Privacy Policy

1. Introduction

Airota Limited ("we", "our", "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered staff scheduling platform ("Service").

We are registered in England and Wales and comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).

2. Data Controller

Airota Limited is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, please contact us at:

3. Information We Collect

We collect and process the following categories of personal data:

3.1 Information You Provide

• Account Information: Name, email address, password, company name, job title
• Employee Data: Staff names, contact details, employment details, availability, skills, certifications, and preferences
• Schedule Data: Shift patterns, working hours, time-off requests, and attendance records
• Payment Information: Billing address and payment card details (processed securely by our payment provider)

3.2 Information Collected Automatically

• Usage Data: Pages visited, features used, actions taken within the Service
• Device Information: IP address, browser type, operating system, device identifiers
• Cookies and Similar Technologies: See our Cookie section below

3.3 AI Processing

Our AI assistant "Milo" processes scheduling data to generate optimised schedules. This includes analysing patterns in availability, skills, and historical scheduling data. All AI processing is performed to provide and improve our Service.

4. Lawful Basis for Processing

Under UK GDPR, we process your data based on the following lawful bases:

• Contract: Processing necessary to provide our Service to you
• Legitimate Interests: Improving our Service, security, and fraud prevention
• Legal Obligation: Compliance with applicable laws and regulations
• Consent: Where required, such as for marketing communications

5. How We Use Your Information

We use your information to:

• Provide, maintain, and improve our scheduling Service
• Generate AI-powered schedules and recommendations
• Process transactions and send related information
• Send administrative messages, updates, and security alerts
• Respond to your enquiries and provide customer support
• Monitor and analyse usage patterns to improve user experience
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations

6. Data Sharing and Disclosure

We may share your information with:

• Service Providers: Third parties who perform services on our behalf (hosting, payment processing, analytics)
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Legal Requirements: When required by law or to protect our rights
• With Your Consent: In any other circumstances with your explicit consent

We do not sell your personal data to third parties.

7. International Data Transfers

Your data may be transferred to and processed in countries outside the UK. When we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO) or transfers to countries with adequate data protection laws.

8. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. When data is no longer required, it will be securely deleted or anonymised.

• Account data: Retained while your account is active and for 2 years after closure
• Schedule and attendance data: Retained for 6 years for legal compliance
• Payment records: Retained for 7 years as required by UK tax law

9. Your Rights

Under UK GDPR, you have the following rights:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data in certain circumstances
• Right to Restrict Processing: Request limitation of processing
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing based on legitimate interests
• Rights Related to Automated Decision-Making: Request human review of automated decisions

To exercise these rights, please contact us at privacy@airota.com. We will respond within one month.

10. Cookies

We use cookies and similar tracking technologies to enhance your experience. Essential cookies are required for the Service to function. Analytics cookies help us understand how you use our Service. You can manage cookie preferences through your browser settings.

11. Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption, access controls, and regular security assessments. However, no method of transmission over the Internet is 100% secure.

12. Children's Privacy

Our Service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the Service. Your continued use after changes constitutes acceptance of the updated policy.

14. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

15. Contact Us

For any questions about this Privacy Policy or our data practices, please contact: