Privacy Policy

Last Updated: May 2026

1. Controller and Contact

The controller of personal data processed through RollCall within the meaning of Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR") is:

• Godó Máté Károly (egyéni vállalkozó)
• Registered seat: 1119 Budapest, Etele út 69. 3. em. 25. ajtó, Hungary
• EV nyilvántartási szám: 61951606
• Tax ID (adószám): 91813158-1-43
• Contact: admin@rollcall.games

For any privacy question, request, or complaint, write to admin@rollcall.games. We are a small operation and do not have a designated Data Protection Officer; the controller responds personally.

2. Scope

This Privacy Policy describes what personal data we collect when you use the RollCall mobile application, why we collect it, who we share it with, how long we keep it, and what rights you have. It applies to the RollCall app on iOS and Android, the backend at backend.rollcall.games, and related email communications.

It does not cover services that you reach through RollCall but that are operated by third parties (for example, the Apple App Store, the Google Play Store, or external links posted by other users). Those services have their own privacy policies.

3. Information We Collect

3.1 Information you provide when you register

• Email address
• Username
• Password (stored only as a bcrypt hash; we never see your password in plain text)
• Display name (optional; defaults to your username)
• Confirmation that you are 18 or older and accept the Terms of Service and this Privacy Policy

3.2 Information you provide when you set up your profile

• Avatar image (you choose it from your photo library)
• Bio text (free-form, up to 500 characters)
• Game preferences (genres and experience level)
• Approximate location (city, with the latitude/longitude of that city, used to surface nearby sessions)
• Privacy settings (who can DM you, whether your online status and read receipts are visible, whether profile is restricted to followers, whether analytics are off)

3.3 Information you generate by using the service

• Game sessions you host (title, description, schedule, address, latitude/longitude for in-person sessions, online platform name for online sessions, age rating, content warnings)
• Sessions you join, ratings you give and receive, comments on those ratings
• Groups you own or join, group invitations
• Direct messages and group messages, message reactions, read receipts
• Follows, blocks, saved searches, in-app notifications
• Reports you submit about other users or content, and reports submitted about you
• Support tickets you open, including the messages and any attachments inside them

3.4 Information from sign-in providers

If you sign in with Apple or with Google, we receive from that provider: a stable user identifier, your email, and on first sign-in your name. We do not receive your provider password. Apple may redact your email behind a private relay address; if so, we store the relayed address and email reaches you through Apple.

3.5 Information collected automatically

• Device push notification token (Expo push token), so we can deliver notifications
• Platform (iOS or Android) and app version, for compatibility and debugging
• Last-active timestamp, used to show online status (you can turn this off)
• IP address and basic request metadata (method, path, status, latency) for our API request log
• Crash and error reports (stack traces, app state at the time of the crash) sent to our error-tracking system; authorization headers and cookies are removed before transmission

3.6 Information you provide if you subscribe to Pro

Payments for RollCall Pro are processed by Apple (App Store) or Google (Play Store) and handed to a subscription manager, RevenueCat, on our behalf. We never see your card number, billing address, or other payment credentials. We receive only your subscription status (active, expired, in grace period) and an opaque RevenueCat customer identifier linked to your RollCall user ID.

3.7 What we do NOT collect

• We do not use analytics SDKs such as Google Analytics, Mixpanel, Amplitude, Segment, PostHog, or Facebook SDK.
• We do not collect your advertising identifier (IDFA / Android Advertising ID).
• We do not collect your contacts, calendar entries, photos other than the avatar/attachment you explicitly pick, or microphone input.
• We do not sell your personal data, ever.

4. Purposes and Legal Bases (GDPR Article 6)

We process each category of data only for a specific purpose, on one of the following legal bases:

• Performance of a contract (Art. 6(1)(b)) — to run your account, log you in, show you sessions, deliver messages and notifications, host the groups and sessions you create, process Pro subscription state, and respond to support tickets. Without this data the service cannot function.
• Consent (Art. 6(1)(a)) — for push notifications, photo-library access, calendar access, and precise location, all of which you grant or deny via the operating system permission prompt. You can withdraw consent in your device settings at any time.
• Legitimate interests (Art. 6(1)(f)) — to detect and prevent abuse (rate-limit logs, IP logging, crash reports), to protect users from harassment and illegal content (reports, blocks, moderation), and to defend or pursue legal claims. We balance these interests against your rights and stop processing if your interest prevails (see §11).
• Legal obligation (Art. 6(1)(c)) — to keep moderation decisions, statements of reasons, appeals, and admin audit logs, as required by the EU Digital Services Act (Regulation (EU) 2022/2065), and to respond to lawful requests from competent authorities.

5. Location Data

RollCall is designed to help you find tabletop game sessions in your area. To do this we use approximate location, not continuous GPS tracking.

• You enter a city or grant the foreground-location permission once; the app resolves it to a latitude/longitude through the free OpenStreetMap Nominatim geocoder.
• Those coordinates are stored on your profile so we can compute distance to sessions. They are only shown on your own profile view; other users see at most the city or distance, never the precise coordinates.
• If you host an in-person session, the address and coordinates you enter for that session are visible to participants once they are confirmed, so they can find the venue.
• The app does not run any background location service and does not track your movement.
• You can disable location at any time in your device settings. The app will continue to work, but distance and "nearby" features will be unavailable.

6. Children

RollCall is for adults only. You must be at least 18 years old to register. We do not knowingly collect personal data from anyone under 18. If you are a parent or guardian and you believe your child has created an account, contact admin@rollcall.games and we will delete it.

7. Recipients and Processors

We share personal data only with the people and processors listed below, and only to the extent needed for the stated purpose.

7.1 Other users

Your username, display name, avatar, bio, game preferences, sessions you host, ratings you give and receive, and any messages or group posts you send are visible to other users in the way you intend (publicly on your profile, to session participants, or to specific recipients of a DM). Privacy settings you choose in the app (followers-only, hide online status, no DMs from strangers) restrict this visibility.

7.2 Hosting and infrastructure

• Hetzner Online GmbH (Germany, EU) — runs the virtual machines that host the backend, the PostgreSQL database, and the Redis cache. All of your account data sits at rest here.
• Cloudflare, Inc. (USA) — provides DNS and TLS termination for backend.rollcall.games. Cloudflare sees request metadata (IP, URL, headers) as traffic passes through it.

7.3 Communications

• An SMTP email provider configured by the controller — sends transactional emails such as account verification, password reset, account-deletion confirmation, data exports, and moderation notices. Recipient address, subject and body of those emails are visible to the provider in transit.
• Expo (650 Industries, Inc., USA) — relays push notifications. We pass Expo your push token plus the title, body, and small JSON payload of each notification. Sensitive content is kept to a minimum (for example, "New message from @alice" rather than the message text).

7.4 Sign-in providers

• Apple Inc. — if you sign in with Apple.
• Google LLC — if you sign in with Google.

These providers receive only what is needed to complete the sign-in handshake (their own user ID and a redirect back to the app). They do not receive your activity inside RollCall.

7.5 Payments

• Apple Inc. (App Store, iOS) or Google LLC (Play Store, Android) — processes the payment itself. We never see card details.
• RevenueCat, Inc. (USA) — manages subscription state on our behalf. RevenueCat receives an opaque ID linked to your RollCall user ID and the store receipt; it returns to us whether your subscription is active.

7.6 Error tracking

We operate a self-hosted GlitchTip (Sentry-compatible) instance for crash and error reports. Authorization headers and cookies are stripped before transmission. The reports include stack traces and the state of the request that failed; we do not tag them with your user identity.

7.7 Law enforcement and authorities

We disclose personal data to law enforcement, regulators, courts, or other competent authorities only when we have a legal obligation to do so (for example, in response to a valid order or in compliance with the Digital Services Act), and we tell the affected user where lawful.

8. International Transfers

Personal data at rest (your account, profile, sessions, messages) is stored on servers in the European Union. Some of the processors listed in §7 are based outside the EU:

• Cloudflare, Expo, RevenueCat, Apple, and Google are based in the United States.

Transfers to these processors rely on the European Commission's adequacy decision for the EU–U.S. Data Privacy Framework where the recipient is certified, or on Standard Contractual Clauses (SCCs) under Article 46 GDPR where it is not. You can request a copy of the relevant transfer safeguards by emailing admin@rollcall.games.

9. Retention

We keep personal data only as long as needed for the purpose we collected it.

• Account and profile data — kept while your account exists. Deleted when you delete your account (see §11).
• Direct messages and group messages — kept until you delete them or your account. After account deletion they remain visible to the other party with your name replaced by "Deleted user", per the Terms of Service §9.7.
• Sessions and groups you host — kept until you close or delete them. Closed entities enter a 3-day read-only window so members can copy information out, then are permanently deleted.
• Support tickets — resolved or closed tickets are hard-deleted 90 days after closure, including attachments.
• API request logs (IP, path, status, latency) — kept for 30 days, then automatically deleted.
• Refresh tokens in Redis — automatically expire after 7 days of inactivity.
• Crash and error reports — kept for as long as needed to diagnose the issue, typically up to 90 days.
• Moderation decisions, statements of reasons, and appeals — kept permanently. This is required by Article 17 of the Digital Services Act so that the action and its justification remain auditable. When the target user deletes their account, identifiers are replaced by a snapshot (email and username at the time of the action) and the underlying user record is hard-deleted.
• Admin audit logs and admin login events — kept permanently for security and compliance.
• Username — after account deletion, your username is reserved against reuse so that other people cannot impersonate you.

10. Security

We protect your personal data with measures appropriate to the risk, including:

• HTTPS / TLS for all traffic between the app and the backend
• Passwords stored only as bcrypt hashes, never in plain text
• Access tokens stored on-device in the platform secure store (iOS Keychain, Android Keystore)
• Refresh tokens scoped per device and rotated, with immediate revocation on account deletion
• Optional two-factor authentication (TOTP) with bcrypt-hashed recovery codes
• Rate limiting and request logging to detect abuse
• Authorization headers and cookies removed from crash reports before they leave the device

No system is perfectly secure. If a personal data breach affecting your data occurs and is likely to result in a risk to your rights and freedoms, we will notify the Hungarian supervisory authority (NAIH) within 72 hours and notify affected users without undue delay, as required by Articles 33 and 34 GDPR.

11. Your Rights

Under the GDPR you have the following rights:

• Access (Art. 15) — get a copy of the personal data we hold about you. Use Settings → Danger Zone → Export My Data; the export is delivered as JSON, CSV, or HTML by email.
• Rectification (Art. 16) — correct inaccurate data. Most fields are editable in Settings → Edit Profile; if you can't change something in-app, email us.
• Erasure (Art. 17) — delete your account and personal data. Use Settings → Danger Zone → Delete Account, or email us. Note the limits listed in §9 for moderation logs and the messages-to-others rule.
• Restriction (Art. 18) — ask us to stop processing while a dispute is resolved.
• Portability (Art. 20) — receive your data in a structured, commonly used, machine-readable format. The JSON export satisfies this.
• Object (Art. 21) — object to processing that relies on our legitimate interests (§4). We will stop unless we have an overriding lawful ground.
• Withdraw consent (Art. 7(3)) — turn off push notifications, location, or other permissions in your device settings at any time; withdrawal does not affect processing that already happened.
• Not be subject to solely automated decisions (Art. 22) — we do not make decisions about you solely by automated means that produce legal or similarly significant effects. Moderation decisions are made by a human reviewer.
• Lodge a complaint (Art. 77) — with the Hungarian Data Protection Authority, Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH), naih.hu, or with the supervisory authority of your EU country of residence.

To exercise any of these rights, use the in-app controls where available, or write to admin@rollcall.games. We respond within one month under Article 12(3) GDPR, and may extend by two further months for complex requests after telling you.

If you reside in California or another jurisdiction outside the EU/EEA, you may have additional or different rights under local law (for example, the California Consumer Privacy Act). We honour those requests on the same channel.

12. Local Storage on Your Device

RollCall is a mobile app, not a website, so we do not set web cookies. The app does store small amounts of data on your device:

• Authentication tokens — kept in the platform secure store (Keychain on iOS, Keystore on Android).
• Cached notifications and an onboarding-completed flag — kept in standard app storage.

All of this data is removed when you uninstall the app or log out.

13. Moderation and DSA Processing

When you report another user or piece of content, or when a moderator takes action on your account, we process the data needed to fulfil our obligations under the EU Digital Services Act (Regulation (EU) 2022/2065).

• Reports you file — your user ID, the user or content you reported, your reason, and any description, kept so we can review the report and use it as evidence in a possible action.
• Moderation actions against your account — kind (warning, suspension, ban, content removal, reversal), reason category, statement of reasons, legal basis, evidence, duration. You receive a copy via in-app and push notification. You can see your full moderation history in the app.
• Appeals you submit — your message, the action you appeal, the decision and decision text — kept linked to the moderation action.

Moderation records are kept permanently in order to comply with DSA Article 17 (statement of reasons) and Article 20 (internal complaint handling). When you delete your account, identifiers in those records are replaced with a snapshot of your email and username at the time of the action; the underlying personal data is otherwise removed.

14. Changes to this Policy

We may update this Privacy Policy from time to time, for example to reflect new processors or new features. Material changes will be announced in-app or by email at least 14 days before they take effect. The "Last Updated" date at the top of this page always shows when the current version came into force.

15. Contact

For any privacy question, request, or complaint, including the rights listed in §11, please contact us at:

admin@rollcall.games

Operator details are listed in §1 above. If you are not satisfied with our response, you have the right to lodge a complaint with the Hungarian Data Protection Authority (NAIH, naih.hu) or with the supervisory authority of your EU country of residence.