and descriptions.
• Firebase Cloud Messaging — a Google service used to deliver push notifications (e.g., shift reminders) to your device. This uses an anonymous device registration token and does not access any personally identifiable information.
• Firebase Remote Config — a Google service used to deliver app configuration and feature flags. No personal user data is accessed or transmitted.
• Firebase App Check — a Google service used to verify that requests to backend services originate from genuine instances of the app. No personal user data is accessed.
• Firebase Cloud Functions — used to proxy AI-assisted features (e.g., roster interpretation). Requests may include shift-related text you submit within the app. No Google account data is included in these requests.

No other Google account data (such as Gmail, Contacts, Google Drive, or location data) is accessed on either platform.

How Google User Data Is Used

Google user data and Google services are used exclusively to provide the app's core features:

• Identifying your account and personalising your in-app experience using your Google name, profile picture, and email address (iOS)
• Writing your shifts to your Google Calendar so they appear across your devices (iOS via Google Calendar API; Android via device calendar)
• Reading existing calendar events to avoid duplicates when syncing
• Delivering timely shift reminders via push notifications (Android via Firebase Cloud Messaging)
• Applying app updates and feature configuration remotely (Android via Firebase Remote Config)
• Securing backend AI features against unauthorised access (Android via Firebase App Check)

Google user data is not used for advertising, profiling, analytics, or any purpose unrelated to the app's core rostering and wage calculation functionality.

AI Features & Google Data

MyRoster includes optional AI-assisted features (such as roster interpretation) that send user-submitted text to Firebase Cloud Functions for processing (Android). This data is not used to train, improve, or develop any AI or machine learning models — by Google or by me. Requests are processed transiently and not retained beyond the duration of the request.

How Google User Data Is Stored

All Google user data is stored locally on your device only. Specifically:

• Your Google account name, profile picture, and email address are stored locally on your device for in-app display and are not transmitted to any external server (iOS)
• Shift events are written to your Google Calendar (iOS) or device calendar (Android) and are subject to your device's own sync settings
• No calendar data is transmitted to or stored on servers owned or operated by me
• Firebase device tokens and configuration data are managed by Google's Firebase infrastructure and are not stored by me beyond what Firebase requires to operate (Android)
• Uninstalling the app removes locally stored app data; calendar events previously written to your calendar will remain unless deleted manually

How Google User Data Is Shared

I do not share Google user data with any third parties beyond what is required to operate the Google/Firebase services described above. Specifically:

• Your Google account name, email address, and profile picture are not shared with any third party
• Calendar data is not shared with advertisers, analytics providers, or data brokers
• Calendar data is not transferred to any external service or server operated by me
• Firebase device tokens are used only to deliver notifications to your device and are not shared with third parties
• No Google user data is sold, rented, or monetised in any way

Minimum Necessary Data

MyRoster requests only the minimum permissions necessary to deliver its features. On iOS, Google Sign-In and Calendar access is requested only when you choose to sign in with Google. On Android, calendar read/write access is requested only when you enable calendar sync in Settings. Permissions can be revoked at any time.

Revoking Access

You can revoke MyRoster's access to your Google data at any time:

• Google Sign-In & Calendar API (iOS): Visit your Google Account permissions page and remove the MyRoster app. This revokes access to your profile information and Google Calendar.
• Device calendar & notifications (Android): Go to Android Settings → Apps → MyRoster → Permissions to revoke calendar or notification access.

Previously written calendar events will remain in your calendar unless deleted manually. Locally stored profile data is removed when you sign out or uninstall the app.

MyRoster — Friends & Shift Sharing (Optional)

MyRoster offers an optional, opt-in feature called Friends / Shift Sharing that lets you connect with colleagues and share when you are rostered to work. This feature introduces user accounts and limited online data sharing. If you do not create a Friends account, none of the data described in this section is collected or shared, and nothing else about your experience changes. Everything below applies only if you choose to create an account and use Friends / Shift Sharing.

Your financial information is never involved. Wages, pay, grades, allowances, overtime and penalty calculations, your days off and availability, and your personal notes are never uploaded to any server and are never shared with friends. That data stays on your device and your own private iCloud, exactly as described elsewhere in this policy.

Information Collected When You Use Friends / Shift Sharing

• Account identifier — a unique user ID created for your account.
• Email address — provided via Sign in with Apple (which may be an Apple private-relay @privaterelay.appleid.com address if you choose to hide your email), Google Sign-In, or email/password registration.
• Display name — the name or nickname you choose to show to your friends.
• Profile photo — optional, only if you upload one.
• Your friends list / connections — the people you connect with, and invitations you send or receive.
• Device notification token — so I can notify you when a friend updates their roster.
• Shared roster information — the dates and times you are rostered to work and a general shift category (for example day, afternoon, or night). The shift location/ward label you entered (the default is "My Ward") is shared only if, and only with, a specific friend for whom you have explicitly turned on location sharing.

What this feature does NOT collect or share: your wages and all financial/pay information, your days off or availability, and your personal notes. These never leave your device.

How This Information Is Used

• To create and manage your account and sign you in.
• To let the friends you authorise see when you are rostered to work.
• To send you notifications when a friend updates their roster.
• To operate the friend invitation and connection system.

This information is not sold, and is not used for advertising or cross-app tracking.

How This Information Is Shared

• Your shared roster information is disclosed only to friends you have accepted and granted permission to. You control this per friend, and you can turn sharing off, or remove or block a friend, at any time — which immediately revokes their access.
• I use Google Firebase (Authentication, Cloud Firestore, Cloud Storage, Cloud Functions, and Cloud Messaging) as my service provider to operate this feature, and Apple (Sign in with Apple) for account sign-in. These providers process data on my behalf to deliver the service.
• I do not sell personal information or share it with advertisers.

Storage, Security & Overseas Handling

• Account and shared data are stored using Google Cloud / Firebase, primarily in an Australian (Sydney) data region.
• Some Google services used for sign-in and notifications operate globally, so limited information (such as login identifiers and device notification tokens) may be processed outside Australia — in the United States and other countries where Google operates. This cross-border disclosure is relevant to Australian Privacy Principle 8.
• Data is encrypted in transit and at rest. Access to shared roster data is enforced by server-side security rules so that only friends you have authorised can see it. Financial data is never transmitted, and uploaded profile photos have their location metadata removed.

Data Retention & Deletion

You can delete your Friends account at any time from within the app. Deleting your account removes your account, your profile and photo, your shared roster information, your friend connections (removed from both sides), any pending invitations, and your notification tokens. You may also contact me to request access to, correction of, or deletion of your personal information (the right to erasure under the Australian Privacy Principles).

Your Consent & Control

Friends / Shift Sharing is entirely optional and opt-in. Sharing is controlled per friend, friends can be removed or blocked at any time, and turning off sharing or removing a friend immediately revokes their access. This feature is intended for users aged 18 and over.