Privacy Notice

TeZe Ltd (trading as Rotapulse, "we") provides a fatigue risk scoring platform to UK organisations. TeZe Ltd is registered in England and Wales, company number 17137231, registered address 66 Paul Street, London, EC2A 4NA. When you use our website or service, we act as a data controller for our own business records and as a data processor for the workforce scheduling data your employer (our customer) uploads.

Our registered email address for privacy matters is compliance@rotapulse.co.uk.

We keep the scope small on purpose. The categories below cover every routine operation of the service.

• Account data. Name, email address, password hash, workspace role, sign in timestamps.
• Workforce schedule data. Worker identifiers (name or initials), job type, shift start and end, break minutes. This is uploaded by our customer.
• Derived fatigue scores. The FI and RI values the engine produces from the schedule data, plus the engine and profile version used.
• Audit events. Who did what inside the app and the internal admin panel, retained for security and compliance purposes.
• Technical telemetry. Minimal server logs needed to run the service: IP address, user agent, request path, status code.

We do not use third party analytics or advertising cookies. We do not attempt to fingerprint visitors.

• To provide the service (UK GDPR Art. 6(1)(b), performance of a contract). Account data, schedule data, derived scores.
• To meet our legal obligations (Art. 6(1)(c)). Audit retention, responding to lawful requests.
• For our legitimate interests (Art. 6(1)(f)). Operating security, detecting fraud, improving reliability. We balance against the rights of data subjects and will stop any activity a customer reasonably objects to.

• Customer workspace data: for the life of the contract, deleted within 30 days of termination unless the customer requests export first.
• Audit events: 12 months, then aggregated for statistics only.
• Server logs: 30 days.
• Invoicing and tax records: 6 years, as required by HMRC.

All personal data is stored inside the United Kingdom or the European Economic Area. Specifically, Supabase project hosted in eu-west-2 (London) and Vercel application hosted in lhr1 (London). We do not transfer personal data outside the UK or EEA. If this ever changes, we will update this notice and contact affected customers before the transfer takes effect.

Only the subprocessors listed on the Subprocessors page, and only as needed to operate the service. We do not sell personal data. We do not use personal data to train machine learning models.

Under UK GDPR you can request access, correction, deletion, restriction, portability, and object to processing. If you are using Rotapulse through your employer, please contact your employer first (they are the controller of your workforce data). For data we hold as a controller, email compliance@rotapulse.co.uk.

You can also complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.

We use only the cookies required to run the service: a Supabase session cookie and its refresh cookie. No analytics, advertising, or tracking cookies are set.

Rotapulse is not directed at children. We do not knowingly collect data from anyone under the age of 16.