Compliance & Integrations

Ready for IT, audit
and the corporate university.

A dedicated database per company, corporate SSO via SAML 2.0 and OIDC against Microsoft Entra ID, Google Workspace, Okta or any other corporate IdP, AI with your own credentials, a log for every AI call, configurable recording retention, publicly verifiable certificate. xAPI on the roadmap to plug into Saba, Cornerstone, Moodle or the internal university you already run.

Request Demo Back to overview

Isolation

One database per company.
Not just a logical split.

Most multi-company SaaS platforms put every customer in the same database, separated by an identifier column. It works, but any query bug can turn into a data leak.

Roleplays uses a dedicated database for each company. No identifier to forget, no query crossing data, no attack leaking between customers. Default config for an enterprise customer.

Dedicated databasePrivacy Act 1988 readyLGPD-readySOC 2 pathIndependent backupPer-company retention policy

company_pharma_acme

512 users · 1,238 sessions · 8.2 GB

company_bank_regional

10,421 users · 24.5k sessions · 84.3 GB

company_saas_companyX

87 users · 412 sessions · 1.2 GB

// Each company in an isolated database

CREATE DATABASE company_{slug};

// 0 cross-company lookups, 0 leak risk

Enterprise SSO

Authentication via SAML 2.0 or OIDC against your corporate IdP, Microsoft Entra ID (Azure AD), Google Workspace, Okta, Ping Identity or any other provider. Compatible with Conditional Access, MFA and your existing identity policies. Provisioning and deprovisioning via SCIM, default permission and access group are configurable. Each company can bring their own OAuth app to rebrand the consent screen.

Microsoft Entra ID AVAILABLE
Google Workspace AVAILABLE
Okta · SAML 2.0 ON REQUEST
JIT Provisioning AVAILABLE

Your own AI credentials

An Enterprise customer uses their own credentials for Anthropic, OpenAI and Google. Roleplays bills the platform only, AI usage hits your provider account directly. Useful for teams with promotional credit, a direct contract, or a regulatory requirement for separate billing.

provider:openai $0.0028
tokens:1842 → 624 328ms
provider:anthropic $0.0091
tokens:2480 → 312 410ms
status:success company_pharma_acme

AI Call Log

Every AI call, tracked.

For every call (chat, voice, evaluation, image generation, AI Drafter, AI Professor): provider, model, tokens, computed cost, latency, status, truncated payloads. All exportable for regulatory audit or for the finance team's month-end close.

The ai:backfill-costs cron recomputes historical value when you update pricing, useful for contracts with APRA or BACEN, or compliance demands requiring the exact value at the moment of operation.

Last 30 AI calls

OpenAI

gpt-realtime-2

roleplay_voice

24.8k

$0.794

412ms

Anthropic

claude-opus-4-7

evaluation_voice

8.2k

$0.214

1.8s

Google

gemini-3-pro-image

academy_image_gen

1.4k

$0.134

2.1s

Anthropic

claude-sonnet-4-6

templates_ai

3.6k

$0.058

724ms

OpenAI

whisper-1

roleplay_voice_transcription

12 min

$0.204

-

Integrations

Doesn't replace your corporate university.
Talks to it.

Companies with their own LMS (Saba, Cornerstone, Moodle, internal platforms) don't want to migrate. They want to complement it with the simulation layer. That's why xAPI is on the roadmap.

In development

xAPI / Tin Can Statements

We report every relevant event (course completed, roleplay finished, certificate issued) as an xAPI statement to your LRS. No data migration, no duplicate sources, the Corporate University stays the primary source of the trainee's progress; Roleplays complements it with the practical simulation layer.

Example statement

{
 "actor": { "mbox": "mailto:joao@empresa.com" },
 "verb": { "id": "http://adlnet.gov/expapi/verbs/completed" },
 "object": {
 "id": "https://roleplays.com.br/roleplays/abc-123",
 "definition": { "type": "...rolePlay" }
 },
 "result": { "score": { "scaled": 0.87 } }
}

Verifiable certificate

Public URL /verify/{number}. External HR, regulator or partner validates without logging in. Survives course archival.

https://roleplays.com.br/verify/
02-A1B7-C4D2-E991

Authentic certificate

Recordings with configurable retention

Mixed audio from every voice session stored in each company's secure environment. Per-company retention cycle: immediate access, cold storage, deletion. Access links with short expiry, no public exposure. Pharma compliance loves it; banking demands it.

Standard

90d

Fast access for post-session review

Glacier

5 years

Regulatory compliance, low cost

Purge

On demand

GDPR / Privacy Act / right to be forgotten

A checklist your legal team approves.

Privacy Act 1988 (Australia)

Aligned to the Australian Privacy Principles, with right of access, correction, and erasure on request.

LGPD, Brazil General Data Protection Law

Right to be forgotten, documented legal basis, DPO contact.

GDPR, General Data Protection Regulation

Right to be forgotten, data residency on request, SCCs.

SOC 2 path

In preparation, auditable security controls.

RDC 658, ANVISA / TGA

Label adherence, visit logging, annual certificate. TGA-ready for Australian sponsors.

APRA / BACEN

AML/CTF, suitability, KYC for banking with auditable evidence aligned to APRA Prudential Standards and BACEN requirements.

PCI DSS

For call centres training agents with card data access.

Ready to transform how your team trains?

For organisations with 50+ employees. Book 45 minutes and we'll think the setup through with you.

Request Demo Talk to Sales