Privacy Policy

Last updated: February 14, 2026

1. Data Controller

The data controller responsible for your personal data is:

Roxerion
Email: [email protected]
Website: roxerion.com

If you have any questions about data protection, please contact us at the email address above.

2. Information We Collect

2.1 Information You Provide

When you create an account, we collect:

  • Email address — for account verification, password resets, and account-related communications
  • Username — your chosen display name on the platform
  • Password — stored as a bcrypt hash (we never store plaintext passwords)

When you link a Discord account, we receive from Discord:

  • Discord user ID, username, and avatar URL
  • Email address (if provided by Discord)

When you link a Roblox account, we store:

  • Roblox user ID and username

2.2 Automatically Collected Information

When you visit our Site, we automatically collect:

  • IP address — stored in session records for security (rate limiting, fraud prevention)
  • Browser type and user agent — for session management
  • Device identifier (cookie) — a randomly generated UUID stored as roxerion_uid

2.3 User-Generated Content

If you upload scripts or images, we store the content you provide, including script code, descriptions, tags, and images (stored on Cloudflare R2).

3. Legal Basis for Processing (GDPR Art. 6)

We process your personal data on the following legal bases:

  • Consent (Art. 6(1)(a)): Marketing cookies and advertising — you can withdraw consent at any time via "Cookie Settings"
  • Contract performance (Art. 6(1)(b)): Account creation, authentication, providing the Service
  • Legitimate interest (Art. 6(1)(f)): Security (rate limiting, fraud prevention, CSRF protection), analytics for service improvement, session management

4. Cookies and Tracking Technologies

We use cookies and localStorage for the following purposes. You can manage your preferences via the "Cookie Settings" link in our footer.

Cookie Details

Name Purpose Duration Category
roxerion_uid Anonymous identity for likes, favorites, and access management 1 year Necessary
roxerion_session Authentication session for logged-in users 30 days Necessary
roxerion_csrf Cross-Site Request Forgery protection Session Necessary
roxerion_consent (localStorage) Stores your cookie consent preferences Persistent Necessary
Monetag / Propeller Ads cookies Third-party advertising cookies set by the ad network Varies Marketing
Cloudflare Turnstile cookies CAPTCHA verification during registration/login Session Necessary

5. Advertising

We use third-party advertising services (Monetag / Propeller Ads) to display advertisements on our Site. Non-personalized advertisements are displayed by default. Personalized advertising (using tracking cookies and behavioral data) is only enabled after you give explicit consent via the Marketing category in our cookie consent banner.

You can withdraw your consent at any time by clicking the "Cookie Settings" link in the footer. When you withdraw marketing consent, only non-personalized ads will be shown.

6. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Authenticate users and manage sessions
  • Send account-related emails (verification, password reset)
  • Detect and prevent fraud, abuse, and security incidents
  • Display advertisements (only with your consent)
  • Comply with legal obligations

We do not sell your personal data. We do not use your data for profiling or automated decision-making.

7. Third-Party Services

We use the following third-party services that may process your data:

  • Cloudflare Turnstile — CAPTCHA verification (IP address, browser fingerprint). Privacy Policy
  • Cloudflare R2 — Image storage for uploaded script thumbnails. Privacy Policy
  • Resend — Transactional email delivery (verification, password reset emails). Privacy Policy
  • Discord — OAuth authentication and account linking (optional). Privacy Policy
  • Monetag / Propeller Ads — Advertising (loaded only after marketing consent). Privacy Policy
  • Roxerion access pages — Internal ad-step pages used to unlock script, hub, and RoxGuard access. These pages may render Monetag / Propeller advertising while access sessions are being completed.
  • Roblox APIs — Game name resolution from Place IDs (no personal data shared). Privacy Policy
  • DigitalOcean — Managed PostgreSQL database hosting. Privacy Policy

8. Data Retention

We retain your data for the following periods:

  • Account data — Until you delete your account
  • Session data — 30 days (auto-expired)
  • Access keys — Configurable (default 3 hours), auto-expired
  • CSRF tokens — 5 minutes (auto-cleaned)
  • Rate limiting data — In-memory, cleaned every 5 minutes
  • Uploaded content — Until you or an admin deletes it
  • Cookie consent — Stored in your browser until you clear it

When you delete your account, all associated personal data is permanently removed (see Section 9 for details).

9. Your Rights

9.1 Rights under GDPR (EU/EEA)

If you are located in the EU/EEA, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right to Access (Art. 15): You can download all your personal data via Account Settings → "Download My Data"
  • Right to Rectification (Art. 16): You can update your email, username, and password in Account Settings
  • Right to Erasure (Art. 17): You can permanently delete your account and all associated data in Account Settings
  • Right to Restrict Processing (Art. 18): Contact us to restrict processing of your data
  • Right to Data Portability (Art. 20): You can export your data in JSON format via Account Settings
  • Right to Object (Art. 21): You can object to processing based on legitimate interest by contacting us
  • Right to Withdraw Consent (Art. 7(3)): Withdraw cookie consent at any time via "Cookie Settings" in the footer

Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. If you are in Germany, this is the relevant state data protection authority (Landesdatenschutzbeauftragte). A list is available at bfdi.bund.de.

9.2 Rights under CCPA/CPRA (California)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know: You can request information about what personal data we collect and how we use it
  • Right to Delete: You can request deletion of your personal data
  • Right to Opt-Out of Sale: We do not sell your personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise any of these rights, contact us at [email protected].

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Passwords are hashed with bcrypt (never stored in plaintext)
  • All data is transmitted over HTTPS/TLS
  • Database connections use SSL encryption
  • CSRF protection on all state-changing operations
  • Rate limiting on authentication endpoints
  • HttpOnly, Secure, SameSite cookies

11. International Data Transfers

Your data may be processed on servers located outside your country of residence, including in the United States (Cloudflare, DigitalOcean) and the European Union (Oracle Cloud). Where data is transferred outside the EU/EEA, we rely on standard contractual clauses or adequacy decisions as provided by the third-party service providers.

12. Children's Privacy

Our Service is not intended for children under 13 years of age (COPPA) or under 16 years of age in the EU/EEA (GDPR Art. 8). We do not knowingly collect personal information from children below these age thresholds. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected] and we will promptly delete the data.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we may also notify registered users via email.

14. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at:

Email: [email protected]
Website: roxerion.com

Game Connected
Roxerion Sync
Offline
Offline
You can now control your Roblox game from the browser! Execute scripts, view game data, and more.
Control Panel

Ad delivery looks blocked

We detected signs that ads may be blocked. Some unlock flows may fail unless roxerion.com is whitelisted.

How to whitelist this site:

  1. Click the adblocker icon in your browser toolbar
  2. Select "Don't run on this site" or "Disable for roxerion.com"
  3. Reload the page