How we handle your data.

We collect account information (name, email, role), operational records your team enters (residents, beds, incidents, chores, walkthroughs, rent, meetings, and house notes), and technical logs needed to secure and operate the service (IP address, browser type, session identifiers).

We use your data to provide Roll Call, enforce role-based access, generate exports and audit logs, respond to support requests, and improve reliability. We do not sell customer data or use resident records for advertising.

All traffic is encrypted over HTTPS. Database, authentication, and file storage are provided by Supabase with row-level security on customer tables. Incident and resident photos live in private buckets with signed, short-lived download URLs. Service-role keys never ship to the browser.

We rely on Cloudflare (application hosting), Supabase (database, auth, storage), Resend (transactional email), and Calendly (demo scheduling). A current subprocessor list is available on request.

We retain operational data for as long as your organization uses Roll Call. On request, we can export your data as CSV or delete it after account closure, subject to any legal obligations your organization must meet.

Organization administrators can request access, correction, export, or deletion by contacting us. If you are a resident whose information appears in Roll Call, contact the operator who manages your house for changes to their records.

Questions about this policy or a data request: support@rollcallhm.com

See also our trust and security overview.