Back to home

Privacy Policy

Last updated: 5 March 2026

This Privacy Policy describes how Struxora ("we", "us", or "our") collects, uses, and shares information about you when you use our platform.

1. Information We Collect

When you sign in via Roblox OAuth, we receive only your Roblox username and user ID. We do not have access to your Roblox password, email address, or any other personal information beyond these two fields. We do not collect any additional personal data.

We also store Roblox Open Cloud API keys that you provide for each project. These API keys are used to perform actions on your behalf, including managing bans, reading and writing to datastores, managing experience configuration, managing monetization items (game passes and developer products), and executing macros. API keys are stored securely and are never exposed to other users or third parties.

When you use the Macros feature, we additionally store macro definitions (names, descriptions, step configurations, and inputs) that you create.

If you choose to link your Discord account, we store your Discord user ID associated with your Roblox account. This is used solely to enable Discord bot features. You can unlink your Discord account at any time from your account settings, which permanently removes this association.

2. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contractual necessity - Processing your Roblox username and user ID is necessary to provide you with access to Struxora and its features.
  • Legitimate interests - We process data to operate, maintain, and improve the platform in ways that do not override your rights.
  • Consent - Where required by law, we will ask for your explicit consent before processing your data.

3. How We Use Your Information

We use the information we collect solely to operate Struxora, authenticate your account, and provide the administration features of the platform. API keys you provide are used exclusively to interact with Roblox Open Cloud APIs on your behalf (e.g. managing bans, datastores, messaging services, and executing macros) and are never shared with third parties. We do not use your data for analytics, tracking, or advertising purposes, and we do not use any third-party analytics or advertising technologies.

4. Data Storage & Security

We use reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. Your data is stored on servers located in the European Economic Area. We retain your data for as long as your account is active or as needed to provide our services. You may request deletion of your data at any time by contacting us. Following your deletion request, we will permanently remove your personal data (Roblox username and user ID) within 30 days, except where we are legally required to retain certain information for compliance, dispute resolution, or fraud prevention purposes. Upon account deletion, your data is permanently removed from our active systems within 30 days. Backup copies may persist for up to 90 days for disaster recovery purposes only.

5. Cookies

We use session cookies solely to keep you logged in. These are strictly necessary for the platform to function and do not track you across other websites. We do not use tracking, analytics, or advertising cookies.

6. Third-Party Services

Struxora uses Roblox OAuth for authentication. Struxora also interacts with Roblox Open Cloud APIs using API keys that you provide. This includes the Bans API, Datastores API, Messaging Service API, Configuration API, and the Game Passes and Developer Products APIs. These interactions are made directly to Roblox's servers on your behalf. Your use of Roblox is subject to Roblox's own Privacy Policy and Terms of Service.

If you use the Discord integration, Struxora interacts with Discord to enable moderation commands via a Discord bot. We store only your Discord user ID for this purpose. Your use of Discord is subject to Discord's own Privacy Policy and Terms of Service.

7. Your GDPR Rights

If you are located in the European Economic Area (EEA) or United Kingdom, you have the following rights regarding your personal data:

  • Right of access - You can request a copy of the personal data we hold about you.
  • Right to rectification - You can ask us to correct inaccurate or incomplete data.
  • Right to erasure - You can request that we delete your personal data ("right to be forgotten").
  • Right to restriction - You can ask us to restrict how we process your data in certain circumstances.
  • Right to data portability - You can request your data in a structured, machine-readable format.
  • Right to object - You can object to our processing of your data where we rely on legitimate interests.

To exercise any of these rights, please contact us at the address below. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

8. Data Controller

The data controller responsible for your personal data is:

Lvl 100

Lvl 100, a sole trader registered in England and Wales

Email: contact@lvl100.net

9. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and any applicable supervisory authority within 72 hours as required by GDPR.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by updating the date at the top of this page.

12. Contact

If you have any questions about this Privacy Policy, please contact us at contact@lvl100.net.