Legal

Privacy policy

Last updated: May 7, 2026

Draft — under attorney review

The text below reflects RoleMap's operational practices and is being reviewed by counsel. Final language may change before public launch.

1. Who we are

RoleMap is a software-as-a-service product operated by Anton Brown, an individual proprietor based in Kingston, Massachusetts. RoleMap provides role-interaction analysis for churches and organizations, available at rolemap.co. References to "we," "us," and "our" in this policy mean RoleMap. References to "you" and "your" depend on context: most often the leadership representative of a church or organization that has purchased a RoleMap engagement, but at times also the individual role-holders who fill out the questionnaire as part of an engagement.

If you have any question about this policy or about how your information is handled, write to hello@rolemap.co. Routine inquiries are handled by Anton's assistant, Eva. For legal or compliance concerns, including data-subject requests under applicable privacy laws and breach-notification matters, you may write directly to anton@rolemap.co.

2. What information we collect

We collect three categories of information.

Account information from the church or organization that purchases an engagement. This includes the name and email address of the leadership representative who creates the account, the organization's name, location, and approximate size, payment information processed by Stripe (we do not store full card numbers), and any custom information provided during engagement setup such as the engagement brief, role definitions, or organizational chart description.

Documents provided during engagement setup. Churches and organizations are encouraged to upload supporting documents — bylaws, constitutions, organizational charts, and similar — for the analysis to draw on. These documents are stored encrypted in our data infrastructure and accessed only by our analytical pipeline and by RoleMap's principal analyst (Anton Brown) during the report-review process.

Information from individual role-holders who participate in the questionnaire. When the church or organization invites role-holders to complete the questionnaire, we collect each respondent's name and email address (provided by the church or organization for the purpose of sending invitation emails), and the responses they submit, which include their assessments of working relationships with other roles in the organization and any free-text comments they choose to add.

3. How we use this information

We use the information we collect for these purposes only:

To deliver the RoleMap analysis and report to the church or organization that has commissioned it. This is the primary purpose for which all data is collected.

To communicate with the church administrator and with respondents about their engagement — sending invitations, reminders, completion confirmations, the final report, and occasional follow-up messages directly related to the engagement.

To improve RoleMap's analytical quality over time. Aggregated and anonymized patterns across engagements may inform refinements to our methodology and the quality of analysis. Individual responses, individual engagement data, and identifying details are never used in this aggregation, and no individual data is ever shared with other clients.

To meet legal and regulatory obligations, when applicable.

We do not sell personal information. We do not share personal information with third parties for advertising or marketing purposes. We do not use respondent data to build profiles of individuals beyond the scope of the specific engagement they participated in.

4. Who can see what

This is the question that matters most to many of our users, so we want to be explicit.

The church administrator (the person who purchased the engagement) sees: all responses from all role-holders, the heat map and aggregated analysis, the final report, and any documents they uploaded. Respondent comments are part of the data the leadership team receives.

Each respondent sees: their own responses (during the questionnaire, before submission). After submission, respondents do not see other respondents' answers and do not have access to the church's dashboard or the final report unless the church administrator chooses to share it with them.

RoleMap's principal analyst (Anton Brown) sees: all data for every engagement, for the purpose of reviewing reports before delivery. This review is part of the value RoleMap provides — every report is curated by a human before it reaches the client. Anton is bound by confidentiality regarding the contents of any engagement.

RoleMap's third-party service providers (listed in section 6) see only the specific information necessary to perform their function, and are bound by their own privacy policies and data-handling agreements.

Other church administrators never see another organization's data. Multi-tenant isolation is enforced at the database level using row-level security.

5. Visibility of comments

Free-text comments submitted by respondents during the questionnaire are visible to the church administrator and to Anton. They are passed to the analytical pipeline as context. The final report may paraphrase or quote respondent comments, with the names of the respondents redacted from any quoted material.

We tell respondents this directly in the questionnaire invitation email and at the start of the questionnaire itself, so that they can decide what to share with this in mind.

6. Third-party service providers

We rely on third-party services to operate RoleMap. Each is contractually bound to handle your data responsibly. We use:

  • Stripe — for payment processing. Stripe stores your payment method and processes charges. We do not store your full payment information.
  • Supabase — for our database, file storage, and authentication. Supabase hosts your data in encrypted form on infrastructure based in the United States.
  • Vercel — for web hosting and content delivery. Vercel serves the rolemap.co website and the web application.
  • Anthropic (Claude) — for the AI-assisted analytical engine that produces the narrative draft of your report from your data. We use Claude, a large language model from Anthropic, to convert your role-pair scores, asymmetry findings, and supporting documents into structured narrative analysis. Data sent to Anthropic during analysis is processed under their published data-handling terms; specifically, data sent through the Claude API is not used to train Anthropic's models. Every report produced by this AI-assisted process is reviewed and edited by Anton Brown before delivery — the human curation is a deliberate part of how RoleMap works, not a substitute for the AI nor a hidden fact.
  • Resend — for transactional email delivery (invitations, reminders, confirmations, report delivery). Resend processes recipient email addresses and message contents to enable delivery.
  • Google Workspace — for our email mailbox at hello@rolemap.co.

If you would like more detail on any of these providers' data-handling practices, we are happy to point you to their published privacy policies.

7. How long we keep data

We retain engagement data in three phases:

Active retention (0–24 months after engagement completion): all data for an engagement remains fully accessible from the church administrator's dashboard. The church can download the report, review the heat map, and reference the analysis at any time during this period.

Encrypted archive (24–48 months after engagement completion): engagement data is moved into a separate encrypted offline archive. It is not accessible from the dashboard but can be restored by request to hello@rolemap.co. This phase exists in case the church wants to reference an older engagement during a follow-up assessment or strategic planning cycle.

Permanent deletion (48+ months): engagement data is permanently deleted from all RoleMap systems. The deletion is irreversible.

You can request earlier deletion at any time by writing to hello@rolemap.co. Eva will confirm the request and execute the deletion, escalating to Anton if any aspect is unclear.

Anton retains a copy of every delivered report (PDF and Word document only — not the underlying respondent data) in a permanent archive separate from client retention. This archive is for his reference and is not shared with anyone.

8. Your rights

You have the following rights regarding your personal information.

Right to access. You can request a copy of the personal information we hold about you. We will respond within 30 days.

Right to correction. If any information we hold about you is inaccurate, you can request correction.

Right to deletion. You can request that we delete your personal information at any time. Deletion is processed within 30 days. (Note that the church administrator who commissioned the engagement may also have data about your responses; for deletion of data within their scope of access, contact them directly.)

Right to portability. You can request that we provide your data in a structured, commonly-used format.

Right to withdraw consent. If you participated as a respondent in a questionnaire, you can withdraw your consent and request that your responses be removed at any time. Note that this may affect the integrity of the analysis the church receives.

To exercise any of these rights, write to hello@rolemap.co. We may need to verify your identity before fulfilling certain requests. For more sensitive privacy matters, including data-subject requests with legal implications, you may also write directly to anton@rolemap.co.

9. Children

RoleMap is intended for adult use only. We do not knowingly collect information from children under the age of 13. If you become aware that a child has provided us with personal information, contact us at hello@rolemap.co and we will take steps to delete that information.

10. Security

We use industry-standard security measures to protect your data, including encryption in transit (TLS) and at rest. Authentication uses email-based magic links rather than passwords, reducing the surface area for credential compromise. Multi-tenant data isolation is enforced at the database level. Documents and reports are stored with row-level security.

No system is perfectly secure. If we become aware of a breach affecting your information, we will notify you in accordance with applicable U.S. state breach-notification laws. Breach matters are handled directly by Anton at anton@rolemap.co.

11. Changes to this policy

If we make material changes to this policy, we will notify church administrators by email and post an updated version at rolemap.co/privacy. The "Last updated" date at the top of this document indicates the most recent revision. Continued use of RoleMap after a notice of change constitutes acceptance of the revised policy.

12. Contact

For any question about this policy or about how your data is handled, write to:

General inquiries: hello@rolemap.co (handled by Anton's assistant, Eva) Legal, compliance, and breach matters: anton@rolemap.co (handled directly by Anton)

RoleMap Anton Brown Kingston, Massachusetts

We respond to privacy questions promptly. Routine matters typically receive a reply within one business day; legal or compliance matters within two.