Privacy Policy

Effective Date: April 1, 2026

Roll Call ("Service") is operated by The Floor Is Lava ("we," "us," or "our"). This Privacy Policy explains how we collect, use, store, and protect your information when you use Roll Call.

1. Information We Collect

a. Account Information

When you sign in through a third-party authentication provider (Google, Apple, Microsoft, or Discord), we receive and store:

  • Your name (first and last)
  • Your email address
  • Your authentication provider and unique identifier

We do not store passwords. Authentication is handled entirely by your chosen provider.

b. Profile and Preference Data

You may provide additional information, including:

  • Time zone and locale preferences
  • Scheduling boundary times (earliest/latest availability)
  • Custom daily schedules

c. Availability and Scheduling Data

To provide our core scheduling features, we collect:

  • Weekly availability rules (days and time ranges you are free)
  • Availability exceptions (specific dates/times you are unavailable)
  • RSVP responses to proposed game sessions
  • Scheduling round responses (available, if need be, unavailable)

d. Calendar Data

If you choose to connect your calendar (e.g., Google Calendar), we access your calendar events in read-only mode for a rolling 90-day window. We store:

  • Event start and end times
  • Whether the event is all-day
  • Event status (e.g., confirmed, cancelled); free/transparent events are excluded
  • Event summaries (encrypted at rest)

Important: Calendar event details are used by our scheduling engine to determine your availability and are displayed back to you (the calendar owner) within the Service so you can review your own busy times. Your calendar data is never displayed to other users, including game masters or fellow players. Only your resulting free/busy status is used in scheduling calculations visible to your group.

Roll Call's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

e. Discord Data

If you connect your campaign to a Discord server via the Roll Call bot, we collect and store:

  • Discord server (guild) ID and name
  • Discord channel ID and name for the linked channel
  • Your Discord user ID (for sending direct message notifications)

This data is used solely to deliver scheduling notifications to your Discord server and direct messages. We do not read or store Discord message content, server member lists, or any data beyond what is listed above.

Revoking access: You can disconnect Discord from your campaign at any time via the campaign settings page. You can also unlink your Discord account from your Roll Call profile. When disconnected, we stop sending Discord notifications and delete the associated link data.

f. Campaign Data

When you create or join campaigns, we store:

  • Campaign names, descriptions, and gaming system details
  • Your role (game master or player)
  • Campaign membership and invitation history
  • Campaign blackout dates and scheduling preferences

g. Technical Data

We automatically collect standard technical data, including:

  • Browser type and version
  • IP address
  • Pages visited and actions taken within the Service
  • Cookies and session identifiers

2. How We Use Your Information

We use your information to:

  • Provide the Service: Authenticate your identity, manage campaigns, calculate group availability, and propose game sessions
  • Sync calendars: Fetch and process your calendar events to automatically update your availability
  • Communicate with you: Send scheduling notifications, RSVP reminders, and service-related announcements
  • Improve the Service: Analyze usage patterns to fix bugs and enhance features
  • Ensure security: Detect and prevent fraud, abuse, or unauthorized access

3. How We Share Your Information

We do not sell your personal information. We share data only in the following circumstances:

  • With your gaming group: Your name and free/busy availability are visible to members of campaigns you join. Your calendar event details are never shared.
  • Third-party authentication providers: We exchange tokens with Google, Apple, and Microsoft for sign-in and calendar access. We do not share your Roll Call data back to these providers.
  • Service providers: We may use third-party services for hosting, analytics, and email delivery that process data on our behalf under contractual obligations to protect it.
  • Legal requirements: We may disclose information if required by law, legal process, or government request.

4. Data Security

We take reasonable measures to protect your data, including:

  • Encrypting OAuth tokens and calendar data at rest
  • Using HTTPS for all data in transit
  • Secure, HTTP-only session cookies
  • CSRF protection on all forms and actions

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Calendar events are synced on a rolling 90-day window; only events within that window are fetched during each sync.

If you delete your account, your personal information (name, email, avatar, scheduling preferences, calendar data, and login credentials) is removed immediately. Anonymous, non-identifying records (such as campaign membership and session attendance history) are retained to preserve the integrity of campaign records for other members.

6. Cookies

Roll Call uses cookies solely for essential, functional purposes:

  • Session management: To keep you signed in and maintain your session state
  • CSRF protection: To protect against cross-site request forgery

We do not use third-party advertising or tracking cookies. Our analytics provider (Plausible) is fully cookieless and does not track individual users. Because Roll Call uses only strictly necessary cookies, no cookie consent banner is required under GDPR, ePrivacy, or similar regulations.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Delete your account and associated personal data directly from your Profile page
  • Revoke calendar access at any time through your OAuth provider's settings
  • Object to or restrict certain processing of your data

To exercise any of these rights, you can use the self-service options in your account settings or contact us at [email protected].

8. Children's Privacy

Roll Call is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly. If you believe a child under 13 has provided us with personal information, please contact us.

9. Third-Party Links and Services

The Service may contain links to third-party websites or integrate with third-party services (e.g., Google Calendar). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

10. International Users

Roll Call is operated from the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on this page with a new effective date. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us at:

The Floor Is Lava
[email protected]