Roll for Company
Sign inRegister

Privacy Policy

Last updated: 11 March 2026

Draft pending legal review. This page is under review by our solicitor ahead of our payments launch. Wording may change.

Roll for Company is committed to protecting your privacy. This policy explains what personal data we collect, why we collect it, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who We Are

Roll for Company is a trading name of Engine House Solutions Ltd, registered in England and Wales (Company No. 09880979). References to "Roll for Company", "we", "us", or "our" in this policy refer to Engine House Solutions Ltd.

Roll for Company operates the website rollforcompany.com, a community platform for board game and tabletop RPG enthusiasts. For the purposes of data protection law, we are the data controller.

If you have any questions about this policy or how we handle your data, please contact us at: Email: privacy@rollforcompany.com

What Data We Collect and Why

We only collect personal data that is necessary for the platform to function and to provide you with a good experience. We do not collect data speculatively or "just in case".

Account Registration

When you create an account, we collect:

  • Your username or display name
  • Your email address
  • Your password (stored as a one-way hash: we never see or store your actual password)
  • Your general location (e.g. town or city), if you choose to provide it, to help match you with nearby groups and events

Why: To create and manage your account, and to provide location-relevant features such as local group discovery and session finders.

Legal basis: Performance of a contract (Article 6(1)(b) UK GDPR).

Community Features

When you use community features such as joining or creating local groups, listing games in your library, or organising or signing up to events, we collect:

  • Content you post (group descriptions, game listings, event details, messages)
  • Your participation records (groups joined, events attended)
  • Communications between members sent through the platform

Why: To operate the core features of the platform.

Legal basis: Performance of a contract (Article 6(1)(b) UK GDPR).

Communications With Us

If you contact us directly (e.g. via a support request or feedback form), we will retain those communications and any contact details you provide.

Why: To respond to you and keep a record of our correspondence.

Legal basis: Legitimate interests (Article 6(1)(f) UK GDPR).

Technical Data

When you use the site, we automatically collect certain technical information:

  • IP address
  • Browser type and version
  • Device type
  • Pages visited and time spent on them
  • Referring URL

Why: To keep the site secure, diagnose technical issues, and understand how the platform is being used so we can improve it.

Legal basis: Legitimate interests (Article 6(1)(f) UK GDPR).

What We Do Not Collect

  • We do not collect payment card details (any payments are handled by a third-party processor who is the data controller for that information).
  • We do not build advertising profiles or sell your data to third parties.
  • We do not collect sensitive personal data (such as health information or political views) unless you choose to include it in your own profile or posts, in which case you do so voluntarily.

How Long We Keep Your Data

We keep your data only for as long as necessary.

DataRetention period
Account dataFor the lifetime of your account, plus 30 days after deletion to allow recovery
Community content (posts, listings, events)Retained while your account is active; deleted within 30 days of account deletion unless other members' data is intertwined (e.g. group history)
Technical/log dataUp to 90 days
Support correspondenceUp to 2 years

Who We Share Your Data With

We do not sell or rent your data. We may share limited data with:

  • Hosting and infrastructure providers: to run the platform (e.g. cloud hosting, databases). These providers act as data processors and are contractually required to handle your data securely and only as we instruct.
  • Analytics tools: we may use privacy-respecting analytics to understand site usage. Where we do, we ensure data is anonymised or pseudonymised.
  • Legal obligation: if required to do so by law or a regulatory authority.

We will never share your data with advertisers or data brokers.

Moderator Access (Support & Investigations)

Roll for Company site administrators have limited ability to view account information to help resolve user-reported issues, investigate suspected policy violations, and keep the platform safe.

  • Public information (public profile, group memberships, public event RSVPs) may be viewed by administrators as part of normal moderation. Any such view is logged.
  • Private information (direct messages, payment details, private event RSVPs, contact details, and precise location) is only accessible to an administrator if you grant consent via an in-app request, which lasts a maximum of 24 hours and which you can revoke at any time from your privacy settings.
  • Reported messages: when you or another user formally reports a message through the in-product reporting flow, a moderator may review that specific message without separate consent as part of the investigation. Neither party is notified of the review during the investigation, to protect user safety.

All moderator access is recorded in an internal audit log. You can request a copy of the log entries relating to your account by emailing support@rollforcompany.com.

Cookies

We use cookies to keep you logged in and to remember your preferences. We do not use third-party advertising cookies.

Your Rights

Under UK GDPR, you have the following rights:

  • Access: you canrequest a copy of the personal data we hold about you.
  • Rectification: you canask us to correct inaccurate or incomplete data.
  • Erasure: you canask us to delete your data (the "right to be forgotten"), subject to certain legal exceptions.
  • Restriction: you canask us to restrict how we process your data in certain circumstances.
  • Portability: you canrequest your data in a structured, machine-readable format.
  • Objection: you canobject to processing based on legitimate interests.
  • Withdraw consent: where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, email us at privacy@rollforcompany.com. We will respond within one calendar month.

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the UK's data protection regulator:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113

Data Security

We take reasonable technical and organisational measures to protect your data against unauthorised access, loss, or disclosure. These include encrypted connections (HTTPS), hashed passwords, and access controls limiting who on our team can view personal data.

No system is completely secure. If you believe your account has been compromised, please contact us immediately.

Children

Roll for Company is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with their data, please contact us and we will delete it promptly.

Changes to This Policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, where the changes are significant, notify you by email or via a notice on the site.