1. The Architectural Premise: Data Minimization

GlassRota operates on a strict principle of Data Minimization. We are a diagnostic planning interface, not a core HR system of record. We mathematically engineer operational schedules; we do not process payroll. Therefore, we explicitly refuse to ingest or store sensitive personal identifiers.

2. Our Role in the Ecosystem

Under global data protection frameworks (including GDPR, UK GDPR, and CCPA), your organization remains the Data Controller. GlassRota operates exclusively as the Data Processor. Your legacy HR software remains your ultimate data repository and system of record.

3. The Telemetry We Collect

To run our algorithmic validation models, we require only the operational data necessary to compute a schedule. We collect and store:

• First Name and Initial/Last Name.
• Operational Role or Department.
• Contracted baseline hours and maximum legal working thresholds.
• System utilization data (manager login frequency, audit logs, and UI interaction telemetry to optimize algorithmic performance).

4. The Telemetry We Refuse

We do not ask for, nor will our database accept:

• National Insurance Numbers, Social Security Numbers, or equivalent government identifiers.
• Bank account details, tax codes, or financial routing information.
• Home addresses, personal phone numbers, or demographic data.
• Health records or right-to-work documentation.

5. Enterprise Infrastructure & Zero-Trust Architecture

GlassRota is deployed entirely on Google Cloud Platform (GCP). By leveraging this foundation, our infrastructure inherits Google’s enterprise-grade compliance certifications, including SOC1, SOC2, SOC3, and ISO 27001. To satisfy enterprise IT procurement and security audits, our architecture enforces the following protocols:

• Encryption Standards: All operational data is strictly encrypted at rest using the AES-256 standard. All data in transit is encrypted using HTTPS and TLS 1.2+ protocols.
• Absolute Tenant Isolation: We employ a strict, Zero-Trust multi-tenant architecture. Security and isolation are not handled by the front-end interface; they are enforced at the absolute database layer via Firestore Security Rules. Every read or write request must present a cryptographically signed JWT (JSON Web Token). If a user’s token does not explicitly contain the correct venue authorization claim, the database physically rejects the request, making cross-tenant data leakage mathematically impossible.
• Role-Based Access Control (RBAC): Access to data is rigidly controlled. General Managers can only view data associated with their specific venue ID, while Operations Directors inherit aggregated viewing permissions based on organizational hierarchy.
• Elastic Scalability: The application utilizes a serverless, horizontally scaling architecture. Real-time document storage and client-side rendering ensure that even if hundreds of managers update schedules simultaneously, the infrastructure dynamically provisions resources to maintain sub-second latency without data bottlenecks.
• Data Residency & Backups: Automated, secure backups are handled directly by GCP. Depending on your operational jurisdiction, data residency can be restricted to specific regional data centers (e.g., US, EU, or UK) to ensure your data never crosses international borders in violation of local data protection laws.

6. Data Retention and Erasure

Upon termination of your Enterprise or Standard license, your tenant environment is decommissioned. All schedule histories, par models, and staff matrices associated with your organization are permanently purged from our active databases within 30 days, in strict alignment with our data processing agreements.

1. The Service Boundary

GlassRota is a B2B SaaS platform providing algorithmic scheduling diagnostics and labor optimization tools for the hospitality sector. GlassRota acts as a pre-publication planning environment and validation engine. We provide the mathematical modeling; you make the final operational decisions.

2. Limitation of Operational Liability

GlassRota identifies potential cost inefficiencies, budget overruns, and compliance risks (such as consecutive shift violations or legal rest period breaches) based on the operational parameters configured by your management team. However, GlassRota is not a substitute for your legal counsel or internal HR compliance department.

• The final decision to publish a schedule rests entirely with your Operators.
• GlassRota Ltd assumes zero liability for labor disputes, compliance fines, wage discrepancies, or operational financial losses incurred following the use or misuse of our software. Your legacy HR platform remains your definitive system of record and ultimate compliance authority.

3. Commercial Terms & Subscription Mechanics

• The Trial: The 14-Day Free Trial provides unrestricted access to the GlassRota Enterprise suite. Upon expiration, access to the active planning environment will be frozen until a valid payment method is authorized.
• Billing: Subscriptions are billed monthly in advance.
• Cancellation: You operate on a rolling monthly contract. You may terminate your subscription at any time. We do not provide prorated refunds for partially utilized billing cycles.

4. Uptime & Architectural Availability

We target a 99.9% uptime SLA for Enterprise accounts. Because GlassRota runs on horizontally scaling, serverless infrastructure, we guarantee high availability regardless of concurrent user load. In the rare event of scheduled maintenance, operators will be notified 48 hours in advance.

5. Intellectual Property & Acceptable Use

The algorithms, UI design, validation logic, and diagnostic methodologies are the exclusive intellectual property of GlassRota Ltd. You may not:

• Reverse engineer, decompile, or attempt to extract the source code of the Auto-Assign engine or validation matrix.
• Resell, sublicense, or white-label the software without an explicit Enterprise Partnership agreement.
• Utilize automated scraping tools against our infrastructure or APIs.

6. Termination of Access

We reserve the right to immediately terminate or suspend access to the platform for any organization found to be actively attempting to breach tenant isolation protocols, uploading malicious payloads, violating acceptable use policies, or failing to meet commercial billing obligations.