Trust & Security

Rollit runs on managed cloud infrastructure. The platform provider operates the underlying database, authentication and hosting services; the Rollit team is responsible for the application code, access rules, and how player data is handled inside the product. Players are responsible for protecting their own credentials, PIN and recovery email.

• Email + password and Google sign-in are supported.
• Optional two-factor authentication (TOTP) is available from the account screen.
• A separate 4–6 digit wallet PIN is required to confirm sensitive wallet actions such as withdrawals and sending credits.
• Sign-ins from new devices or IP addresses can trigger an email approval step before wallet actions are released.

All traffic between your browser and Rollit is served over HTTPS/TLS. API requests authenticated as the signed-in user are constrained server-side by row-level access rules so that one player cannot read another player's account, balance or wallet data.

• Deposits and withdrawals are processed through a regulated third-party crypto payment processor; Rollit does not custody raw private keys for player wallets.
• Deposit addresses, payout addresses and transaction details are only visible to the account that owns them and to authorized Rollit staff for support and compliance.
• Withdrawal addresses can be whitelisted and require email verification before they can be used.

• Account profile (username, avatar, email), game history, wallet transactions and support conversations are stored to operate the service.
• Anti-fraud signals (login IPs, device fingerprints) are retained for the time needed to investigate abuse and meet legal obligations.
• You can request deletion of your account by contacting support; some records may be retained where required by law or for fraud prevention.

Rollit uses first-party cookies and local storage for sign-in sessions, preferences and basic product analytics. We do not sell personal data to third parties.

Rollit relies on managed providers for hosting, database, email delivery, push notifications, crypto payment processing and real-time voice/video during games. These providers receive only the data needed to deliver their part of the service.

If you believe you have found a security vulnerability, please email security@rollitplay.com with steps to reproduce. Please do not publicly disclose the issue until we have had a chance to respond.

Rollit is not currently certified under SOC 2, ISO 27001, PCI-DSS, HIPAA or GDPR adequacy programs. We follow common security best practices and continue to improve our controls; this page will be updated as that posture changes.