OnCallRadar
Sign inGet started

Privacy Policy

Last updated: June 9, 2026

The privacy of your data — and it is your data, not ours — is a big deal to us. This policy lays out what we collect and why, how your data is handled, and your rights with respect to it. We have never sold personal data, and we never will.

This policy applies to OnCallRadar(the “Service”) and to our handling of information about visitors, prospective customers, and the customers and authorized users who use the Service. We refer to all of these people collectively as “you”.

OnCallRadaris a multi-tenant on-call roster. When an organization adds you to its roster and records how to reach you, that organization is the controller of that information and we process it on the organization’s behalf and under its instructions. If you were added to a roster by someone else and have questions about that, please contact the organization that added you. The rest of this policy describes how we, as a company, handle information for which we decide the purpose and means.

What we collect and why

Our guiding principle is to collect only what we need to run an on-call roster.

Identity and access

When you create an account — with Google or with an email address and password — we ask for identifying information such as your name and email address, so we can personalize your account and send you essential, transactional notices about the Service. If you sign in with Google, we receive your name, email address, and profile picture from Google. If you sign up with a password, we store a one-way bcrypt hash of that password; we never store the password itself. We also store your timezone and clock preferences so the roster shows the right time for you.

Roster and contact methods

The whole point of the Service is to answer “who do I call now?” To do that we store the contact channels you or your administrators add — for example a phone number, WhatsApp, Signal, or Telegram handle — and display them to other members of your organization so they can reach whoever is on call. Provide only the contact details you are comfortable sharing with your team.

Schedules and account content

We store the content you create in the Service: your organization and its settings, schedules, rotations, shifts, change proposals and approvals, the resulting change log, invitations, and notifications. We keep this content as long as your account is active. This is so the Service works as intended — a single, accountable source of truth for who is on call.

Security and access logs

We log account access — including IP addresses and timestamps — for security, fraud prevention, and debugging. We keep this for as long as your account is active. We use these logs to investigate suspicious activity and to protect the Service and its users.

Cookies

We use a single, essential first-party cookie to keep you signed in. Your session is carried in a signed token (JWT) in that cookie; we do not keep a server-side record of your session. We do not run third-party advertising or cross-site tracking cookies. If you block the session cookie, you will not be able to sign in.

What we do not collect

The Service is currently free, so we do not ask for or process payment-card information. We do not send marketing email, and we do not build advertising profiles about you.

When we access or disclose your information

To provide the Service. We use a small number of third-party subprocessors to run the Service: a cloud hosting provider that operates our servers and PostgreSQL database, Google for Sign-In, and a transactional email provider for account notices where that feature is enabled. Each processes data only to provide its part of the Service.

To help with a support request, with your permission. No one at OnCallRadarlooks at the content in your account except for limited purposes with your express permission — for example, if you ask us for help, or if an error stops an automated process and requires manual intervention. In those rare cases we look at the minimum necessary and work to fix the root cause.

When required under applicable law. Our policy is not to respond to government requests for user data unless we are compelled by valid legal process. Where we are legally able, we will notify the affected account before disclosing data.

Aggregated and de-identified data. We may aggregate or de-identify information and use it for any purpose, including improving and measuring the Service.

Business transfers. If OnCallRadar is acquired by or merged with another company, we will notify you before any personal information is transferred or becomes subject to a different privacy policy.

Your rights with respect to your information

We strive to apply the same data rights to all customers, regardless of where they live:

  • Right to know and access what personal information we hold about you and how it is used.
  • Right to correction of inaccurate personal information.
  • Right to erasure. You may ask us to delete your personal information, subject to limits in applicable law. Deleting some information may mean we can no longer provide the Service to you.
  • Right to restrict or object to certain processing of your information.
  • Right to portability — to receive a copy of your information.
  • Right to complain to your local supervisory authority, and the right to non-discrimination for exercising any of these rights.

As we are established in the European Union and process personal data under the EU General Data Protection Regulation (GDPR), our lead supervisory authority is the Commission for Personal Data Protection (CPDP) of Bulgaria. You may lodge a complaint with the CPDP or with the supervisory authority in your own country of residence.

Many of these can be exercised directly by signing in and updating your account. For anything else, or to verify your identity for a request, email us at [email protected]. If an organization added your information to its roster, please direct erasure and correction requests to that organization, which controls that data.

How we secure your data

All data is encrypted in transit using TLS, and our database backups are encrypted. For the full picture of how we protect your data, see our Security overview.

What happens when you delete content or your account

Content you delete in the Service becomes inaccessible immediately. If you delete your account, your personal content becomes immediately inaccessible and is purged from our active systems within 60 days, and from encrypted backups shortly thereafter. Some records, such as the change log entries that attribute past approvals, may be retained or de-identified where we have a legal obligation or legitimate interest in keeping them.

Data retention

We keep your information for as long as your account is active and for as long afterward as is necessary for the purposes it was collected — to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements — after which we delete or aggregate it.

Location of site and data

The Service is operated in the European Union. If you are located elsewhere, please be aware that the information you provide will be transferred to and stored in the European Union. By using the Service, you consent to this transfer.

Changes and questions

We may update this policy to reflect new practices or to comply with relevant regulations. When we make a significant change, we will refresh the date at the top of this page. Questions, comments, or concerns about this policy or your data? Email us at [email protected] and we will be glad to help.