Privacy & Security
DutyHub is designed to protect responder logs with role-based visibility, so sensitive wellbeing and HR records stay private while teams still get the reporting they need.
Account data
Name, email, and authentication identifiers.
So we can securely identify and support each responder.
Service & role metadata
Service type, role, and organisation details.
Used to apply role-based access and tailored reporting.
Activity logs
Hours completed, job types, and job categories attended.
Creates structured evidence for reporting and visibility.
CPD logs
Training and professional development entries.
Keeps learning evidence consistent and accessible.
Wellbeing notes
Post-incident reflections and wellbeing signals.
Supports early workload and burnout indicators with privacy controls.
Applications data
DutyHub staff application records, when applicable.
To review and process applications safely.
Audit logs
Records of key changes and updates.
Provides accountability and governance visibility.
Visibility & access
Role-based access with least-privilege controls
Access is determined by role so members, managers, and HR only see what they need. See our Terms of Service and Acceptable Use Policy for usage expectations.
Member
- Log personal hours, categories, and CPD.
- View own wellbeing notes and notifications.
Manager
- Review team activity summaries.
- Access reporting relevant to their service area.
HR / Admin
- Access HR-specific fields and approvals.
- Review audit trails and compliance exports.
Authentication (Clerk)
We rely on a dedicated authentication provider to manage sign-in and account security.
Session security
Session handling is managed by our auth provider and the platform framework.
HTTPS in production
Production traffic is served over HTTPS to protect data in transit.
Audit trails
Key actions are recorded to support governance and accountability.
We may use essential cookies or analytics to keep DutyHub reliable. Read our Cookie Policy for the latest details.
Data retention
Retention aligned to organisational needs
We retain data while an account is active and support requests for corrections, exports, or deletion through support channels. Retention policies can be tailored by organisation. See the Data Retention Policy for details.
Report a security issue
Help us keep DutyHub safe
Please report security concerns via our support channel. Avoid sharing sensitive details publicly. See our Vulnerability Disclosure and Incident Response pages.
Policies & Legal
Read the policies that guide DutyHub
We keep policies clear and accessible so responders and organisations know how data is handled.
Privacy Policy
How we collect, use, and safeguard personal data.
Terms of Service
Rules and responsibilities for using DutyHub.
Acceptable Use Policy
Guidelines for safe and appropriate platform use.
Cookie Policy
Details on cookies and analytics usage.
Data Retention Policy
How long data is stored and when it is removed.
Vulnerability Disclosure
How to report security issues responsibly.
Incident Response
How we respond to security incidents.
Subprocessors & Third-Party Services
Services we rely on to run the platform.
Data Processing Addendum (DPA)
Organisation-level data processing terms.
Age Policy
Minimum age and youth privacy guidance.
Community Guidelines
Standards for community and Discord engagement.
Who can see my wellbeing notes?
Wellbeing notes are protected by role-based access. Visibility is limited to roles that require access.
Can HR see everything?
HR access is limited to HR-specific fields and approvals. Not all responder notes are visible by default.
Can I delete my notes?
You can request corrections or deletions through support. We’ll guide you through the process.
Do you share data with third parties?
We do not sell personal data. We only share data with trusted service providers needed to operate the platform.
How do notifications work?
Notifications are sent based on your preferences and workload signals you opt into.
What happens if I leave?
You can request account changes or deletion. Organisation policies may also apply to retained logs.
Where is data stored?
We use reputable cloud infrastructure and aim to keep data secure and accessible.
How do I request deletion or export?
Contact support and we’ll help with exports or deletion requests.
Ready to log with confidence?
Keep your responder logs private, structured, and audit-ready.