RoCode
Get Started

Privacy Policy

version 1.0 · last updated 2026-04-28

We try to collect as little as possible and tell you exactly what happens to it. This page is the long-form version. The short version: we keep account data, billing records, and audit events for accountability — and we encrypt your code, prompts, and Studio contents so we genuinely can't read them.

What we collect

Account info: username, email, password hash, an optional display name and profile picture, and metadata Better-Auth needs to run your session (cookie tokens, last sign-in time).

Devices: a hash of your hardware fingerprint (never the raw fingerprint), the OS name, the app version, the IP address you signed in from, and an approximate location derived from that IP. We use this to detect unusual sign-ins and to power the device list at /account/devices.

Billing: Stripe customer ID, payment intent IDs, invoice IDs, refund and dispute records. Stripe stores the actual card numbers — we never see them.

AI usage: per call we keep timestamp, model, token counts, and the cost. We do not retain prompt content or tool inputs/outputs in the clear; those are encrypted with a key only you control.

Audit log: every significant action on your account — sign-ins, password changes, purchases, friend requests, project edits — gets a row in our audit log. Retained 7 years per financial-record standards.

What we don't collect

We don't collect telemetry on what you type, your clicks, your mouse movements, or what's on screen in Roblox Studio. There's no third-party analytics on the website (no Google Analytics, no Mixpanel, no Segment).

How we use it

To run the product. To bill you correctly. To investigate abuse. To respond to legal requests. To send you the emails you actually opted into. We never sell or rent personal information.

Our legal bases under GDPR / UK GDPR are: contract performance (running your account, processing payments), legal obligation (tax records, financial-record retention), and legitimate interest for fraud detection, account-takeover prevention, and dispute defense (Article 6(1)(f); Recital 47 explicitly recognizes fraud prevention as a legitimate interest). Where U.S. state privacy laws apply (CCPA/CPRA, etc.), the equivalent purposes are "preventing security incidents" and "protecting against deceptive activity," both expressly permitted without opt-in.

Fraud and dispute defense

When a payment is disputed (a chargeback opens) we share with Stripe a defensive evidence packet so they can submit it to the cardholder's issuing bank. The packet may include:

  • The username and email on the disputed account.
  • The dates the account was created, the charge was made, and the credits were used.
  • The IP address and approximate session timestamps from your most recent sign-ins on the account that was charged.
  • A summary of how many credits were consumed and across how many AI sessions.
  • A list of other charges to the same payment method (transaction IDs and amounts only — never the contents of those purchases).
  • Public copies of our pricing page, refund policy, and terms.

We do not include other users' data, your code, your AI prompts, your chat content, or any data we hold under encryption. Evidence packets are reviewed by a human before submission. We run a redaction pass to strip any data not belonging to the cardholder under dispute.

The legal basis is legitimate interest. You can object to processing for this purpose by emailing [email protected]. If you object, we will stop the processing unless we are compelled to continue by an active dispute proceeding (in which case the obligation is on us, not on you, and your objection is recorded for the next dispute).

Encryption

Data in transit uses TLS. Data at rest in Postgres uses full-disk encryption provided by our hosting provider. Stored passwords are hashed with the algorithm Better-Auth uses (currently scrypt). Identity hashes on our chargeback blocklist use HMAC-SHA-256 with a server-only pepper, so the original email / IP / fingerprint cannot be reconstructed from the stored value.

End-to-end encryption of project files, prompts, and chat content with user-controlled keys is on the roadmap but not in production yet. When it ships we'll update this page and email you. Until then, RoCode operators have administrative access to that content.

Subprocessors

See /subprocessors for the live list. We commit to 30 days advance notice before adding a new subprocessor that touches user data.

Your rights

You can:

  • Export everything we have on you from /account/settings → Privacy → Export my data.
  • Delete your account from /account/settings → Danger zone.
  • Correct or update your data from /account/settings.
  • Object to processing, restrict it, or withdraw consent — email [email protected].

EU/UK residents: your local data-protection authority is your regulator, but please email us first — we usually fix things within a week.

Children

RoCode isn't directed at children under 13. Signup requires confirming you're at least 13 years old. We don't knowingly collect data from anyone under 13; if you believe we have, email [email protected] and we'll delete it.

Cookies

We set the following cookies:

  • better-auth.session_token — your sign-in session. HttpOnly, Secure (in production), SameSite=Lax. Strictly necessary; you can't sign in without it.
  • __cf_bm — set by our edge provider Cloudflare for bot management. 30-minute TTL, first-party. Strictly necessary for keeping the site online under abuse.
  • cf_clearance — set by Cloudflare only after a security challenge (rare). Records that you passed the challenge so we don't re-issue it.

We do not use tracking, advertising, or analytics cookies. No Google Analytics, no Meta Pixel, no Mixpanel, no Segment.

California residents

Under the CCPA / CPRA you have the right to know, the right to delete, the right to correct, and the right to opt out of "sale" or "sharing" of your personal information. We do not sell or share personal information for cross-context behavioral advertising; the processing we do is limited to running and securing the product. To exercise any right, email [email protected] — we respond within 45 days as required.

Changes

We'll post the new version here and bump the version number. For material changes we'll email you 30 days in advance.

Contact

Privacy questions: [email protected].