This Privacy Policy describes how Scheduler 2.0 ("we", "us", "our") collects, uses, shares, and protects personal information when you use our workforce management platform ("Service"). It is written to align with the Protection of Personal Information Act, 2013 ("POPIA") of South Africa.
1. Who is responsible for your information
When your employer or another organisation uses Scheduler 2.0 to manage its workforce, that organisation is the "responsible party" for the personal information about its employees and other personnel. We act as an "operator" processing that information on their behalf. When you sign up directly for an account, we are the responsible party for the information you provide to us.
2. Information we collect
We collect the following categories of personal information:
- Account information - name, email address, password (hashed), company name, role.
- Workforce records - staff profiles, schedules, shifts, leave requests, attendance records, time-off balances, and other information your organisation uploads.
- Payment information - billing contact, plan, and transaction identifiers. Card details are collected and stored by our payment processor (Paystack); we do not store full card numbers.
- Usage and device information - IP address, browser type, device identifiers, pages visited, and timestamps, collected via logs and cookies.
- Communications - support tickets, messages, and feedback you send us.
3. How we use information
We use personal information to:
- provide, operate, and maintain the Service;
- create and manage accounts and authenticate users;
- process payments and manage subscriptions;
- send service notifications, security alerts, and administrative messages;
- respond to support requests and other communications you initiate;
- detect, prevent, and respond to fraud, abuse, and security incidents;
- analyse usage to improve features, performance, and reliability; and
- comply with legal obligations.
4. Legal basis for processing
We process personal information where we have a lawful ground to do so under POPIA, including: performance of a contract with you, compliance with a legal obligation, our legitimate interest in operating and securing the Service, and - where required - your consent.
5. Sharing information
We share personal information only as needed:
- With your organisation - if you use the Service as an employee or contractor, your workforce records are available to your organisation's administrators.
- With service providers - including our hosting provider, our database and email providers, and Paystack for payment processing. These providers are bound by contractual obligations to handle information securely and only on our instructions.
- For legal reasons - to comply with a lawful request, court order, or regulatory requirement, or to protect rights, property, or safety.
- In a business transfer - in connection with a merger, acquisition, or sale of assets, subject to confidentiality protections.
We do not sell personal information, and we do not share it with third parties for their own marketing purposes.
6. International transfers
Some of our service providers may process information outside the Republic of South Africa. Where this happens we take appropriate steps to ensure the information continues to be protected in line with POPIA, including by using providers that are subject to adequate data protection laws or contractual safeguards.
7. Data retention
We retain personal information for as long as your account is active and for a reasonable period thereafter to allow recovery, support, billing reconciliation, and compliance with legal obligations. When information is no longer required, we delete or anonymise it.
8. Security
We use appropriate, reasonable technical and organisational measures to protect personal information against loss, unauthorised access, disclosure, alteration, and destruction. These include encryption in transit, hashed password storage, access controls, and ongoing monitoring. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.
9. Your rights
Subject to POPIA, you have the right to:
- access the personal information we hold about you;
- request correction or deletion of inaccurate information;
- object to or restrict certain processing, and withdraw consent where processing is based on consent;
- request a copy of your information in a portable form; and
- lodge a complaint with the Information Regulator (South Africa).
To exercise these rights, contact us using the details below. If you are using the Service as an employee, your employer is typically the responsible party and you should direct requests to them first.
10. Cookies and tracking
We use cookies and similar technologies to keep you signed in, remember your preferences, and understand how the Service is used. You can configure your browser to refuse cookies, but some features of the Service may not work properly without them.
11. Children
The Service is not directed to children under 18 and we do not knowingly collect personal information from them. If you believe we have inadvertently collected such information, please contact us so we can remove it.
12. Changes to this policy
We may update this Privacy Policy from time to time. If changes are material, we will notify you by email or in-product notice before they take effect. The "Effective date" above indicates when this version became effective.
13. Contact us
Questions, requests, or complaints about your personal information can be sent to scheduler@sics.co.za.