Privacy Policy
What we collect, why we hold it, and the rights you have over it
Last updated: April 28, 2026
Introduction
This Privacy Policy describes how Rotector ("we", "our", "us") collects, uses, and shares personal data in connection with our detection system, browser extension, support tools, and the rotector.com website. It applies to data we hold about flagged Roblox and Discord accounts, people who use our browser extension, and people who back the project on Ko-fi.
Rotector is a volunteer-run project. The route for any subject-rights request, appeal, or other inquiry described in this policy is the support chat at rotector.com.
Important: Rotector is a community-driven initiative and is not affiliated with, endorsed by, or sponsored by Roblox Corporation or Discord Inc.
Who We Process Data About
We split data subjects into four groups because the legal basis, retention, and rights look different for each. The rest of this policy is structured around these groups.
- Flagged Roblox accounts and the Roblox groups they belong to. The accounts the detection system has classified as participating in inappropriate conduct on Roblox.
- Flagged Discord accounts. Discord identities linked to a flagged Roblox account or observed in a server that participates in our reporting program.
- Extension users. People who install the browser extension or use the lookup features at rotector.com.
- Backers and API customers. People who tip or subscribe through Ko-fi, hold API keys, or hold a paid membership tier.
Data on Flagged Accounts
What we hold
- Public profile data: usernames, display names, descriptions, avatars, friend lists, group memberships, and other publicly visible profile fields.
- Group and game data: public membership in groups we have classified, and public participation signals from games tracked for safety reasons.
- Data from properties we operate: server-side activity generated on Roblox properties we run ourselves.
- Flag metadata: classification reason and supporting context, confidence score, evidence references, and the moderator who confirmed the flag.
- Public-channel message text: for accounts active in inappropriate-context Discord servers, we retain the message text we observed in public channels of those servers.
- Discord identity linkage: Discord user IDs, usernames, and avatars where they have been observed linked to a flagged Roblox account.
- Appeals records: the messages exchanged during any appeal, including the subject's own statements.
We do not access direct messages on either Roblox or Discord, and we do not collect or store credentials. Public-channel message text is described in the inventory above.
Lawful basis
Article 6(1)(f) of GDPR / UK GDPR: legitimate interests of a third party, namely the protection of children on the platforms we observe.
Retention
Flag records are retained for as long as the legitimate-interest balance supports it. Where we are made aware that Roblox has deleted an account, we redact our record so the flag is no longer visible. Erasure requests for verbatim message text from public channels are looked at on a case-by-case basis, weighing the specific records against any active referral that names them.
Data on Extension Users
What we hold
- Your Roblox user ID: the Roblox account you are signed into in your browser, sent with extension requests so we can verify the requester and prevent abuse. We do not receive your Roblox session cookies, password, or any other credential.
- Extension installation ID: a UUID generated when the extension is installed, used for rate limiting and anti-abuse tied to that installation.
- Lookup activity: the Roblox user IDs and group IDs that pass through the extension or site for safety status checks.
- Hashed IP: a hashed form of your IP address, used for rate limiting, anti-abuse, and proxy detection. The raw IP is not stored.
- Vote data: votes you submit on flag accuracy, attributed for anti-abuse.
- Local settings: extension preferences are stored in your browser and are not transmitted.
Lawful basis
For users who have signed in or hold a paid tier, Article 6(1)(b) (performance of the service) covers core functionality. For unauthenticated extension lookups, Article 6(1)(f) (legitimate interest in operating a free safety service) is the applicable basis. Article 6(1)(f) also covers anti-abuse and rate-limiting features.
Retention
Lookup IDs and session data are retained only as long as needed to operate the service and prevent abuse. Anti-abuse signals tied to a hashed IP are kept on a rolling window. You can sign out at any time, and uninstalling the extension stops new data from being generated.
Data on Backers and API Customers
What we hold
- Transaction data from Ko-fi: name, message, email address, transaction ID, amount, currency, and tier name. Ko-fi processes the payment; we never receive card numbers.
- API key records: a hashed API key, the description you provided when requesting it, and rate-limit and usage counters.
- Membership keys: the Discord user ID associated with a paid membership, the membership tier, and any linked Roblox user ID for fulfillment.
Lawful basis
Article 6(1)(b): performance of the contract you have entered into by becoming a backer or API customer. Where tax or financial-record law applicable to where Ko-fi operates or to our jurisdiction requires retention of transaction records, that retention is on the basis of Article 6(1)(c).
Retention
Contact details (email, name) are retained for the active backer relationship and for the period required by financial-record law (commonly 6 to 7 years) after the last transaction. After that, we delete or anonymize. API keys are deleted on revocation.
Your rights
You can export the data we hold tied to your backer or API account, ask us to correct it, or ask us to delete it (subject to retention required by law). The fastest route is the support chat at rotector.com.
Reviews and Appeals
Flagged accounts are reviewed by our moderation team. Where you believe a flag affecting you is wrong, you can ask for human review and contest the decision through the appeals process. Where Article 22 of GDPR / UK GDPR applies to a decision our system makes about you, you have the right to obtain human intervention, to express your point of view, and to contest the decision. The route is the support chat at rotector.com.
Service Providers
We rely on the following service providers. Each holds personal data only to the extent needed to deliver their service.
- Cloudflare: hosts our edge infrastructure, including request routing, storage, and security. Receives request traffic and IP addresses.
- The database service that stores our records. Holds the data described in this policy.
- AI service providers used in our classification pipeline. Receive prompts containing public profile context and public-channel message text relevant to a classification, under terms that bind them to short retention.
- Ko-fi: payment and tipping platform. Receives backer payment details directly; we receive transaction metadata.
- Chatwoot: customer support platform. Stores conversations you have with us through the support chat.
Our database and primary infrastructure are located in the European Union.
Information Sharing
We do not sell, rent, or trade personal data. We share information in these limited circumstances:
- Legal process: to comply with a binding subpoena, warrant, court order, or equivalent legal demand.
- Voluntary disclosure to law enforcement or platform safety teams in cases involving an articulable, current risk to a child. Such disclosures are reviewed internally and logged.
- Service providers: to the sub-processors listed above, under data-processing terms that bind them to confidentiality and data-protection obligations.
- Aggregate reporting: we publish aggregate counts and statistics; these contain no personal data.
Outside the ordinary lookup and API responses described above, we do not disclose data to private investigators, journalists, or curious third parties, regardless of who they say they represent, absent a court order.
Storage and Security
Data in transit is encrypted using TLS. Data at rest is encrypted by the underlying database host. Credentials, 2FA secrets, and recovery codes are stored using additional column-level protection. Access to subject-identifiable data is restricted to staff with an operational reason to see it, and access is logged.
If we discover a breach affecting personal data, we will notify the relevant supervisory authority or authorities within 72 hours of becoming aware of it, as required by Article 33. Where the breach is likely to result in a high risk to your rights and freedoms (for example, a credential leak), we will notify you directly under Article 34.
Your Rights
Depending on where you live, you have some or all of the following rights over the data we hold about you:
- Access: a copy of what we hold and a description of how we use it (Article 15 of GDPR / UK GDPR).
- Rectification: correction of inaccurate data (Article 16).
- Erasure: deletion, subject to the limited exemptions in Article 17(3) of GDPR / UK GDPR and the additional exemptions for UK subjects under the Data Protection Act 2018.
- Restriction of processing: a pause on processing while a question is being resolved (Article 18). For flagged Roblox accounts, this is operationalised as a Redacted flag.
- Objection: the right to object to processing under Article 21(1).
- Portability: for data we hold under contract or consent, the right to receive it in a portable format (Article 20).
- Withdrawal of consent for any processing we are doing on the basis of consent.
The route for any of these rights is the support chat at rotector.com. State which right you are exercising and the account or accounts at issue. We prioritise parental requests on minor accounts and confirmed false-positive flags. UK and EU residents retain the right to lodge a complaint with their local supervisory authority. Canadian residents outside Quebec: where PIPEDA applies, we honour the rights it provides. Where other privacy laws apply to data we hold about you (such as US state privacy laws, Australia's Privacy Act, or other regional regulations), we honour the rights they provide on a verified request.
Children's Privacy
Some flagged Roblox accounts are operated by minors. We treat erasure requests from a verified parent or guardian on a minor's flagged account as presumptively granted. We will explain only when we cannot act, and we will not silently refuse.
Our backer, applicant, and extension-user flows are intended for users 13 and older. We do not knowingly accept Ko-fi tips, applications, or extension sign-ups from children under 13. If you believe a child under 13 has signed up, contact us and we will delete their record.
For under-13 Roblox subjects, our processing is bounded to data we have a lawful basis to hold and is not used or disclosed for any unrelated commercial purpose. COPPA governs the collection of children's information by US online services, and we treat the applicability of its specific exceptions to a third-party safety classifier of our shape as counsel-reviewed.
International Data Transfers
Our database and primary infrastructure are located in the European Union.
Changes to This Policy
We update this Privacy Policy when our processing changes, when a new sub-processor is added, or when guidance from supervisory authorities makes a clarification useful. Changes take effect on posting with a revised "Last Updated" date. For material changes that affect your rights, we will notify backers and signed-in extension users directly where we have a way to reach them.
Contact Us
- Support chat: the live chat at rotector.com is the route for appeals, rights requests, and support. It reaches the team directly.
- Discord: our community Discord is linked from the site.
- Email: contact@rotector.com is monitored primarily for business inquiries. We accept rights requests sent here and will respond, but the support chat is faster for verification.