Legal
Privacy Policy
Last updated · 10 June 2026
Rouz ("Rouz", "we", "us") is a hosted alerting and on-call platform operated from Australia. This policy explains what we collect when you use rouz.dev and the Rouz applications, why we collect it, and the choices you have. We collect the minimum we need to run the service, and we don't sell your data or use it for advertising.
Information we collect
- Account details — your name, email address and a hashed password, plus multi-factor and passkey credentials if you enrol them.
- Contact methods — phone numbers and email addresses that you or your organization's administrators add so Rouz can page you by push, SMS or voice call.
- Device tokens — push-notification tokens for devices you sign in on, so we can deliver pages to them.
- Alert and incident content — the messages your organization publishes into Rouz (alert titles, bodies, tags, priorities) and the incident timelines they generate, including who acknowledged or resolved what, and when.
- Voicemail and call data — if your organization uses inbound call flows, we store call metadata, voicemail recordings and machine-generated transcripts, and attach them to incidents.
- Operational logs — sign-in events, audit records of administrative actions, IP addresses and similar telemetry needed for security and debugging.
Callers and message recipients: if you phone a number routed by Rouz or receive a page from it, your number, the recording you choose to leave and a transcript of it are processed on behalf of the organization that operates that number.
How we use it
- To deliver the service: routing alerts, paging on-call responders, escalating unacknowledged incidents and keeping incident history.
- To secure accounts: authentication, MFA, rate limiting and abuse prevention.
- To support you and fix problems, using operational logs.
We do not sell personal information, share it for advertising, or use tracking cookies. The only cookies we set are required for signing in.
Who we share it with
We share data only with the providers required to deliver pages, acting on our instructions:
- Twilio — SMS/RCS delivery, voice calls and call recordings.
- Apple — push notifications to iOS and macOS devices.
- Google — RCS business messaging, where available.
- Infrastructure providers — hosting for our servers, databases and backups.
Some providers process data outside Australia (for example, Twilio and Apple operate globally). We may also disclose information where the law requires it.
Retention
Account data is kept while your account is active. Incident history, recordings and transcripts are kept so your organization keeps its operational record; organization administrators can delete them. When an account or organization is deleted, associated personal data is removed from production systems promptly and from backups as they rotate.
Security
Traffic is encrypted in transit (TLS). Passwords are stored hashed, API tokens are stored as digests, access is role-based per organization, and administrative actions are audit-logged. No system is perfectly secure, but eligible data breaches will be notified in line with the Australian Notifiable Data Breaches scheme.
Your rights
You can access and correct your account details in the app. You may request a copy of your personal information, ask us to correct it, or ask us to delete it by emailing hello@rouz.dev. We handle personal information in accordance with the Australian Privacy Principles, and you may complain to the Office of the Australian Information Commissioner if you're unsatisfied with our response.
Changes
If this policy changes materially, we'll note it here and update the date above. Questions? hello@rouz.dev.