Compliance & Integrations

Ready for IT, audit
and the corporate university.

A dedicated database per company, SSO with Microsoft Azure and Google, bring your own AI credentials, an audit trail of every call, configurable recording retention and a publicly verifiable certificate. xAPI on the roadmap to plug into Saba, Cornerstone, Moodle or the internal university you already run.

Request Demo Back to overview

Isolation

One database per company.
Not just a logical split.

Most multi-company SaaS platforms put every customer in the same database, separated by an identifier column. It works, but any query bug turns into a data leak.

Roleplays uses a dedicated database for each company. No identifier column to forget, no query crossing data, no attack leaking between customers. Default configuration for an enterprise customer.

Dedicated databaseLGPD-readySOC 2 pathIndependent backupPer-company retention policy

company_pharma_acme

512 users · 1,238 sessions · 8.2 GB

company_bank_regional

10,421 users · 24.5k sessions · 84.3 GB

company_saas_companyX

87 users · 412 sessions · 1.2 GB

// Each company in an isolated database

CREATE DATABASE company_{slug};

// zero cross-company lookups, zero leak risk

Corporate SSO

Authentication via SAML 2.0 or OIDC against your corporate IdP, Microsoft Entra ID (Azure AD), Google Workspace, Okta, Ping Identity or any other provider. Compatible with Conditional Access, MFA and your existing identity policies. Provisioning and deprovisioning via SCIM, with a configurable default permission set and hierarchical visibility. Each company can use its own OAuth app to customize the consent screen.

Microsoft Entra ID AVAILABLE
Google Workspace AVAILABLE
Okta ON REQUEST
Other IdPs · SAML 2.0 / OIDC ON REQUEST
SCIM provisioning AVAILABLE

Bring your own AI credentials

Enterprise customers use their own Anthropic, OpenAI and Google credentials. Roleplays charges only for the platform; AI usage hits your provider account directly. Useful for teams with promotional credit, a direct contract, or a regulatory requirement for separate billing.

provider:openai $0.0028
tokens:1842 → 624 328ms
provider:anthropic $0.0091
tokens:2480 → 312 410ms
status:success company_pharma_acme

Audit trail

Every AI call, on record.

For every call (chat, voice, evaluation, image generation, AI Drafter, AI Professor): provider, model, tokens, computed cost, latency, status and a summary of the payload. All exportable for regulatory audit or for the finance team to close the month.

When a model's price changes, the platform recomputes historical values. Useful for contracts with BACEN or for compliance that requires the exact value at the moment of the operation.

Last 30 AI calls

OpenAI

gpt-realtime-2

roleplay_voice

24.8k

$0.794

412ms

Anthropic

claude-opus-4-7

evaluation_voice

8.2k

$0.214

1.8s

Google

gemini-3-pro-image

academy_image_gen

1.4k

$0.134

2.1s

Anthropic

claude-sonnet-4-6

templates_ai

3.6k

$0.058

724ms

OpenAI

whisper-1

roleplay_voice_transcription

12 min

$0.204

-

Integrations

Doesn't replace your corporate university.
Talks to it.

Companies with their own LMS (Saba, Cornerstone, Moodle, internal platforms) don't want to migrate. They want to complement it with the simulation layer. That's why xAPI is on the roadmap.

In development

xAPI / Tin Can Statements

We report every relevant event (course completed, roleplay finished, certificate issued) as an xAPI statement to your LRS. No data migration, no duplicate sources, the Corporate University stays the primary source of the trainee's progress; Roleplays complements it with the practical simulation layer.

Example statement

{
  "actor": { "mbox": "mailto:joao@empresa.com" },
  "verb": { "id": "http://adlnet.gov/expapi/verbs/completed" },
  "object": {
    "id": "https://roleplays.com.br/roleplays/abc-123",
    "definition": { "type": "...rolePlay" }
  },
  "result": { "score": { "scaled": 0.87 } }
}

Verifiable certificate

Public URL /verify/{number}. External HR, regulator or partner validates without logging in. Survives course archival.

https://roleplays.com.br/verify/
02-A1B7-C4D2-E991

Authentic certificate

Recordings with configurable retention

Mixed audio from every voice session stored in the company's secure environment. Per-company retention cycle: immediate access, cold archive, deletion. Short-expiry access links, no public exposure. Pharma compliance loves it; banking demands it.

Immediate access

90d

Fast access for post-session review

Cold archive

5 years

Regulatory compliance, low cost

Deletion

On demand

GDPR / right to be forgotten

A checklist your legal team approves.

LGPD, Brazil General Data Protection Law

Right to be forgotten, documented legal basis, DPO contact.

GDPR, General Data Protection Regulation

Right to be forgotten, data residency on request, SCCs.

SOC 2 path

In preparation, auditable security controls.

RDC 658, ANVISA

Label adherence, visit logging, annual certificate.

BACEN, Brazilian Central Bank

AML/CTF, suitability, KYC for banking with auditable evidence.

PCI DSS

For call centers training agents with card data access.

Ready to transform how your team trains?

For organizations with 50+ employees. Book 45 minutes and we'll think the setup through with you.

Request Demo Talk to Sales