Privacy Policy

BloxWatch ("we," "us," or "our") is committed to protecting your privacy and the privacy of your family. This Privacy Policy explains how we collect, use, store, and protect information when you use the BloxWatch website and services (the "Service").

1. Information We Collect

Parent Account Data

When you create a BloxWatch account, we collect:

• Email address
• Name (if provided)
• Authentication credentials (managed by Supabase Auth)

Child Roblox Activity Data

When you add a child for monitoring, we collect the following data from the Roblox platform on your behalf:

• Chat conversations and messages
• Games played and play sessions
• Friend list and friend activity
• Online presence and status
• Robux balance
• Roblox display name and username

Roblox Security Token

To access your child's Roblox data, you provide their Roblox security token (".ROBLOSECURITY" cookie). This token is encrypted using AES-256-GCM encryption before storage and is never stored in plain text.

2. How We Use Information

We use the collected information to:

• Provide monitoring and alert services for your child's Roblox activity
• Send real-time notifications about concerning activity or keyword matches
• Generate daily and weekly activity summary reports
• Send new friend and game notifications
• Manage your account and subscription
• Communicate with you about service updates and support
• Improve and maintain the Service

3. Data Storage and Security

We take the security of your data seriously and implement the following measures:

• Encryption at Rest: All data is stored in a Supabase-managed PostgreSQL database with encryption at rest enabled.
• Token Encryption: Roblox security tokens are encrypted using AES-256-GCM before storage. Encryption keys are managed separately from the database.
• Transport Security: All data in transit is encrypted using TLS/HTTPS.
• Access Controls: Row Level Security (RLS) policies ensure that users can only access their own data.
• Read-Only Access: We only read data from Roblox. We never modify your child's Roblox account, make purchases, send messages, or take any actions on the account.

4. Children's Privacy and COPPA Compliance

BloxWatch takes children's privacy seriously. It is important to understand how our Service interacts with children's data:

• We do not collect information directly from children. BloxWatch is a service for parents and legal guardians. Children do not create accounts or interact with our Service.
• We collect information about children as reported by the Roblox platform, at the direction of and with the consent of their parent or legal guardian.
• Parents have full control over their child's monitored data and can request deletion at any time.
• We do not sell, share, or use children's data for advertising or marketing purposes.

5. GDPR Rights

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

• Right of Access: You may request a copy of the personal data we hold about you and your monitored children.
• Right to Rectification: You may request correction of inaccurate personal data.
• Right to Erasure: You may request deletion of your personal data and all associated monitoring data.
• Right to Data Portability: You may request your data in a structured, commonly used, machine-readable format.
• Right to Restrict Processing: You may request that we limit the processing of your personal data under certain circumstances.
• Right to Object: You may object to the processing of your personal data under certain circumstances.

To exercise any of these rights, please contact us at privacy@bloxwatch.app.

6. Data Retention

We retain your data as follows:

• Active Subscriptions: Data is retained for the duration of your active subscription.
• After Cancellation: Your data is retained for 30 days after subscription cancellation to allow for reactivation. After this period, all monitoring data and encrypted tokens are permanently deleted.
• Account Deletion: You may request immediate deletion of all your data at any time by contacting us at privacy@bloxwatch.app.

7. Third-Party Services

We use the following third-party services to operate BloxWatch:

• Supabase: Database hosting, authentication, and backend infrastructure. Data is stored in Supabase-managed PostgreSQL databases.
• Vercel: Website hosting and serverless function execution.
• Resend: Transactional email delivery for notifications, alerts, and activity summaries.
• Polar.sh: Subscription payment processing and billing management.

Each third-party service has its own privacy policy governing their handling of data. We encourage you to review their policies.

8. Cookies

BloxWatch uses a minimal set of cookies:

• Session Cookies: Used for authentication to keep you signed in to your account. These are essential for the Service to function.
• No Tracking Cookies: We do not use any third-party tracking cookies, analytics cookies, or advertising cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

10. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

• Privacy inquiries: privacy@bloxwatch.app
• General support: support@bloxwatch.app