Privacy Policy

AutoBlox is an AI-assisted Roblox game development platform. Our website is autoblox.org. For privacy-related inquiries, contact us at autoblox.problems@gmail.com.

Account data

When you create an account we collect your email address, display name, and profile picture (if provided via a third-party login like Google or GitHub). If you register with a password, we store a one-way cryptographic hash of it — never the plaintext password.

Usage and content data

We store the messages you send to our AI, the Lua scripts and assets generated for you, and your project structures so you can access them later. This data is tied to your account.

Payment data

If you purchase a subscription, payment is processed by Stripe. We store only Stripe customer and subscription IDs — we never see or store your full card number.

Technical and analytics data

We collect standard log data (IP addresses, browser type, pages visited, timestamps) and aggregate product analytics through PostHog to understand how the platform is used and to improve it. This data is pseudonymised where possible.

Policy acceptance records

We record the date, time, IP address, and version number when you accept our policies. This is required for legal compliance.

For users in the European Economic Area, UK, and Switzerland, we process your data under the following legal bases:

• Contract performance — to operate your account and provide the service.
• Consent — for optional communications and non-essential analytics. You may withdraw consent at any time.
• Legal obligation — to comply with applicable laws.
• Legitimate interest — to detect fraud, abuse, and improve security.

• To create and manage your account.
• To run the AI generation features and persist your projects.
• To send transactional emails (account confirmations, password resets, invoices).
• To process and manage your subscription via Stripe.
• To detect and prevent abuse, fraud, and unauthorized access.
• To improve the platform using aggregated analytics.
• To comply with legal obligations.

We do not sell your personal data. We do not use your generated code or chat messages to train AI models without your explicit, separate consent.

We share data only with trusted service providers acting under our instructions:

• Auth0 — authentication and session management.
• Cloudflare — database (D1), CDN, and edge security.
• Stripe — payment processing.
• Resend — transactional email delivery.
• PostHog — product analytics (pseudonymised).
• OpenAI — AI inference for code and content generation. Prompts are processed per OpenAI's data usage policies.

All sub-processors are required to handle data according to their own privacy commitments and our data processing agreements. We do not share data with third parties for advertising purposes.

AutoBlox operates globally. Your data may be processed in the United States and other countries where our sub-processors operate. For transfers out of the EEA, we rely on Standard Contractual Clauses or other approved transfer mechanisms under GDPR Chapter V.

We retain your account data for as long as your account exists. Chat messages and generated content are retained to provide the service. If you delete your account, we remove your personal data within 30 days, except where retention is required by law (e.g., billing records for 7 years).

Data is encrypted in transit (TLS 1.2+) and at rest. Passwords are hashed with bcrypt (cost 12). Authentication is handled by Auth0 with industry-standard controls. We conduct periodic security reviews. No system is perfectly secure — please use a strong, unique password and enable two-factor authentication if offered.

We use technically necessary cookies to maintain your session. We also use PostHog for analytics, which may set cookies. You can manage cookie preferences via your browser settings. See our Cookie Policy for details.

Depending on your location, you may have the following rights regarding your personal data:

GDPR rights (EEA / UK / Switzerland)

• Right of access — request a copy of your data.
• Right to rectification — correct inaccurate data.
• Right to erasure (“right to be forgotten”) — request deletion of your data.
• Right to restriction — request we limit how we process your data.
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to object — object to processing based on legitimate interests.
• Right to withdraw consent — where processing is based on consent.

CCPA rights (California residents)

• Right to know — what personal information we collect, use, share, or sell.
• Right to delete — request deletion of your personal information.
• Right to opt-out — we do not sell personal information; this right is automatically satisfied.
• Right to non-discrimination — we will not discriminate against you for exercising your rights.
• Right to correct — request correction of inaccurate personal information.

To exercise any of these rights, email autoblox.problems@gmail.com with “Privacy Request” in the subject line. We will respond within 30 days (GDPR) or 45 days (CCPA). We may need to verify your identity before processing requests.

If you are in the EEA and believe we have not complied with GDPR, you have the right to lodge a complaint with your local data protection authority.

AutoBlox is designed to be used by everyone, including younger users. If a user is a minor, a parent or guardian may manage their account and request data deletion or export on their behalf by contacting us at autoblox.problems@gmail.com. We take reasonable care to ensure that personal data of younger users is handled responsibly.

We may update this Privacy Policy. When we do, we will update the version number and effective date at the top, and notify users via email or an in-app notice for material changes. Continued use of AutoBlox after changes constitutes acceptance of the updated policy.

For privacy questions, data requests, or to report a concern, contact us at autoblox.problems@gmail.com.

See also: Terms of Service · Data & Compliance · Cookie Policy