roll20 Privacy Policy

This page describes what we collect when you use roll20 and how we keep that data protected. We collect personal information to verify your identity, process your deposits and withdrawals, and comply with anti-money-laundering regulations. Your data is handled securely and is not shared with third parties except where required by law.

We operate roll20 in jurisdictions where local law permits. Your personal information may be stored on servers located outside your country. By using roll20, you consent to the collection and processing of your data as described in this policy. If you do not agree with how we handle your data, do not create an account.

This policy explains what data we collect, how we use it, who has access to it, how long we keep it, and what rights you have. Contact our support team if you have questions about your data or wish to exercise your privacy rights.

What data we collect on roll20

We collect several categories of information when you use roll20:

  • Identity informationYour full name, date of birth, email address, phone number, and a copy of your government-issued identification (national card, passport, or driver's licence).
  • Payment informationDetails of your payment methods, including bank account numbers, mobile wallet identifiers (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet), and transaction history.
  • Account informationYour username, password (encrypted), security questions, and authentication codes for two-factor authentication.
  • Activity dataYour login history, market activity, deposits, withdrawals, game play, and account balances.
  • Technical dataYour IP address, browser type, device information, and cookies placed on your device.
  • CommunicationsEmails, messages, and support tickets you exchange with our team.

We do not collect unnecessary personal information. We collect only what is needed to verify your identity, process transactions, comply with regulations, and provide customer support.

Data we collect on roll20

  • Full name, date of birth, email, phone, government ID
  • Payment method details and transaction history
  • Account login and security information
  • All account activity (deposits, withdrawals, game play)
  • IP address, browser, device type, and cookies
  • Support communications and feedback

How we use your data on roll20

We use the data we collect for the following purposes:

  • Identity verification (KYC)To confirm your identity and comply with anti-money-laundering (AML) regulations.
  • Payment processingTo process your deposits through mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, and local payment, and to execute your withdrawal requests.
  • Fraud preventionTo detect and prevent fraudulent activity, money laundering, and unauthorized access to your account.
  • Account managementTo manage your account, respond to your support requests, and enforce our terms and policies.
  • Platform improvementTo analyze usage patterns, fix bugs, and improve the roll20 platform and user experience.
  • Legal complianceTo comply with applicable laws, regulations, and government requests.

We do not use your data for marketing purposes unless you explicitly opt in. We do not sell your personal information to third parties.

Who has access to your data on roll20

Your data is accessed by roll20 staff members who need it to perform their roles (customer support, account verification, payment processing, fraud prevention). Our staff are trained to handle data securely and are bound by confidentiality agreements.

We share your data with third-party service providers only when necessary:

  • Payment processorsonline payment, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet receive payment information needed to process deposits and withdrawals.
  • Identity verification servicesThird-party KYC providers may access your identity documents to verify your information.
  • Fraud prevention servicesExternal fraud-detection systems may process your transaction data to identify suspicious patterns.
  • Legal authoritiesWe may disclose your data to government agencies, law enforcement, or regulators if required by law or legal process.

We ensure all third-party processors sign data-processing agreements that commit them to protecting your data. Third parties may not use your data for any purpose other than providing their contracted service.

On roll20, we handle your data with care. We keep it secure, share it only when necessary, and comply with regulations that protect your privacy.

roll20 editorial team

How long we keep your data on roll20

We retain your data for as long as your account is active and for a period after account closure as required by law. Specifically:

  • Your identity documents (KYC) are retained for the duration of your account and for five years after account closure to comply with anti-money-laundering regulations.
  • Your transaction history (deposits, withdrawals, game activity) is retained for seven years to comply with financial record-keeping regulations.
  • Your technical data (IP address, cookies) is retained for up to one year unless we need it longer to investigate fraud or security incidents.
  • Your communications with support are retained for up to three years unless relevant to a dispute or investigation.

After the retention period expires, we delete or anonymize your data. If deletion is not possible for legal reasons, we secure the data and stop using it for any active purpose.

Your rights regarding your data on roll20

You have the following rights with respect to your data:

  • Right of accessYou may request a copy of all personal data we hold about you.
  • Right to correctionYou may request that we correct inaccurate or incomplete data.
  • Right to deletionYou may request deletion of your data, subject to legal retention requirements.
  • Right to data portabilityYou may request that we provide your data in a portable format.
  • Right to objectYou may object to certain types of data processing.

To exercise any of these rights, contact our support team with your request. We will respond within 30 days. Some requests may be refused if they conflict with legal obligations or the rights of others.

Cookies and tracking on roll20

We use cookies and similar tracking technologies to enhance your roll20 experience. Cookies are small files stored on your device that help us remember your preferences and keep you logged in. We use two types:

  • Essential cookiesRequired for roll20 to function (login, security, session management).
  • Analytics cookiesHelp us understand how users interact with roll20 so we can improve the platform.

You may disable cookies in your browser settings, though this may limit your ability to use roll20. We do not use advertising or behavioural tracking cookies.

How we protect your data on roll20

We employ industry-standard security practices to protect your data:

  • Encryption of data in transit (HTTPS) and at rest (AES-256).
  • Secure password hashing using industry-standard algorithms.
  • Two-factor authentication (2FA) to prevent unauthorized access.
  • Regular security audits and penetration testing.
  • Restricted access to data — only authorized staff can view sensitive information.
  • Incident response procedures — if a data breach occurs, we will notify affected users within the timeframe required by law.

While we use strong security measures, no system is completely secure. We cannot guarantee absolute protection against all potential threats. You are responsible for keeping your password and 2FA codes secure.

International data transfer on roll20

Our servers may be located in countries outside Indonesia. This means your personal data may be transferred to and stored in jurisdictions with different privacy laws. By using roll20, you consent to this transfer. We ensure all transfers comply with international data protection standards and are protected by appropriate safeguards such as standard contractual clauses.

Children and minors on roll20

roll20 is not intended for children or minors. We do not knowingly collect data from anyone under the age at which online wagering is permitted in their jurisdiction. If we become aware that we have collected data from a minor, we will delete it immediately and may close the associated account.

Changes to this privacy policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated date. Your continued use of roll20 after changes are posted constitutes acceptance of the new policy. If significant changes affect how we use your data, we will notify you by email.

Contact us about your privacy

If you have questions about this privacy policy, wish to exercise your data rights, or want to report a privacy concern, contact our support team. We are available during standard business hours via email or in-app support. We will respond to privacy requests within 30 days.

Our privacy practices comply with applicable data protection regulations in jurisdictions where we operate. Services on roll20 are available only where local law permits. By using roll20, you acknowledge that you have read and understood this privacy policy and consent to our data practices.