Cookie Policy
Effective May 28, 2026
This page lists every cookie the ROID website sets, what each one does, and how long it lives. We only set strictly-necessary cookies — nothing for analytics, advertising, or tracking across sites.
You'll see a "We only use essential cookies" banner on
your first visit. Accepting it just dismisses the banner; rejecting it
warns you that sign-in won't work without the session cookie, then
also dismisses the banner. Your choice is stored locally in your
browser (localStorage key roid:cookies:v1).
1. Cookies we set
| Name | Purpose | Lifetime | Type |
|---|---|---|---|
| roid_session | Keeps you signed in across pages. Without it, the dashboard, account settings, key issuance, and payments cannot identify you. | 30 days | Strictly necessary |
| roid_oauth_state | CSRF (cross-site request forgery) guard for the "Continue with Google" sign-in flow. Set when you click that button, deleted when you complete or abandon the flow. | 10 minutes | Strictly necessary |
Both cookies are marked HttpOnly (JavaScript on the
page cannot read them), Secure (sent only over HTTPS),
and SameSite=Lax (not sent on cross-site sub-requests
that would otherwise enable CSRF). They are not shared with anyone.
2. Third-party cookies
We do not load any third-party JavaScript that sets its own cookies. Specifically:
- No Google Analytics, Plausible, Hotjar, Mixpanel, or similar.
- No Facebook / Meta Pixel, TikTok Pixel, or other ad-attribution trackers.
- No "Sign in with Google" button using Google's One Tap prompt (which would set Google's own cookies on this domain). Our Google sign-in uses a server-side OAuth redirect that does not require Google scripts on our pages.
- No social-media embed scripts (no Twitter / X widget, no YouTube embeds with cookies).
The site sits behind Cloudflare as a CDN. In rare
cases (e.g., when our bot-mitigation challenge fires) Cloudflare may
set its own cf_clearance cookie under our domain to
remember that the visitor passed the challenge. We don't read it; it's
between you and Cloudflare. See
Cloudflare's cookie reference.
3. Local storage
We use a small amount of localStorage in the browser —
not cookies, but covered here for transparency:
roid:cookies:v1— your "Accept" / "Reject" choice on the cookie banner, so it doesn't reappear.- The desktop app (not this website) stores library data, themes, and similar preferences in app-specific local files documented in the app's own About page.
4. How to clear cookies
You can clear ROID's cookies any time without uninstalling the app:
- Chrome / Edge / Brave: Settings → Privacy and security → Cookies and other site data → See all site data → search for "roid.sufenueshub.com" → Remove.
- Firefox: Settings → Privacy & Security → Cookies and Site Data → Manage Data → find "roid.sufenueshub.com" → Remove Selected.
- Safari: Preferences → Privacy → Manage Website Data → find "roid.sufenueshub.com" → Remove.
Clearing your cookies signs you out. To reset the banner, also clear "Local storage" in the same dialog.
5. Changes
If we ever add a non-essential cookie, this table will be updated before the cookie is set, and the consent banner will require an explicit opt-in (not an implicit dismissal). The "Effective" date at the top of this page reflects the latest revision.
6. Contact
Questions about cookies or anything else on this page? Email [email protected].
Questions about this page? Email [email protected]. ROID is an independent project and is not affiliated with, endorsed by, or sponsored by Roblox Corporation.