Privacy Policy

The StaffApp™ is a staff development platform designed for restaurant and hospitality operators. We provide tools for employee check-ins, performance documentation, progressive discipline, 90-day onboarding milestones, and career progression tracking. References to "we," "our," or "the platform" mean The StaffApp™ and the operator company that has engaged us to manage their workforce data.

We collect the following categories of data:

• Identity data: first name, last name, email address.
• Employment data: hire date, position, department, station, location.
• Performance data: check-in notes, self-assessment scores, supervisor observations, flag reasons, follow-up commitments.
• Discipline records: verbal warnings, written warnings, separation warnings, commendations, and any written responses you submit to those records.
• Progression data: 90-day milestone completion records, assessment results, career progression plans.
• Account data: encrypted authentication credentials managed by Supabase Auth; we do not store plaintext passwords.
• Usage data: timestamps of logins and data submissions, collected for audit and security purposes.

Your data is used exclusively to:

• Operate and display the platform to you and your employer.
• Maintain your employment development record.
• Send you notifications related to your record (e.g., new entries, responses).
• Generate aggregate, anonymised analytics for your employer (e.g., team check-in completion rates).
• Meet our legal obligations for data security and breach notification.

We do not sell, rent, or share your personal data with third parties for marketing purposes. We do not use your data to train AI or machine-learning models.

Access is role-gated within the platform. Your employer controls who has access to your record:

• Staff (you): your own profile, shared check-in notes, your own discipline/commendation record, and your own right-of-reply responses.
• Supervisors (GM/Manager): staff records at their assigned location.
• Owners: all records across all locations within their company.

The StaffApp™ personnel do not access individual employee records except when required for technical support, with explicit written authorisation from the operator.

Discipline and performance records are retained for the duration of employment and for a period of no less than three (3) years following separation, in accordance with typical employment records legislation. Operators may request deletion of specific records in accordance with applicable law.

The progressive discipline record resets for display purposes after 365 days without a new infraction, but the underlying record is retained as a permanent audit trail.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data (subject to legal retention requirements).
• Object to or restrict certain processing activities.
• Submit a written response (right-of-reply) to any discipline entry on your record — this right is built into the platform.

To exercise any of these rights, contact your employer's designated HR representative, or reach us directly at support@thestaffdevapp.com.

Data is stored in a Supabase-managed PostgreSQL database with row-level security policies enforced at the database layer. All data is encrypted in transit (TLS 1.2+) and at rest. Authentication uses Supabase Auth with magic-link email verification.

We will notify operators of material changes to this policy by email at least 30 days before they take effect. Continued use of the platform after that date constitutes acceptance of the updated policy.

Questions about this policy: support@thestaffdevapp.com