Privacy Policy

Effective Date: May 20, 2026

Roll Call ("Service") is operated by The Floor Is Lava ("we," "us," or "our"). This Privacy Policy explains how we collect, use, store, and protect your information when you use Roll Call.

1. Information We Collect

a. Account Information

When you sign in through a third-party authentication provider (Google, Apple, Microsoft, or Discord), we receive and store:

  • Your name (first and last)
  • Your email address
  • Your authentication provider and unique identifier

We do not store passwords. Authentication is handled entirely by your chosen provider.

b. Profile and Preference Data

You may provide additional information, including:

  • Time zone and locale preferences
  • Scheduling boundary times (earliest/latest availability)
  • Custom daily schedules

c. Availability and Scheduling Data

To provide our core scheduling features, we collect:

  • Weekly availability rules (days and time ranges you are free)
  • Availability exceptions (specific dates/times you are unavailable)
  • RSVP responses to proposed game sessions
  • Scheduling round responses (available, if need be, unavailable)

d. Calendar Data

If you choose to connect your calendar (e.g., Google Calendar, Microsoft Outlook, or Apple iCloud), Roll Call accesses your calendar in two distinct ways:

Reading your existing events (availability detection). We read events from your existing calendars within a rolling 90-day forward window so our scheduling engine can determine when you are busy. From each event we store:

  • Event start and end times
  • Whether the event is all-day
  • Event status (e.g., confirmed, cancelled); cancelled events are excluded, and events the provider marks as not blocking your time (free/transparent on Google and Apple; reminderless events tagged "transparent" on Microsoft) are excluded
  • Event summaries (encrypted at rest)
  • The original event payload returned by the provider (encrypted at rest), retained so we can detect which events have changed between syncs and avoid rewriting unchanged records

How calendar data is purged. Roll Call actively minimizes how long your calendar data is retained:

  • Events that move into the past: A daily job deletes calendar events whose end time is more than 7 days in the past, along with the availability records derived from them. Past events serve no scheduling purpose and are not retained.
  • Events you delete or move: On every sync, any event that was previously inside the 90-day window but is no longer present in your source calendar is deleted from our database immediately.
  • When you disconnect a calendar: All calendar events and derived availability records for that provider are deleted from our database in a single transaction at the moment you click Disconnect.
  • When you delete your account: All calendar events, all calendar-sourced availability records, and all calendar connection records are deleted in the same transaction that anonymizes your account — not at some later batch time.

Writing Roll Call session events (calendar write-back). When you RSVP to a proposed game session, Roll Call creates, updates, or deletes the corresponding event on a dedicated "Roll Call" calendar inside your account. The Service creates this calendar automatically; if you already have a calendar named "Roll Call" in your account, the Service will reuse it rather than create a duplicate. Roll Call only ever writes to, modifies, or deletes events on this Roll Call calendar. We never create, modify, or delete events on your personal calendars or any other calendar in your account.

Privacy of your event details. Event details read from your existing calendars are used by our scheduling engine to determine your availability and are displayed back only to you (the calendar owner) within the Service so you can review your own busy times. Your calendar event details are never displayed to other users, including game masters or fellow players. Only your resulting free/busy status is used in scheduling calculations visible to your group.

Google API scopes. When you connect Google Calendar, we request the minimum scopes needed for the features above:

  • https://www.googleapis.com/auth/calendar.readonly — to read free/busy times across your calendars for availability detection
  • https://www.googleapis.com/auth/calendar.events — to create, update, and delete Roll Call session events on the Roll Call calendar
  • https://www.googleapis.com/auth/calendar.calendars — to create the dedicated Roll Call calendar so writes are isolated from your personal calendars

You can revoke these permissions at any time from your Google Account permissions page.

Roll Call's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, Roll Call does not use Google user data for serving advertisements; does not transfer Google user data to third parties except as necessary to provide or improve the Service, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users; does not allow humans to read Google user data unless we have your affirmative consent for specific messages, are doing so for security purposes (such as investigating abuse), or are required to do so to comply with applicable law; and does not use Google user data to develop, improve, or train generalized or non-personalized AI or machine learning models.

e. Discord Data

If you connect your campaign to a Discord server via the Roll Call bot, we collect and store:

  • Discord server (guild) ID and name
  • Discord channel ID and name for the linked channel
  • Your Discord user ID (for sending direct message notifications)

This data is used solely to deliver scheduling notifications to your Discord server and direct messages. We do not read or store Discord message content, server member lists, or any data beyond what is listed above.

Revoking access: You can disconnect Discord from your campaign at any time via the campaign settings page. You can also unlink your Discord account from your Roll Call profile. When disconnected, we stop sending Discord notifications and delete the associated link data.

f. Campaign Data

When you create or join campaigns, we store:

  • Campaign names, descriptions, and gaming system details
  • Your role (game master or player)
  • Campaign membership and invitation history
  • Campaign blackout dates and scheduling preferences

g. Technical Data

We automatically collect standard technical data, including:

  • Browser type and version
  • IP address
  • Pages visited and actions taken within the Service
  • Cookies and session identifiers

2. How We Use Your Information

We use your information to:

  • Provide the Service: Authenticate your identity, manage campaigns, calculate group availability, and propose game sessions
  • Sync calendars: Fetch and process your calendar events to automatically update your availability
  • Communicate with you: Send scheduling notifications, RSVP reminders, and service-related announcements
  • Improve the Service: Analyze usage patterns to fix bugs and enhance features
  • Ensure security: Detect and prevent fraud, abuse, or unauthorized access

3. How We Share Your Information

We do not sell your personal information, and we do not transfer your information to data brokers or to third parties for advertising, retargeting, credit assessment, or interest-based purposes. We do not use your information — including calendar data received from Google, Microsoft, or Apple — to train generalized or non-personalized AI or machine learning models. We share data only in the following circumstances:

  • With your gaming group: Your name and free/busy availability are visible to members of campaigns you join. Your calendar event details are never shared.
  • Third-party authentication providers: We exchange tokens with Google, Apple, and Microsoft for sign-in and calendar access. We do not share your Roll Call data back to these providers.
  • Service providers: We may use third-party services for hosting, analytics, and email delivery that process data on our behalf under contractual obligations to protect it and to use it solely to provide the requested service.
  • Legal requirements: We may disclose information if required by law, legal process, or government request.

4. Data Security

We take reasonable measures to protect your data, including:

  • Encrypting OAuth tokens and calendar data at rest
  • Using HTTPS for all data in transit
  • Secure, HTTP-only session cookies
  • CSRF protection on all forms and actions

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5. Data Retention

We retain your data only as long as needed to provide the Service. Calendar data is held to the additional minimization rules described in ยง1(d): events are synced on a rolling 90-day forward window, past events are purged by a daily job after a 7-day grace period, and events you delete or move out of the window are purged on the next sync.

If you delete your account, the following data is removed immediately in the same database transaction that anonymizes your account: name, email, avatar, phone number, login credentials, push subscriptions, all calendar events, all calendar-sourced availability records, and all calendar connection records. Anonymous, non-identifying records (such as campaign membership and session attendance history) are retained to preserve the integrity of campaign records for other members.

6. Cookies

Roll Call uses cookies solely for essential, functional purposes:

  • Session management: To keep you signed in and maintain your session state
  • CSRF protection: To protect against cross-site request forgery

We do not use third-party advertising or tracking cookies. Our analytics provider (Plausible) is fully cookieless and does not track individual users. Because Roll Call uses only strictly necessary cookies, no cookie consent banner is required under GDPR, ePrivacy, or similar regulations.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Delete your account and associated personal data directly from your Profile page
  • Revoke calendar access at any time through your OAuth provider's settings
  • Object to or restrict certain processing of your data

To exercise any of these rights, you can use the self-service options in your account settings or contact us at [email protected].

8. Children's Privacy

Roll Call is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly. If you believe a child under 13 has provided us with personal information, please contact us.

9. Third-Party Links and Services

The Service may contain links to third-party websites or integrate with third-party services (e.g., Google Calendar). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

10. International Users

Roll Call is operated from Canada. If you access the Service from outside of Canada, your information may be transferred to and processed in Canada, where data protection laws may differ from those in your jurisdiction.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on this page with a new effective date. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us at:

The Floor Is Lava
[email protected]