How does Rostersmith generate rosters?

Rostersmith uses a constraint-based optimisation engine that evaluates thousands of possible assignments simultaneously. You define your scheduling rules once, and the solver produces a compliant first draft in under a second for any team size.

Can I manually override the generated roster?

Yes. You can lock any cell, change any assignment, and re-solve around your decisions. Every change creates a new version so nothing is ever lost. The system validates constraints in real time as you edit.

How does Rostersmith ensure fair shift distribution?

The fairness engine tracks on-call, weekend and shift distribution across all staff over time. Real-time dashboards show workload metrics, standard deviations and per-practitioner breakdowns. The solver actively balances assignments as part of roster generation.

What healthcare specialities does Rostersmith support?

Rostersmith adapts to any healthcare discipline including radiology, pathology, emergency medicine, anaesthetics, nursing and general practice. Each deployment uses discipline-specific vocabulary, position titles, scheduling rules and interface customisation.

Is my data secure and isolated?

Each organisation gets its own subdomain with complete data isolation. Rostersmith uses multi-factor authentication, role-based access control, full audit trails and enterprise-grade hosting on EU data centres. All data handling is POPIA-aligned.

How much does Rostersmith cost?

Pricing is per practitioner per month excluding VAT. Starter from R249, Professional R410, Business R549. Enterprise pricing is custom. All plans include a 14-day free trial and annual billing offers a 20% discount.

Privacy Policy

Name: Rostersmith
Author: Twisted Toast Digital

Last updated: 8 March 2026

This Privacy Policy explains how Twisted Toast Digital (Pty) Ltd (“we”, “us”, “our”), registration number 2011/007466/07, collects, uses, stores and protects your personal information when you use Rostersmith (“the Service”).

We are committed to protecting your privacy in accordance with the Protection of Personal Information Act, 2013 (POPIA) and other applicable data protection legislation.

1. Responsible Party

The responsible party for the processing of personal information under POPIA is:

Twisted Toast Digital (Pty) Ltd

Registration Number: 2011/007466/07

7 Cadiz Crescent, Dainfern Ridge, 2191

Johannesburg, South Africa

Email: rostersmith@twistedtoast.com

2. Information We Collect

2.1 Demo request and contact forms

When you submit a demo request or contact form, we collect your name, email address, organisation name, phone number (optional) and any message you provide.

2.2 Account and authentication data

When you create an account, our authentication provider (Clerk) collects your name, email address and, if you choose SSO, your Google or Apple account identifier. If you enable multi-factor authentication, additional verification data is stored by Clerk.

2.3 Scheduling and operational data

When you use the Service, we store practitioner names, positions, specialities, leave records, scheduling constraints, roster assignments and audit trail data. This data is entered by your organisation's administrators.

2.4 Analytics data (with consent)

If you accept cookies on our marketing site, we use Google Analytics to collect anonymous usage data including pages visited, time on site and referral source. This data is not collected if you decline cookies. No analytics tracking occurs within the dashboard application.

2.5 Technical data

We automatically collect IP addresses, browser type and device information for security purposes (rate limiting, fraud prevention) and service delivery.

3. How We Use Your Information

We process your personal information for the following purposes:

(a) Service delivery: generating rosters, managing practitioner data, producing fairness reports and maintaining audit trails.

(b) Communication: responding to demo requests, sending roster notifications, and providing support.

(c) Analytics: understanding how visitors use our marketing site to improve content and user experience (only with consent).

(d) Security: preventing abuse, enforcing rate limits and detecting unauthorised access.

(e) Legal compliance: meeting our obligations under applicable law.

4. Lawful Basis for Processing

Under POPIA, we process your personal information on the following grounds:

(a) Contract: processing necessary to provide the Service under your subscription agreement.

(b) Consent: analytics cookies are only loaded after you explicitly accept them.

5. Third-Party Processors

We use the following third-party service providers to operate the Service. Each processes data only as necessary to provide their service:

Provider	Purpose	Data Location
Vercel	Application hosting	Global edge network
Neon	PostgreSQL database	EU (Frankfurt)
Clerk	Authentication and user management	United States (SOC 2 Type II)
Google Analytics	Website analytics (consent required)	United States
Resend	Transactional email delivery	United States
Railway	Constraint solver compute (no data persistence)	United States

We do not sell, rent or share your personal information with any third parties for marketing purposes.

6. Data Isolation

Rostersmith is a multi-tenant application. Each organisation's data is logically isolated at the database level using tenant-scoped queries. No organisation can access another organisation's data.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal information:

(a) Encryption in transit (TLS 1.3) and at rest (AES-256)

(b) Enterprise-grade authentication with MFA support

(d) Automated daily database backups with point-in-time recovery

(e) Security headers on all HTTP responses

(f) Rate limiting on public-facing endpoints

For more detail, see our Trust & Security page.

8. Data Retention

(a) Active subscriptions: data is retained for the duration of the subscription.

(b) After cancellation: data is available for export for 30 days, after which it may be permanently deleted.

(d) Analytics data: Google Analytics retains data according to its own retention policy. We use the default 14-month retention period.

(e) Audit logs: retained for the duration of the subscription plus 12 months for compliance purposes.

9. Cookies

Our marketing site uses a cookie consent banner. Analytics cookies (Google Analytics) are only loaded after you explicitly accept. If you decline, no analytics tracking occurs.

The dashboard application uses essential cookies for authentication (Clerk session cookies). These are strictly necessary for the Service to function and do not require consent.

Your cookie preference is stored in your browser's local storage and can be changed at any time by clearing your browser data.

10. Your Rights Under POPIA

As a data subject, you have the following rights under POPIA:

(a) Right of access: request confirmation of whether we hold your personal information and obtain a copy.

(b) Right to correction: request correction of inaccurate, irrelevant, excessive, out-of-date or misleading personal information.

(c) Right to deletion: request deletion of your personal information where it is no longer necessary for the purpose for which it was collected.

(d) Right to object: object to the processing of your personal information on reasonable grounds.

(e) Right to complain: lodge a complaint with the Information Regulator of South Africa.

To exercise any of these rights, contact us at rostersmith@twistedtoast.com. We will respond within 30 days.

11. Cross-Border Transfers

Some of our third-party processors are located outside South Africa (see Section 5). We ensure that any cross-border transfer of personal information is conducted in accordance with POPIA Section 72, with appropriate safeguards in place.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Service. The “Last updated” date at the top of this page indicates when the policy was last revised.

13. Contact

For privacy-related questions or to exercise your rights, contact us at:

Twisted Toast Digital (Pty) Ltd

Registration Number: 2011/007466/07

7 Cadiz Crescent, Dainfern Ridge, 2191

Johannesburg, South Africa

Email: rostersmith@twistedtoast.com

Website: twistedtoast.com

You may also lodge a complaint with the Information Regulator of South Africa at inforegulator.org.za.