The law and Rotector

The right to erasure is not absolute. Article 17(3)(e) of GDPR carves out processing necessary for the establishment, exercise, or defence of legal claims, which is the carve-out we rely on. UK subjects are also covered by the crime-prevention exemption at DPA 2018 Schedule 2 Part 1 paragraph 2 . That said, we do not refuse erasure requests reflexively. Where the flag is wrong, where the conduct is dated, where Roblox has deleted the account, or where the requester is a verified parent of an under-18 subject, we act.

GDPR Article 16 gives you the right to ask us to correct inaccurate data. The route is the support chat at rotector.com with a description of which part of the flag is inaccurate. If we got it wrong, we clear it.

We treat the reason text we publish as our own statement, not the data subject's. That means rectification is on us, and we own the consequences of getting it wrong.

We surface the Discord accounts and tracked-server memberships associated with a flagged Roblox account when someone queries that account through the lookup API. The Discord-side data we hold comes from public servers that participate in our reporting program or from publicly observable activity. We do not read direct messages, and we do not access servers we have not been invited into. The recipient class is broader than just people who share those Discord spaces: API access requires authentication and is rate-limited. Restricting the linkage to moderators only would not protect children encountering the same actor across both platforms, which is the harm the linkage is there to prevent.

The legitimate-interest balance for this linkage is: a flagged account using a Discord identity to coordinate harm against children should not be able to escape that link by switching usernames. We accept this is uncomfortable for someone whose link is wrong, which is why rectification is fast.

The associated-accounts list reflects accounts we have observed using the same Discord identity as the queried account. Two unrelated people rarely share a Discord identity, so the link is a strong signal we stand behind in most cases. There are edge cases: a shared device, a sibling, a Discord account passed between hands, a previously-stolen account. If you believe the inference is wrong on a specific case, send us the IDs through the support chat and we will look at the underlying signals and adjust where the facts support it.

Our group-tracking output lists members of groups we have classified as inappropriate. If you joined a group like that unknowingly (for example, before it was flagged, or because someone else added you) and you are not yourself flagged, the group membership alone is a low-confidence signal and is supposed to be displayed accordingly. If you believe your appearance there is producing a wrong impression about you, contact us. We will look at the specific case and adjust either the group classification or your association with it.

Where we can verify that the requester is the parent or guardian of the underlying account holder, we treat the request as presumptively granted. The child's interest under Recital 38 of GDPR carries weight that an adult flagged subject's would not, and our default is to act on the request through the support chat.

The hard case is where the same account is the subject of a current law-enforcement referral. There we coordinate with the referrer before acting. We will tell you that this is happening; we will not silently refuse.

Tell us. We look at older flags on the facts: how dated the conduct is, whether the account has been quiet since, whether anything has surfaced that re-confirms the original concern. If the conduct is genuinely historical and the account has been clean for a meaningful stretch, removal is on the table.

Where we retain messages or activity records, the source is either a public channel readable by anyone in the server, or activity on a property we operate. We do not log direct messages on either Roblox or Discord. Retention is bounded to what is needed for the flag and any related referral, and we look at erasure requests for these records on a case-by-case basis.

We process subject rights requests under whichever regime applies to you. UK and EU residents are covered by the GDPR analysis on this page. Canadian residents outside Quebec: where PIPEDA applies, we honour the rights it provides. Quebec, Brazilian (LGPD), and other-jurisdiction residents: same intake, we apply the local regime.

We use Roblox's public APIs to read public profile data, which is the same data any logged-in Roblox user can see by opening a profile. Whether our use of those APIs complies with Roblox's developer terms is a separate question from whether data protection law allows us to process the data we hold. The two questions have different forums and different remedies, and we treat them that way.

We agree it produces personal data, and we have always treated what we hold as personal data within the meaning of Article 4 of GDPR. That is not the question we are answering. The question we are answering is whether we have a lawful basis under Article 6 to process that personal data without consent. We do, and the basis is Article 6(1)(f) . The "public" framing in our copy describes where the data came from, not whether it is covered by data protection law.

True for vague appeals to "safety." Not true here. Article 6(1)(f) requires a legitimate interest, the necessity of processing for that interest, and a balancing exercise. Our processing is bounded to one specific category of conduct: the production and coordination of child sexual exploitation content. The data we collect is bounded to what's needed to flag that conduct. We run the balancing test on every objection and keep the assessment on file. That is what Article 6(1)(f) was designed to permit, applied with the seriousness it requires.

You can. Article 21(1) lets you. We will record the advance objection. It does not switch our processing off automatically, because Article 21(1) itself sets the test: the controller must stop unless it can demonstrate compelling legitimate grounds that override the rights and freedoms of the subject. We apply that balance on each new instance. If the balance still tips toward processing in the future, we process and document why; if it does not, we do not. A blanket pre-emptive objection does not bypass the balancing exercise the GDPR designed.

One related point that comes up: if we erase your data and you later engage in fresh conduct of the kind we flag, the resulting record is fresh processing on fresh facts, not continuation of the processing you objected to. The advance objection is on file, but it is weighed against the new conduct, not against the old. We do not promise never to flag you again regardless of what happens after the erasure, and any controller that did would be making a commitment the GDPR does not require it to make.