Last Updated October 8, 2021
Information we collect
We may collect information about the Services you use and how you use them, such as the selections you make on our Services. We may collect personally identifiable information ("PII"), device-identifiable information ("DII"), and log information about your interactions as described below.
PII is information that can be used to identify or contact you online or offline, such as your name, address, phone number, email address, Roblox user name, Roblox user ID, or data that is linked to such identifiers. The Services may collect PII when it is provided to us, such as when you use our Services, attempt to contact us, submit a resume or job application, or connect with us on social media or one of our partners. For example, when you log into your Roblox account, you will likely be presented with a "request for permission" screen by a third party asking to share your ID, profile picture, and other listed information with us.
We may also create or collect device-identifiable information (DII), such as cookies, unique device and advertising identifiers, statistical identifiers, usernames, and similar identifiers that are linkable to a browser or device. From these platforms, we may also receive other information, such as your IP address, user agent, timestamps, precise and imprecise geolocation, sensor data, apps, fonts, battery life information, and screen size.
Our Services also collect information about your interactions, including those under your Roblox ID, in-game interactions, gameplay data, in-game purchase, trades, and Roblox usage data, including navigation paths, search queries, crashes, timestamps, purchases, clicks and shares, and referral URLs. We may combine this data with PII and DII. For efficiency's sake, information about your interactions may be transmitted to our servers while you are not using the Services. We may also partner with third parties that collect additional information – please see their privacy policies for more details and see below for your choices regarding these parties.
Categories of PII We Collect Under the California Consumer Privacy Act (CCPA)
Category Number Category Examples
1 Identifiers Roblox ID
2 Personal Information as defined Roblox ID
by California Civil Code §1798.80(e)
3 Commercial Information In-Game purchase data
4 Internet or electronic network activity IP Address, Roblox usage data
5 Inferences drawn from any information Roblox usage data, Trade, In-game data,
described herein to create a profile gameplay data, purchase data language
about a consumer used to play game,
How we use information we collect
We use the information we collect from our Services to provide, maintain, protect and improve our Services, to develop new Services and offerings, and to protect us and our users.
PII is primarily used for business purposes, such as for sending you occasional newsletters and updates, hiring, responding to inquiries, logins, analytics and providing and improving the Services. When you contact us, we may keep a record of your communication as well as the other information to help solve any issues you might be facing. We may use your email address to inform you about our Services, such as letting you know about changes or improvements. Please keep in mind that comments sections, forums, and other similar areas of our Services that are used for communication purposes are public. Any information posted in those areas is viewable and usable by anyone that has access. We also use your PII for the following business purposes:
To meet the reason for which the PII was provided.
To provide you with information or services you request from us.
To improve our website and performance of the contents therein.
To resolve disputes.
Preventing potentially fraudulent, prohibited, or illegal activities.
Enforcing the Terms of Service.
Performing other duties as required by law.
We share PII and DII with companies, outside organizations, and individuals for limited reasons and the following business purposes, outlined below:
With your consent - We will share PII and other data with companies, outside organizations or individuals if we have your consent to do so.
For legal reasons - We will share PII with companies, outside organizations or individuals if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to meet any applicable law, regulation, legal process or enforceable governmental request, detect, prevent, or otherwise address fraud, security or technical issues or protect against harm to the rights, property or safety of our users or the public as required or permitted by law.
In case of a sale or asset transfer - If we become involved in a merger, acquisition or other transaction involving the sale of some or all of our assets, user information, including PII collected from you through your use of our Services, could be included in the transferred assets. Should such an event occur, we will use reasonable means to notify you, either through email and/or a prominent notice on the Services.
We may share aggregated information and DII with our partners such as businesses we have a relationship with, advertisers or connected sites. For example, we may share information to show trends about the general use of our services.
With third party developers who use our API to provide you games through our platform.
We disclose your PII for business purposes to the following categories of third-parties:
We use DII to operate our Services and manage user sessions, including analyzing usage of our Services, preventing malicious behavioral and fraud, improving the content, to link your identity across devices and browsers in order to provide you with a more seamless experience online, and helping third parties provide relevant advertising and related metrics. We share DII with third parties primarily for advertising and analytics purposes, for external processing, and for security purposes.
Sharing under the CCPA: In the past 12 months, we have shared the following categories of information:
Many types of data we process qualify for multiple legal bases for processing under the General Data Protection Regulation (GDPR). Below is the primary legal basis for each type of data that we process:
We have a legitimate interest in conducting analytics, measurement of usage and conversions, and game telemetrics to improve our services. We and our processors have multiple measures in place to minimize the privacy impact.
We have a legitimate interest in storing users' purchase history for the purpose of providing users help in fixing purchase and payment issues.
We have a legitimate interest in enabling third party ads and data collection on our sites and apps to help provide a more customized ad experience for our users and site visitors. Our reputable partners provide opt outs and numerous other privacy measures to minimize the privacy impact of online ads.
We have a legitimate interest in periodic email and direct marketing, to inform registered users of updates and offers. We make clear disclosures when users sign up and offer opt outs for anyone not interested.
It is contractually necessary to process your username, email, password, cookie data, IP address, game network IDs, game information (including earned quests and favorite games/game shares), and similar information to fulfill our obligations in the terms of service to provide you with high quality games and a social game network from ourselves and our partners.
While we strive to work with reputable companies with good privacy practices, this Policy does not apply to services offered by other companies or individuals, including products or sites that may be displayed to you on the Services. We also do not control the privacy policies and your privacy settings on third-party sites, including social networks. We may use third parties to help offer you more tailored ads and better Services, such as obtaining analytics about the users of our site and to help tailor advertising to your preferences.
Like many other companies, we do not honor DNT flags but instead offer other choices with respect to third parties. Many third parties participate in self-regulation to offer you a choice regarding receiving targeted ads. Please note that you'll still see generic ads after opting out, but they won't be based on your activities online. On the web, you can opt out of participating companies by visiting the following sites:
If you wish to similarly opt out of cross-app advertising on mobile devices, you can enable the Limit Ad Tracking flag on the device. Enabling Limit Ad Tracking sends a flag to third parties that you wish to opt out of targeted advertising on that device, and major mobile platforms require companies to honor this flag. Screenshots on how to find these options on various devices are available here: http://www.networkadvertising.org/mobile-choices. To learn how to opt out on other devices such as video game consoles, please visit the platform's privacy policies for more information.
Users subject to the GDPR also have the right to access their data, rectify mistakes, erase their data, restrict certain processing (i.e., opt out), move their data, withdraw consent, and lodge a complaint with a supervisory authority.
Accessing and updating your information
If you wish to access, update, or delete your PII, please reach out to us at firstname.lastname@example.org. We may ask you to verify your identity before we can act on your request. Making a verifiable consumer request does not require that you create an account with us. You must provide us with sufficient information to verify your identity, however we will only use personal information provided in a verifiable consumer request to verify the requestor's identity.
In some cases, we may have to keep that information for legitimate business or legal purposes and therefore will deny your request to delete the information.
Under the CCPA, you have the right to request that we disclose certain information to you about the collection and use of your PII over the previous 12 months. We may ask you to verify your identity before we can act on your request, however upon such verification, we will disclose to you:
The categories of PII collected about you.
The categories of sources for the PII we collect about you.
Our business or commercial purpose for collecting or selling that PII.
The categories of third parties to whom we share that Personal Information.
The specific pieces of Personal Information we collected about you.
If we sold or disclosed your PII for a business purpose, two separate lists disclosing
Sales identifying the categories that each category of recipient purchased; and
Disclosures for a business purpose, identifying the categories that each category of recipient obtained.
Non Discrimination under the CCPA
We will not discriminate against you for exercising your rights under the CCPA. To that end, and unless permitted by law, we will not:
Deny you goods or services;
Charge you different prices for goods or services;
Provide you with a different level or quality of goods or services; or
Suggest that you may receive a different price or rate for goods or services or a different level of quality of goods or services.
We work hard to protect our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold and undertake reasonable security measures with appropriate confidentiality, integrity, and availability protections. However, since no software or storage system is 100% secure, we cannot guarantee for the security of your information associated with the Services, or any other service for that matter. You can help protect your account information by using unique and hard-to-guess passwords. To provide users access to their progress and purchases, we retain data for up to 10 years since the date of user's last login.
Children Under 13
For any children under 13 that create a Roblox account, Roblox automatically sets their account settings to "Privacy Mode." Under Privacy Mode, children do not have access to certain features of Roblox, which may mean that children do not have access to certain features of the Services. If you are a parent or guardian of a child under 13 and you wish to contact Roblox about its collection of your child's PII, you may contact Roblox at https://www.roblox.com/support.
If you have questions or requests regarding our privacy practices, please contact us at email@example.com.