RosterdecK

Privacy Policy

Last updated: 4 June 2026

1. Who We Are

RosterDeck is a talent booking and management platform designed for casting agents and supporting artists. This policy explains how we collect, use, share, and protect personal data when you use our platform.

2. Data We Collect

Supporting Artists

  • Name, email address, and phone number
  • Physical measurements (height, weight, shoe size, chest, waist)
  • Gender and playing-age range
  • Profile photos (headshots, selfies, full-length images)
  • Experience types, skills, and wardrobe preferences
  • DBS certification dates
  • Availability and booking history
  • Timesheet data (call times, arrival, wrap times, overtime, attendance)
  • Ethnicity (Optional): This is collected strictly on an opt-in basis with explicit consent for casting purposes because it is considered Special Category Data. You may always choose 'Prefer not to say'.

Agents & Casting Directors

  • Name, email address, and phone number
  • Agency name, agency email, website, and phone
  • Account preferences and organisation affiliation

Automatically Collected

  • Authentication data via Google OAuth or email/password sign-in
  • Session cookies required to keep you logged in
  • Email delivery status (sent, bounced) for platform notifications

3. How We Use Your Data

  • To create and manage your account and profile
  • To allow agents to search, filter, and book talent from their roster
  • To track DBS issue dates to ensure safeguarding compliance for productions
  • To send availability checks, booking confirmations, and call sheets via email
  • To share cast lists with production companies for approval
  • To generate and manage digital timesheets
  • To track email delivery and update roster status when emails bounce
  • To maintain platform security and prevent abuse

4. Data Shared with Third Parties

Casting Agents

When you join an agent's roster — whether through the members area, by invitation, or by accepting a roster request — the agent gains access to your personal data including: name, email address, phone number, physical measurements, images, availability, booking history, timesheet data, and email communication logs. This is necessary for the agent to manage bookings and communicate with you. Access is restricted to agents within the same organisation through row-level security policies.

Production Companies

When an agent submits a cast list for production approval, the following data is shared with the production company via a secure, time-limited link: talent names, headshots, physical descriptions, and role assignments. Agents may also share additional details with production companies as part of normal booking operations, such as contact details on call sheets. Production companies can approve, decline, or provide feedback on individual cast members.

Data Downloads

Agents and production companies may download data from the platform as part of normal operations. This includes roster data, cast lists for production approvals, and timesheet records. Once downloaded, that data is held by the respective agent or production company and is subject to their own data handling practices.

AI Assistant Features

RosterDeck includes optional AI-powered chat assistants on agent dashboards and on public approval and timesheet pages opened by production companies. When the assistant is used, your message and the relevant context are sent to our AI service providers — OpenAI and Google — to generate a response. We have disabled both providers' “use my data for model training” options, so your data is not used to train AI models. Providers may retain inputs and outputs for up to 30 days for abuse monitoring, after which the data is deleted. Agencies can disable the public-facing AI chat at any time in their agency settings.

Service Providers

ProviderPurposeData Shared
SupabaseDatabase, authentication, file storageAll account and profile data
ResendEmail deliveryRecipient name, email, job details
GoogleOAuth authenticationEmail and basic profile info
OpenAIAI assistant chat (agent and public pages)Your chat messages and booking context (job title, cast first names and roles); not used for model training
Google (Gemini)AI assistant chat — fallback model when OpenAI is unavailableYour chat messages and booking context (job title, cast first names and roles); not used for model training
VercelApplication hostingServer logs and performance data

5. Cookies & Local Storage

We use essential cookies to maintain your authenticated session. We also store a cookie-consent preference in your browser's local storage so you are not asked to accept cookies on every visit. We do not use advertising cookies or third-party tracking pixels.

6. Profile Visibility

Artists control their own visibility through a “discoverable” setting, which is off by default. Your profile only appears in the agent Members directory if you actively switch this setting on, and you can switch it off again at any time. An agency adding you to its roster does not change this setting — only you can.

If you join RosterDeck for the first time through an invitation from an agency that has not switched on Networking Mode, the discoverable setting is not available on your profile until you become eligible — which happens automatically when that agency switches Networking Mode on, or as soon as a second, independent agency adds or invites you. Artists who register independently are not affected. Full details are in our Terms of Service.

Profile images stored on the platform are accessible to agents within your roster. Images shared as part of production approvals are visible to production personnel through secure, token-based links.

7. Data Security

  • All data is transmitted over HTTPS encryption
  • Database access is protected by row-level security policies ensuring agents can only view data within their own organisation
  • Production approval and timesheet links use unique, unguessable tokens that expire after a set period
  • Profile images are processed, compressed, and stored securely in Supabase Storage
  • Authentication is handled by Supabase Auth with support for Google OAuth

8. Data Retention

  • Account and profile data is retained for as long as your account is active
  • Email communication logs are retained to support delivery tracking and roster management
  • Timesheet records are retained as part of the booking history
  • When an agent deletes a job, all associated data (dates, assignments, emails, approvals) is permanently removed
  • Email response tokens expire after 24 hours; timesheet tokens expire 48 hours after the shoot date

Production & Booking Records

If you have worked on productions through the platform, minimal data — specifically your name and timesheet records — will be retained for at least 7 years to comply with HMRC and standard UK tax/employment record-keeping requirements, even if you request account deletion. All other personal data (contact details, measurements, images, and profile information) will be removed upon account closure.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data (subject to the retention terms in Section 8)
  • Object to or restrict certain processing of your data
  • Request a portable copy of your data

Please note that data previously downloaded by agents or production companies (such as roster exports, approval records, or timesheets) is outside our control once downloaded. Deletion requests apply to data held on the RosterDeck platform only.

To exercise any of these rights, please contact us using the details below.

10. Changes to This Policy

We may update this policy from time to time. If we make material changes, we will notify you through the platform or by email. Continued use of RosterDeck after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this privacy policy or your personal data, contact us at support@rosterdeck.com.

← Back to home