Privacy Policy
Last updated: 11 March 2026
Roll for Company is committed to protecting your privacy. This policy explains what personal data we collect, why we collect it, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Who We Are
Roll for Company is a trading name of Engine House Solutions Ltd, registered in England and Wales (Company No. 09880979). References to "Roll for Company", "we", "us", or "our" in this policy refer to Engine House Solutions Ltd.
Roll for Company operates the website rollforcompany.com, a community platform for board game and tabletop RPG enthusiasts. For the purposes of data protection law, we are the data controller.
If you have any questions about this policy or how we handle your data, please contact us at: Email: privacy@rollforcompany.com
What Data We Collect and Why
We only collect personal data that is necessary for the platform to function and to provide you with a good experience. We do not collect data speculatively or "just in case".
Account Registration
When you create an account, we collect:
- Your username or display name
- Your email address
- Your password (stored as a one-way hash: we never see or store your actual password)
- Your general location (e.g. town or city), if you choose to provide it, to help match you with nearby groups and events
Why: To create and manage your account, and to provide location-relevant features such as local group discovery and session finders.
Legal basis: Performance of a contract (Article 6(1)(b) UK GDPR).
Community Features
When you use community features such as joining or creating local groups, listing games in your library, or organising or signing up to events, we collect:
- Content you post (group descriptions, game listings, event details, messages)
- Your participation records (groups joined, events attended)
- Communications between members sent through the platform
Why: To operate the core features of the platform.
Legal basis: Performance of a contract (Article 6(1)(b) UK GDPR).
Communications With Us
If you contact us directly (e.g. via a support request or feedback form), we will retain those communications and any contact details you provide.
Why: To respond to you and keep a record of our correspondence.
Legal basis: Legitimate interests (Article 6(1)(f) UK GDPR).
Technical Data
When you use the site, we automatically collect certain technical information:
- IP address
- Browser type and version
- Device type
- Pages visited and time spent on them
- Referring URL
Why: To keep the site secure, diagnose technical issues, and understand how the platform is being used so we can improve it.
Legal basis: Legitimate interests (Article 6(1)(f) UK GDPR).
What We Do Not Collect
- We do not collect payment card details (any payments are handled by a third-party processor who is the data controller for that information).
- We do not build advertising profiles or sell your data to third parties.
- We do not collect sensitive personal data (such as health information or political views) unless you choose to include it in your own profile or posts, in which case you do so voluntarily.
How Long We Keep Your Data
We keep your data only for as long as necessary.
| Data | Retention period |
|---|---|
| Account data | For the lifetime of your account, plus 30 days after deletion to allow recovery |
| Community content (posts, listings, events) | Retained while your account is active; deleted within 30 days of account deletion unless other members' data is intertwined (e.g. group history) |
| Technical/log data | Up to 90 days |
| Support correspondence | Up to 2 years |
Who We Share Your Data With
We do not sell or rent your data. We may share limited data with:
- Hosting and infrastructure providers: to run the platform (e.g. cloud hosting, databases). These providers act as data processors and are contractually required to handle your data securely and only as we instruct.
- Analytics tools: we may use privacy-respecting analytics to understand site usage. Where we do, we ensure data is anonymised or pseudonymised.
- Legal obligation: if required to do so by law or a regulatory authority.
We will never share your data with advertisers or data brokers.
Cookies
We use cookies to keep you logged in and to remember your preferences. We do not use third-party advertising cookies.
Your Rights
Under UK GDPR, you have the following rights:
- Access: you canrequest a copy of the personal data we hold about you.
- Rectification: you canask us to correct inaccurate or incomplete data.
- Erasure: you canask us to delete your data (the "right to be forgotten"), subject to certain legal exceptions.
- Restriction: you canask us to restrict how we process your data in certain circumstances.
- Portability: you canrequest your data in a structured, machine-readable format.
- Objection: you canobject to processing based on legitimate interests.
- Withdraw consent — where processing is based on consent, you can withdraw it at any time.
To exercise any of these rights, email us at privacy@rollforcompany.com. We will respond within one calendar month.
If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the UK's data protection regulator:
Information Commissioner's Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113
Data Security
We take reasonable technical and organisational measures to protect your data against unauthorised access, loss, or disclosure. These include encrypted connections (HTTPS), hashed passwords, and access controls limiting who on our team can view personal data.
No system is completely secure. If you believe your account has been compromised, please contact us immediately.
Children
Roll for Company is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with their data, please contact us and we will delete it promptly.
Changes to This Policy
We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, where the changes are significant, notify you by email or via a notice on the site.