Privacy Policy

Rovelo is a Roblox group management platform that lets group owners and administrators manage their workspaces, verify members, and oversee staff activity. This Privacy Policy explains what information we collect when you use Rovelo, why we collect it, and how we handle it.

By accessing or using Rovelo, you agree to the collection and use of information as described in this policy. If you do not agree, please discontinue use of the service.

What information do we collect?

We collect information you provide directly to us when you create an account or use our services:

• Account information: Your email address and password (stored as a secure hash) used to create and access your Rovelo account.
• Roblox identity data: When you complete the Roblox verification flow, we collect and store your Roblox username, display name, and Roblox user ID. This is retrieved from the official Roblox API.
• Group & workspace data: Roblox group IDs and names that you link to your Rovelo workspace, along with any configuration settings you apply.
• Staff records: Information about staff members you add to your workspace, including their Roblox usernames and any roles or ranks you assign within Rovelo.
• Usage data: Basic server-side logs including IP addresses, request timestamps, and endpoint paths. These are used solely for security monitoring and debugging, and are not sold or shared.

We do not collect your Roblox password, Roblox cookie, or any authentication credentials for the Roblox platform. Rovelo interacts with public Roblox APIs only.

How do we use your information?

We use the information we collect for the following purposes:

• To create and maintain your Rovelo account and authenticate you on login.
• To verify your Roblox identity via our emoji-based bio verification system, linking your Rovelo account to your Roblox profile.
• To display your Roblox avatar, username, and group information within the Rovelo dashboard.
• To manage workspace settings, staff rosters, and activity records on your behalf.
• To enforce our rate limits and security policies (e.g., detecting abuse via server logs).
• To send important service notices, such as changes to these policies or planned downtime. We do not send marketing emails unless you have opted in.

We do not sell your personal information to third parties, and we do not use your data for advertising purposes.

Do we use cookies and other tracking technologies?

Rovelo uses a minimal set of cookies strictly necessary for the service to function:

• Session cookies: Used to keep you logged in during your browser session. These expire when you close your browser or log out.
• Preference cookies: Used to remember your workspace settings (e.g., selected workspace, theme preferences). These are stored locally and not transmitted to third parties.

We do not use third-party advertising cookies, cross-site tracking pixels, or analytics services that share data with advertisers. Google Fonts is loaded from Google's CDN, which may set its own cookies subject to Google's privacy policy.

How long do we keep your information?

We retain your account data and workspace configuration for as long as your account is active. If you delete your account, we will permanently delete your personal data within 30 days, except where we are required to retain records for legal compliance purposes.

Server-side access logs are retained for a maximum of 90 days and then automatically purged. Roblox profile data (username, avatar URL) fetched from the Roblox API is not cached permanently — it is fetched fresh on each relevant request.

How do we keep your information safe?

We implement industry-standard security measures to protect your data:

• All traffic to Rovelo is encrypted in transit using HTTPS/TLS.
• Passwords are never stored in plain text — they are hashed using a strong one-way algorithm.
• Our API uses rate limiting and input validation on all endpoints to guard against abuse.
• Security headers (via the helmet middleware) are applied to all API responses to mitigate common web vulnerabilities.

No method of transmission over the internet is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

What are your privacy rights?

Depending on your location, you may have certain rights regarding your personal data. These may include:

• The right to access the personal data we hold about you.
• The right to correct inaccurate or incomplete data.
• The right to request deletion of your account and associated data.
• The right to withdraw consent for optional data processing at any time.

To exercise any of these rights, please contact us using the details below. We will respond within 30 days.

How can you contact us about this policy?

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your data, you can reach us through our official Discord server or by opening a support request via the Rovelo dashboard Help Centre. We are committed to resolving any privacy concerns promptly and transparently.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of significant changes by updating the date at the top of this page. Continued use of Rovelo after such changes constitutes your acceptance of the revised policy.