Privacy policy

Rollcall is an 18+ service. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us data, contact privacy@rollcall.app and we will remove it.

• Account info: email, date of birth, gender, display name, handle, belt rank, years of training, gi preference.
• Profile content: bio, prompts, photos, gym affiliations, intent flags, training sessions.
• Communications: messages you send through Rollcall DMs, drilling intros, posts, comments, and reports.
• Usage: product events (PostHog), error reports (Sentry), and IP + user-agent metadata captured when you sign in.

• To run the product (matching, feed, training log, gym affiliations, messaging).
• To send transactional emails (sign-in codes, security alerts) and, when you opt in, engagement emails.
• To detect abuse, enforce our terms, and respond to legal requests.
• We do not sell your data.

We rely on the following service providers to run Rollcall. Each has its own privacy policy. They access only the data necessary for their function and act on our instructions.

• Supabase — application database, authentication, file storage.
• Vercel — application hosting and request routing.
• Resend — transactional email delivery.
• Google Cloud Vision — automated photo content moderation.
• Google Identity (OAuth) — sign-in only if you choose “Continue with Google.”
• Google Maps Places — gym search during onboarding.
• Sentry — error monitoring.
• PostHog — product analytics.

Rollcall's infrastructure is hosted in the United States. If you access the product from outside the US, your data will be transferred to and processed in the US.

Photos pass an automated SafeSearch check on upload. Flagged photos may be reviewed by staff before they become visible. Photos depicting minors are prohibited; suspected child-sexual- abuse material is reported to NCMEC and to law enforcement as required by US law.

You can, at any time:

• Edit or remove most profile content directly in Settings.
• Export your data via Settings → Account → Export (rate-limited to one export per 24 hours).
• Delete your account in Settings → Account. We hide your profile immediately and permanently erase your data 30 days later. Signing back in within 30 days restores the account.
• Email privacy@rollcall.app for any other request, including correction or data-access questions.

EU/UK and California residents have additional rights under GDPR / CCPA respectively. Email privacy@rollcall.app to exercise them.

We retain your data while your account is active. After deletion, we permanently erase it within 30 days, except where we are legally required to retain certain records (for example, CSAM reports preserved for law-enforcement cooperation). Anonymised analytics events may persist beyond account deletion.

We use a small number of strictly-necessary cookies (sign-in session, routing-state cache, security tokens) and, if configured, product-analytics cookies via PostHog. We do not run advertising trackers.

If we materially change this policy, we will notify you by email or in-product banner before the change takes effect. Continued use of Rollcall after a change constitutes acceptance of the updated policy.

privacy@rollcall.app