Compliance & Integrations

Ready for IT, audit
and the corporate university.

Database-per-tenant for real isolation, corporate SSO via SAML 2.0 and OIDC against Microsoft Entra ID, Google Workspace, Okta or any other corporate IdP, AI your own AI credentials, an audit log for every call, configurable S3 retention, publicly verifiable certificate. xAPI on the roadmap to plug into Saba/Cornerstone/Moodle or the internal university you already run.

Request Demo Back to overview

Isolation

One database per company.
Not just a logical split.

Most multi-company SaaS platforms put every customer in the same database, separated by an identifier column. It works, but any query bug turns into a data leak.

Roleplays uses a dedicated database for each company. No identifier column to forget, no query crossing data, no attack leaking between customers. Default configuration for an enterprise customer.

Dedicated databaseUK GDPR-readyLGPD-readySOC 2 pathIndependent backupPer-company retention policy

company_pharma_acme

512 users · 1,238 sessions · 8.2 GB

company_bank_regional

10,421 users · 24.5k sessions · 84.3 GB

company_saas_companyX

87 users · 412 sessions · 1.2 GB

// Each company in an isolated database

CREATE DATABASE company_{slug};

// zero cross-company lookups, zero leak risk

Enterprise SSO

Authentication via SAML 2.0 or OIDC against your corporate IdP, Microsoft Entra ID (Azure AD), Google Workspace, Okta, Ping Identity or any other provider. Compatible with Conditional Access, MFA and your existing identity policies. Provisioning and deprovisioning via SCIM, with a configurable default permission set and hierarchical visibility. Each company can use its own OAuth app to customise the consent screen.

Microsoft Entra ID AVAILABLE
Google Workspace AVAILABLE
Okta · SAML 2.0 ON REQUEST
JIT Provisioning AVAILABLE

Bring your own AI credentials

An Enterprise customer brings their own Anthropic, OpenAI and Google keys. Roleplays bills the platform only; AI usage hits your provider account directly. Useful for teams with promotional credit, a direct contract, or a regulatory requirement for separate billing.

provider:openai $0.0028
tokens:1842 → 624 328ms
provider:anthropic $0.0091
tokens:2480 → 312 410ms
status:success company_pharma_acme

Audit Log

Every AI call, tracked.

For every call (chat, voice, evaluation, image generation, AI Drafter, AI Professor): provider, model, tokens, computed cost, latency, status, truncated payloads. All exportable for regulatory audit or for the finance team's month-end close.

The ai:backfill-costs cron recomputes historical value when you update pricing, useful for contracts with BACEN/FCA or compliance demands requiring the exact value at the moment of operation.

Last 30 AI calls

OpenAI

gpt-realtime-2

roleplay_voice

24.8k

$0.794

412ms

Anthropic

claude-opus-4-7

evaluation_voice

8.2k

$0.214

1.8s

Google

gemini-3-pro-image

academy_image_gen

1.4k

$0.134

2.1s

Anthropic

claude-sonnet-4-6

templates_ai

3.6k

$0.058

724ms

OpenAI

whisper-1

roleplay_voice_transcription

12 min

$0.204

-

Integrations

Doesn't replace your corporate university.
Talks to it.

Companies with their own LMS (Saba, Cornerstone, Moodle, internal platforms) don't want to migrate. They want to complement it with the simulation layer. That's why xAPI is on the roadmap.

In development

xAPI / Tin Can Statements

We report every relevant event (course completed, roleplay finished, certificate issued) as an xAPI statement to your LRS. No data migration, no duplicate sources, the Corporate University stays the primary source of the trainee's progress; Roleplays complements it with the practical simulation layer.

Example statement

{
 "actor": { "mbox": "mailto:joao@empresa.com" },
 "verb": { "id": "http://adlnet.gov/expapi/verbs/completed" },
 "object": {
 "id": "https://roleplays.com.br/roleplays/abc-123",
 "definition": { "type": "...rolePlay" }
 },
 "result": { "score": { "scaled": 0.87 } }
}

Verifiable certificate

Public URL /verify/{number}. External HR, regulator or partner validates without logging in. Survives course archival.

https://roleplays.com.br/verify/
02-A1B7-C4D2-E991

Authentic certificate

Recordings with configurable retention

Mixed audio from every voice session stored in the company's secure environment. Per-company retention cycle: immediate access, cold archive, deletion. Short-expiry access links, no public exposure. Pharma compliance loves it; banking demands it.

Standard

90d

Fast access for post-session review

Glacier

5 years

Regulatory compliance, low cost

Purge

On demand

GDPR / right to be forgotten

A checklist your legal team approves.

UK GDPR & Data Protection Act 2018

ICO compliant, right to be forgotten, lawful basis documented, DPO contact.

LGPD, Brazil General Data Protection Law

Right to be forgotten, documented legal basis, DPO contact.

GDPR, General Data Protection Regulation

Right to be forgotten, data residency on request, SCCs.

SOC 2 path

In preparation, auditable security controls.

RDC 658, ANVISA · MHRA GxP

Label adherence, visit logging, annual certificate.

FCA & BACEN

AML/CTF, suitability, KYC for banking with auditable evidence.

PCI DSS

For call centres training agents with card data access.

Ready to transform how your team trains?

For organisations with 50+ employees. Book 45 minutes and we'll think the setup through with you.

Request Demo Talk to Sales