Privacy
Plain language, short list
A rota system holds real people's working lives. Here is exactly what that means in practice.
01
What we store
Names, work email addresses and the scheduling facts a rota needs: shifts, requests, leave records, trades, absences, availability and the flags a department sets (senior, medical resident, assessment-capable, night group). For contact-form messages: what you wrote, with a timestamp.
02
Why we store it
To build and run your department's rota. That is the only purpose. There is no advertising, no profiling, no resale of anything, ever.
03
Who can see it
Your department: schedulers see the department's data because scheduling is their job; doctors and sessionals see the published rota and their own records. Platform-level access for support exists, shows a visible banner when used, and is written to the audit log.
04
Emails
We send sign-in links, request-window reminders, publish announcements and scheduler notifications, and we log each send so your scheduler can verify what went out. No marketing sequences.
05
Cookies
One session cookie after you sign in, plus a short-lived cookie for form confirmation messages. No analytics cookies, no third-party trackers, on either this site or the app.
06
Security
Sign-in links are single-use, stored only as hashes, and expire in 20 minutes. Data lives in a managed PostgreSQL database, transport is TLS everywhere, and consequential actions are recorded in an append-only audit log.
07
Retention and deletion
Rota history is kept because departments need their archive; it is theirs, exportable at any time in the workbook format. When a department leaves, its data is exported on request and then deleted. Individuals can ask their scheduler, or us directly, for correction or removal of their personal records.
08
Where we are honest about limits
Medrota is young and run by a small team. We do not claim certifications we do not hold. If your organisation needs specific guarantees, data residency or a processing agreement, contact us before onboarding and we will either meet the requirement or say plainly that we cannot yet.
09
Questions
sirromariof@gmail.com reaches a person, not a queue. This note was last updated on 5 July 2026 and any future change will be dated here.