Rostara is a sports team management app for organizing pickup games, tracking
ratings, balancing teams, and managing shared group expenses. This policy
explains what data we collect, why we collect it, and what your rights are.
We aim to collect the minimum needed to make the app work.
What we collect
-
Account info. Email address and display name when you
sign up, plus a password hash managed by Firebase Authentication. We
never store your raw password.
-
Group activity. Groups you belong to, your role in
each group, events you create or RSVP to, ratings you submit or
receive, ledger entries you create, and notices or reactions you
post. This is the data the app needs to function.
-
Optional event metadata. If an admin enters a venue,
date, or notes for an event, that text is stored alongside the event.
Rostara does not request or use your device's GPS location.
-
Push notification tokens. If you enable
notifications, we store the FCM token for your device so we can
deliver alerts (event go-live, RSVP closed, payment approvals, etc.).
You can disable individual categories in the in-app notification
settings.
-
Diagnostic data. Server logs (timestamps, IP
address, error traces) are kept by Firebase for security and
reliability. The app also reports crash and error diagnostics
to Firebase Crashlytics — stack traces, device model, OS
version, and app state at the moment of the crash — so we can
fix bugs that affect real users. Crash reports are not tied to
your name or email beyond the Firebase Installation ID, which
is anonymous and resets if you reinstall. You can opt out of
crash reporting at any time from Menu → Privacy & data
in the mobile app; the setting is per-device and takes effect
immediately.
-
Usage analytics. The app uses Firebase Analytics
to understand which features are used and how well the product
works — for example, whether signups complete successfully, how
often events are created, and whether the team balancer is used.
The events we log carry only structured values (counts, status
enums, booleans) — never names, emails, group names, or other
free-text fields. Approximate city-level location may be derived
from your IP address by Firebase. We do not run advertising SDKs
and the Apple/Google advertising identifier is disabled.
Why we collect it
- To provide core app features: authentication, group membership, ratings, team balancing, RSVPs, and bookkeeping.
- To deliver notifications you've opted into.
- To detect and prevent abuse (spam joining, unauthorized data access, fraud).
We do not sell your data, share it with advertisers, or use it to
build a profile of you outside the app.
Who can see your data
Rostara groups have three roles, each with progressively more
visibility into the group's data:
-
Members can see your display name, your role
label, your RSVPs to events, and anything you post in the group
(notices, reactions, ledger entries you create). Individual
ratings you give to other members are private — the
rater is the only person who sees the score they entered.
Aggregated ratings are visible only to the rated person and to
admins, never broken down by who rated them.
-
Admins see everything members see plus group
management surfaces: which member profiles have been claimed,
rename non-owner members, remove members, override RSVPs, and
approve or decline ledger entries. Admins still do not see
individual rating scores — only aggregates.
-
Owners see everything admins see plus group-level
controls: regenerating the invite code, deleting the group,
promoting or demoting admins. The owner is the user who created
the group; there is exactly one per group.
Outside the group, your data is shared with:
-
Service providers. Rostara is built on Google
Firebase (Authentication, Firestore, Cloud Functions, Cloud
Messaging, Hosting). Firebase processes your data on our behalf
under Google's privacy terms.
-
Legal requirements. We may disclose data when
legally compelled (subpoena, court order). We will tell you when
permitted to.
Your rights
-
Access and export. Open Menu → Privacy &
data → Export my data in the app to download a JSON file
containing your profile, memberships, RSVPs, ratings (given,
plus aggregates received), ledger entries you authored, and
notification settings. The download is immediate; if you'd
rather receive it by email or need a different format, contact
us and we'll respond within 30 days.
-
Correction. Most fields (display name, email) you
can edit yourself in the app's profile settings.
-
Leaving a group. You can leave any group at any
time from the group settings menu. Your link to the group (your
membership and authentication tie) is removed immediately, but
the group's historical record of you — RSVPs you submitted,
ratings you gave or received, ledger entries you created or were
a party to — remains in the group under your former member
profile, now marked as unclaimed. This protects the group's
collective history (rating averages, ledger balances, attendance
records) from being distorted for the members who stayed. Group
admins or the owner may, at their discretion, fully delete that
former profile, anonymize specific entries, or retain it as part
of the group's records.
-
Account deletion. This is distinct from leaving
a group. You can delete your account at any time from inside the
Rostara app: Profile → Delete account. We remove
your authentication record, email, password hash, notification
tokens, and personal profile immediately, and you can no longer
log in. Ratings you have given to other members are deleted and
their averages are recomputed. Notices and ledger entries you
authored remain in their groups for historical accuracy but are
anonymized — your name is removed and replaced with
"deleted‑user". Other group records attributed to your
former member profiles (RSVPs, ratings you received, ledger
entries you were a party to) are governed by the rule above —
they remain part of those groups' history unless an admin
chooses to delete them. If you cannot access the app, email
info@rostara.app and we
will process the deletion within 30 days as required by GDPR.
-
Notification opt-out. Toggle off any notification
category from the app's settings menu at any time.
Children
Rostara is intended for adult recreational sports groups. We do not
knowingly collect data from children under 13. If you believe a child
has registered, contact us and we will delete the account.
Data retention
We keep your data for as long as your account is active. Closed
accounts are deleted within 30 days of request. Server diagnostic
logs are retained for up to 90 days for operational and security
purposes.
Security
Data in transit is encrypted via HTTPS. Data at rest is encrypted by
Firebase. Access to production data is restricted to the developer
account holder. We patch dependencies regularly. No system is
perfectly secure — if you spot a vulnerability, please report it
responsibly to the email below.
Changes to this policy
We may update this policy as the app evolves. Material changes will
be announced inside the app and the effective date above will be
updated. Continued use of Rostara after a change constitutes
acceptance of the new policy.
Contact
Questions, requests, or concerns:
info@rostara.app