This website is operated by DAN NICHOLS PTY LTD. The privacy of our users is extremely important to us and therefore we encourage all users to oread this policy very carefully because it contains important information regarding;

• who we are;
• how and why we collect, store, use and share personal information;
• your rights in relation to your personal information; and
• how to contact us and supervisory authorities in the event that you have a complaint.
  
  

Who we are

DAN NICHOLS PTY LTD (‘we’, ‘us’, ‘our’) collect, use and are responsible for storing certain personal information about you (‘you’, ‘your’, ‘yours’).

The personal information we collect and use

Personal information is information which you can be identified from (and does not include any anonymised forms of information).

1. Types of personal information

We may process the following types of personal information in relation to you:

• Account information - This can include your email address, username, password used in creating your account. You can also provide us a name or nickname used to display your rolls to other players. You may need to verify your email address.
• Content you create - This includes any content you upload (such as profile pictures for you, your campaigns, or your characters). Your content also includes messages you send to other users, as well as any information you enter when creating campaigns or characters.
• Payment information - If you buy any paid services through RollVault, you may need to submit a valid payment method and associated billing information, including your full name and billing address. Our payment processors, like Stripe, Google, and Apple, receive and process your payment information. Depending on the processor, we may also receive and store certain billing information, including the last four digits of the credit card number associated with the transaction.
• App and website usage information - As you use our services (rolling dice, sending messages, creating campaigns and characters), we will automatically log usage events. This helps us to improve the service and to quickly diagnose any issues in our system. These usage events are usually anonymous but may contain information included from content you create.
  
  

How your personal information is collected

This section describes how the above types of personal information are collected by us. Your personal information will be collected as follows:

1. Personal information obtained from you directly

The personal information we obtain from you directly (described in detail above) includes the following;

• Account information
• Content you create
• Payment information

2. Information automatically collected

We also collect information in relation to you automatically when you use RollVault (described in detail above), which includes the following;

• App and website usage information

3. Changes to the way in which we collect your personal information

In the event that we need to obtain personal information in relation to you from any other source than those described above, we shall notify you of this.

How we use your personal information

1. General purposes

Your personal information will generally be processed for the following purposes;

• To provide you with our services - We require your account information to authenticate you, and your content to allow you to share your tabletop experiences with your friends. The service would not work without this information.
• To contact you - We may need to update policies or terms (like this Privacy Policy), and we are obligated to inform you when major changes happen.
• To secure our service - Authentication restrictions exist to ensure you join campaigns only with the people you want to. These restrictions keep our service secure.
• To improve our service - Understanding how you use our service helps us make improvements to make it the best it can be. These improvements can be categorised into both feature uplift, and bug fixing; both contribute to improving the quality of the service.

2. Monitoring

We may monitor communications, and in doing so we may obtain your personal information through this process. We will undertake monitoring in the following circumstances: Calls and emails may be monitored for quality assurance purposes.

Lawful basis for processing of your information

We have described above the purposes for which we may process your personal information. These purposes will at times be justified by UK data protection law.

1. General lawful bases

The lawful basis upon which we are able to process your personal data are:

1. where we have your consent to use your data for a specific purpose;
2. where it is necessary to enter into a legal contract with you or to perform obligations under a legal contract with you;
3. where it is necessary to enable us to comply with a legal obligation;
4. where it is necessary to ensure our own legitimate interests or the legitimate interests of a third party (provided that your own interests and rights do noo override those interests). Wherever we rely upon this basis, details of the legitimate interests concerned shall be provided to you;
5. where we need to protect your own vital interests (or the vital interests of another person); and/or
6. where it is needed in the public interest (orr where we are acting in our official functions), provided that the task or function has a clear basis in law.

In general, in order to meet the purposes we have described above, we will process your personal information where we have your express consent on each occasion that the data is processed.

Disclosure of your personal information

Your personal information is disclosed in the following ways;

• When you tell us to - When you create campaigns, create characters, roll custom dice, and send messages, you are telling us to share that information with other members of those campaigns. Through our service, you are able to restrict access to only the people you want in your games, and you are able to leave campaigns at any time. For the most part, access is restricted only to those who have an invite link to your campaign.
• With our service providers - This includes cloud providers (Amazon) where we host our data and services, and payment gateways (Stripe, Google, Apple) where we process payment information to provide you with a premium service. We are located in Australia, so our servers and data are hosted in Australia. We may also store information on servers outside Australia, which can depend on the location of our users or service providers. These service providers allow us to provide our services to you. By accessing or using our services or otherwise providing information to us, you understand that your information will be processed, transferred, and stored in Australia and other countries, where different data protection standards may apply and/or you may not have the same rights as you do under local law.
• In an emergency - We may disclose information if we believe in good faith that it’s necessary to prevent serious harm to a person.
• To comply with the law - We may disclose information in response to a request for information if we believe disclosure is required by law, including meeting national security or law enforcement requirements.

Should we have additional third parties where we disclose your information, we will notify you when this position changes.

Necessity of information

Where information is requested from you and you do not provide this, you will likely not be able to login if no means of authentication is provided.

We will inform you at the point of collecting information from you, whether you are required to provide the information to us.

How long your personal information will be kept

Your personal information will be kept for the period of time which is necessary for us to fulfil the above purposes.

We envisage that your personal information shall be retained by us indefinitely, until a request is made to support@rollvault.app to delete your personal data (and account).

Once that request is made, your information shall be properly deleted or anonymised.

Please see our Data deletion request instructions for more information.

Keeping you information secure

We will ensure the proper safety and security of your personal information and have measures in place to do so. We will also use technological and organisation measures to keep your information secure. These measures are as follows:

• All data is encrypted both in transit and at rest
• All data is kept on secure servers

We have proper procedures in place to deal with any data security breach, which shall be reported and dealt with in accordance with data protection laws and regulations. You shall also be notified of any suspected data breach concerning your personal information.

Users in the EEA, United Kingdom, Switzerland, and Brazil

Certain local laws, such as the European Union’s General Data Protection Regulation (GDPR) and Brazil’s Lei Geral de Proteção de Dados (LGPD), require services to provide information about the information they collect, how they use it, and the lawful basis for processing it. We’ve described most of that already in the earlier portions of this Policy.

If you are located in certain regions, including the European Union, and the UK, you have a number of important rights free of charge. In summary, those include rights to:

1. fair processing of information and transparency over how we use your personal information;
2. access to your personal information and to certain other supplementary information that this Privacy Statement is already designed to address;
3. require us to correct any mistakes in your information which we hold;
4. require the erasure of personal information concerning you in certain situations;
5. receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this information to a third party in certain situations;
6. object at any time to processing of personal information concerning you for direct marketing;
7. object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you;
8. object in certain other situations to our continued processing of your personal information, or ask us to suspend the processing procedure in order for you to confirm its assurance or our reasoning for processing it;
9. object to processing of your personal information where we are doing so in reliance upon a legitimate interest of our own or of a third party and where you wish to raise objection to this particular ground;
10. otherwise restrict our processing of your personal information in certain circumstances;
11. claim compensation for damages caused by our breach of any data protection laws; and/or
12. in any circumstance where we rely upon your consent for processing your personal information, you may withdraw this consent at any time.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on your rights under the General Data Protection Regulations.

If you would like to exercise any of these rights please contact our Data Protection Officer, Dan Nichols via email to support@rollvault.app.

Changes to the privacy policy

This privacy policy was published on 11th July 2023.

We may change this privacy policy from time and will notify you of any changes by notice on the website header. For major changes, we will email you.

Contacting us

Our Data Protection Officer is Dan Nichols.

Any requests or questions regarding the use of your personal information should be made to the above named person via email at support@rollvault.app.

You can also mail us at 9 Tripcony Ct, Pelican Waters, 4551, QLD, Australia if you prefer.

Sources of further information

This policy provides key information to you regarding the processing of your information. For certain areas of our information processing, we have further comprehensive details contained in other documentation. This information can be located as follows:

• Email authentication uses AWS Cognito to securely handle user information. Please refer to https://aws.amazon.com/compliance/data-privacy-faq/ for more details on the data privacy of the Cognito service.