ROLECALLLegal

Privacy Policy

The rules of engagement for our shared stage

Last updated April 14, 2026

Version 2026-04-14.1

RoleCall Privacy Policy

Effective Date: April 14, 2026 Last Updated: April 14, 2026

RoleCall ("RoleCall," "we," "us," or "our"), operated by RoleCall Studios LLC, operates the RoleCall platform at rolecallstudios.com. This Privacy Policy explains how we collect, use, share, and protect your information when you use our service.

By using RoleCall, you agree to the collection and use of information as described in this policy.

1. Information We Collect

1. Information We Collect

1.1 Account Information

We collect the following when you create an account:

  • Email address
  • Username
  • Age confirmation (you must confirm you are 18 or older)

We do not collect your birthdate.

1.2 Payment Information

Payment transactions are processed by third-party payment providers. We do not store credit card numbers or full payment details on our servers. We retain transaction records (amount, date, subscription status) for accounting purposes.

1.3 User Content

To provide the service, we store content you create and manage, including characters, lorebooks, presets, personas, and prompts. This content is stored in your private Library and is not publicly visible.

1.4 Chat Data (End-to-End Encrypted)

Your chat messages are encrypted using AES-256-GCM with a key derived from your 12-word BIP39 Recovery Phrase. Messages are encrypted on your device before transmission. We store only encrypted data on our servers. We cannot read your chat content.

The following chat-related data is NOT encrypted:

  • Chat summaries (used for AI context features)
  • Group chat messages (obfuscated but not end-to-end encrypted)
  • Metadata (timestamps, character IDs, session IDs)

1.5 BYOK API Keys

If you use the Bring Your Own Key (BYOK) feature, your API keys are encrypted using AES-256-GCM with a key derived from your Recovery Phrase. Encryption and decryption happen entirely on your device. We store only the encrypted result. We cannot decrypt your API keys.

1.6 Device Information

We collect basic device information including browser type, operating system, and device type.

1.7 IP Addresses

We collect IP addresses for security purposes, including abuse detection and ban enforcement. IP address logs are retained for 90 days.

1.8 Usage Data

We collect usage data such as session length, features used, and usage patterns to understand how people use the service.

1.9 Analytics

We use custom first-party analytics stored in our own database. We do not use third-party analytics services. We do not use advertising trackers. We honor Do Not Track browser signals.

We do not use your content to train AI models.

2. End-to-End Encryption

2. End-to-End Encryption

2.1 What Is Encrypted

  • All one-on-one chat messages
  • BYOK API keys stored on our servers

Encrypted data is protected by your Recovery Phrase. Without your Recovery Phrase, nobody — including us — can read this data.

2.2 What Is NOT Encrypted

  • Account information (email, username)
  • Library content (characters, presets, lorebooks — stored readable for management features)
  • Chat summaries and memory chunks
  • Group chat messages
  • Metadata (timestamps, session IDs)
  • Payment records

2.3 Recovery Phrase

Your Recovery Phrase is shown once during setup. We do not store it. If you lose it, your encrypted data cannot be recovered. This is a deliberate security design choice.

3. How We Use Your Information

3. How We Use Your Information

We use collected information to:

  • Provide, operate, and maintain the Service
  • Process payments and manage subscriptions
  • Route your requests to AI providers when using BYOK
  • Store and manage your Library content
  • Detect and prevent abuse, spam, and violations of our Terms
  • Respond to support requests
  • Send transactional emails (account verification, payment receipts, subscription notices)
  • Send optional platform update emails (you may opt out at any time)
  • Improve the Service based on usage patterns
  • Comply with legal obligations

We do not use your content to train AI models.

4. Information We Share

4. Information We Share

4.1 AI Providers (BYOK)

When you use BYOK to connect a third-party AI provider, your chat messages (in decrypted form) are sent to that provider's API for processing. This data sharing is initiated by you and is governed by your AI provider's privacy policy. We do not control how providers handle your data.

Providers you may connect include OpenAI, Anthropic, Google, and others. Review their privacy policies before connecting your keys.

4.2 Service Providers

We use the following third-party services to operate the platform:

  • Supabase — Database hosting, authentication, and file storage
  • Railway — Application hosting
  • Stripe / Creem — Payment processing
  • Resend — Transactional email delivery
  • Sentry — Error tracking and monitoring

These providers process data on our behalf under data processing agreements.

4.3 Legal Requirements

We may disclose your information if required by law, subpoena, court order, or government request. We may also disclose information to protect our rights, prevent fraud, or ensure user safety.

Regarding encrypted data: If compelled by law to produce chat data, we can only provide the encrypted blobs stored on our servers. We cannot decrypt them. We will notify you of such requests unless prohibited by law.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred to the acquiring entity.

4.5 No Sale of Data

We do not sell, rent, or trade your personal information to third parties for marketing or advertising purposes.

5. Data Retention

5. Data Retention

5.1 Account Data

We retain your account data for as long as your account is active and your subscription is current.

5.2 Payment Records

Transaction records are retained for 7 years for tax and accounting compliance.

5.3 Encrypted Chat Data

Encrypted chat data is retained until you delete individual chats or your account. Upon account deletion, all encrypted data is permanently deleted within 30 days.

5.4 IP Addresses

IP address logs are retained for 90 days, then deleted.

5.5 Account Deletion

When you delete your account:

  • Encrypted chat data is permanently deleted (we cannot export it for you)
  • Library content (characters, presets, etc.) is deleted
  • Forks of your content in other users' libraries remain, with attribution anonymized
  • Group chat messages are anonymized
  • Payment records are retained as required by law
  • Anonymized usage data is retained
6. Your Rights

6. Your Rights

6.1 Access and Export

You have the right to access and export your data. You can export your Library content (characters, presets, lorebooks, etc.) through the Service's export features. Encrypted chat data can only be accessed on your device with your Recovery Phrase.

6.2 Correction

You can update your account information at any time through the Service.

6.3 Deletion

You can delete your account by emailing boxoffice@rolecallstudios.com. See Section 5.5 for what happens to your data upon deletion.

6.4 Portability

You can export your content in standard formats (JSON, PNG) through the Service's export features.

6.5 Objection

You can object to certain processing activities by contacting us. We will review your request and respond within 30 days.

6.6 GDPR (European Users)

If you are in the European Economic Area, you have additional rights under the General Data Protection Regulation, including the right to lodge a complaint with your local data protection authority. Our legal basis for processing your data is:

  • Contractual necessity — to provide the Service you subscribed to
  • Legitimate interest — to improve the Service and prevent abuse
  • Consent — for optional features like marketing emails

6.7 CCPA (California Residents)

California residents have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information.

7. Security

7. Security

We implement industry-standard security measures to protect your data, including:

  • HTTPS encryption for all data in transit
  • AES-256-GCM end-to-end encryption for chat messages and API keys
  • Secure authentication via third-party OAuth providers (Google, Discord, GitHub)
  • Row-level security policies on our database
  • Regular security audits
  • Rate limiting on API endpoints
  • BIP39-standard key derivation for encryption keys

Your encrypted data is protected even in the event of a server breach. An attacker who gains access to our database would only see encrypted blobs that cannot be decrypted without your Recovery Phrase.

8. Children

8. Children

RoleCall is not intended for anyone under 18 years of age. We do not knowingly collect personal information from minors. If we discover that a minor has created an account, we will terminate the account immediately.

9. International Data Transfers

9. International Data Transfers

Our servers are located in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer.

10. Cookies

10. Cookies

We use cookies for:

  • Authentication — Maintaining your login session
  • Preferences — Storing your UI preferences (accent color, layout settings)
  • Security — Detecting abuse and preventing unauthorized access

We do not use advertising or tracking cookies. See our Cookie Policy for full details.

11. Changes to This Policy

11. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you by email and provide at least 30 days notice. Non-material changes are effective immediately upon posting.

12. Contact

12. Contact

For questions about this Privacy Policy, data requests, or privacy concerns:

Email: boxoffice@rolecallstudios.com

End of Privacy Policy