OID
PricingCommunityResellersCreatorsContactDownloadDiscord
Log inGet started
Terms of ServicePrivacy PolicyCookie PolicyDisclaimerCommunity GuidelinesCopyright / DMCA

Privacy Policy

Effective May 28, 2026

This policy explains what data the ROID website and desktop app collect, why, who it is shared with, and the rights you have over it. We try to collect only what the service genuinely needs and we do not sell, rent, or trade personal data.

Quick summary: account email + hashed password (or a Google sign-in), an essential session cookie, payment status (handled by Stripe — we never see your card number), and any IDs you choose to share publicly. No analytics, no advertising, no third-party trackers.

1. Data we collect

  • Account: your email address, plus either a hashed password (bcrypt) or a Google account identifier if you sign in with Google. Optional: a chosen display name and an uploaded avatar image.
  • Authentication state: a session token cookie (roid_session) and request metadata used solely to identify you while signed in, such as IP address (read transiently for rate-limiting), user agent string, and timestamps.
  • Payments: if you subscribe, your Stripe customer ID, subscription status, current period end, and invoice/payment amounts + dates. Your card number never touches our servers — it is collected and stored by Stripe Checkout directly.
  • Keys & devices: the masked value of any license key we issued you (free or paid), when it was issued, when it was first redeemed, the device identifier of the desktop app that redeemed it, and a paired device token used for desktop auto-sign-in.
  • Community content: any Roblox IDs and metadata (name, tags, category, notes) you choose to upload via the Community feature. These are public, attributed to your display name (never to your email).
  • Support correspondence: emails you send us, kept for as long as needed to handle the issue.

We do not collect: phone numbers, real names, location data, contacts, browsing history outside this site, or any analytics events. We do not maintain a server-side log of every page you visit.

2. Lawful basis (where GDPR / UK-GDPR applies)

  • Contract — operating your account, delivering keys, and processing subscription billing rely on the contract you formed by signing up.
  • Legitimate interests — preventing abuse (rate-limiting, blocking sign-up spam, fraud checks) and keeping our infrastructure secure.
  • Legal obligation — retaining billing records to comply with tax and accounting law.
  • Consent — non-essential features that require it (none currently — we have no analytics, advertising, or marketing cookies).

3. Cookies and similar tech

The site uses only strictly-necessary cookies. The full list, what they do, when they expire, and how to clear them lives on the dedicated Cookie Policy page.

We do not use Google Analytics, Plausible, Meta Pixel, Hotjar, session replay, or any other analytics or tracking service. We do not fingerprint your browser.

4. Third parties

ROID shares specific pieces of data with the following processors because the feature you used requires it. Each operates under its own privacy policy:

  • Stripe (payments) — receives your email, the amount you're paying, and your card details (which you give directly to Stripe — they never pass through our servers). Returns: a customer ID, subscription status, invoice records.
    stripe.com/privacy
  • Google (OAuth sign-in, only if you choose "Continue with Google") — Google tells us your email, verified-email flag, name, and a stable subject ID. We tell Google nothing beyond what's needed to complete OAuth.
    policies.google.com/privacy
  • KeyAuth (license key issuance) — we send an internal request to mint a key, identified by your internal ROID user ID. Your email is not sent to KeyAuth.
    keyauth.cc/privacy
  • Lootlabs (free-key ad flow, only if you use it) — opens a Lootlabs-hosted task in a new tab. They see your IP and any data the ad network normally collects on its own properties.
    lootlabs.gg/privacy
  • Cloudflare (CDN / DDoS protection in front of the site) — sees every HTTP request, including IP and user-agent. Cloudflare may set its own cf_clearance cookie for bot protection.
    cloudflare.com/privacypolicy
  • Resend (transactional email — only when you ask for a password reset) — receives your email address and the reset link.
    resend.com/legal/privacy-policy
  • GitHub (optional — only if you connect a token in the desktop app to share IDs) — your token, used only to push your own sounds.json file. The token never leaves your computer.
    github.com/privacy

5. How we use your data

To operate accounts, deliver keys and premium access, process payments, prevent abuse, fulfil the community-sharing feature you opted into, and send password-reset email when you request it.

We do not use your data for advertising, profiling, automated decisions with legal effect, or training machine-learning models.

6. Data retention

  • Account record (email, password hash, display name, avatar): until you delete your account.
  • Session token: 30 days from creation, or sooner if you sign out.
  • Google OAuth state cookie: 10 minutes (only exists during a sign-in flow).
  • License key + redemption records: kept while the key is active and for a short period after for support / abuse investigation, then deleted.
  • Payment + subscription records: kept as long as required by tax and accounting law (typically 5–7 years in most jurisdictions), even after you close your account. Stripe holds its own copy under its own retention rules.
  • Community uploads: until you remove them or delete your account.
  • Support emails: deleted after the issue closes, or sooner on request.

7. Your rights

Depending on where you live (GDPR, UK GDPR, CCPA / CPRA, LGPD, etc.), you have the right to:

  • Access a copy of the data we hold about you.
  • Correct data that's wrong (you can change display name / avatar yourself in the dashboard; email changes go via support).
  • Delete your account. This removes your profile, display name, avatar, community uploads, sessions, device tokens, and keys. Billing records may be retained where law requires.
  • Object to processing where it's based on legitimate interests.
  • Portability — get your data in a machine-readable format.
  • Withdraw consent where consent was the basis.
  • Complain to your local data-protection regulator (e.g., ICO in the UK, the data protection authority in your EU member state, the CA Attorney General in California).

To exercise any of these, email [email protected] from the address on your account. We respond within 30 days.

8. Security

Passwords are hashed with bcrypt; we never see your plaintext password. Session cookies are HttpOnly, Secure, and SameSite=Lax. The connection is served over HTTPS. The desktop app stores your local device token encrypted via the OS keychain. No system is perfectly secure — if a breach affecting your personal data occurs, we will notify you and the relevant regulator within the timelines GDPR requires (72 hours where applicable).

9. International transfers

Our infrastructure providers (Cloudflare, Stripe, Google, KeyAuth, Resend) operate globally and may process your data outside your country. Each maintains its own GDPR-appropriate safeguards (Standard Contractual Clauses or adequacy decisions).

10. Children

ROID is not directed at children under 13 (or under 16 in EU member states where that is the minimum digital-consent age). We do not knowingly collect personal data from children. If you believe a child has created an account, email us and we will delete it.

11. Changes

We update this policy when our practices change. The "Effective" date above shows the current version. Material changes (new data types collected, new third parties, expanded retention) get a banner on the homepage and dashboard for at least 14 days.

12. Contact

Data controller: Sufenue, operating ROID.
Email: [email protected]
For any privacy request, mention the email address on your account so we can verify ownership before acting.

Questions about this page? Email [email protected]. ROID is an independent project and is not affiliated with, endorsed by, or sponsored by Roblox Corporation.

← Back to ROID

OID

Real audio license keys for Roblox developers. Independent project, not affiliated with Roblox Corporation.

Product

HomePricingResellersCreatorsDownload

Account

Log inCreate accountDashboardSupportDiscord community

Legal

TermsPrivacyCookiesDisclaimerGuidelinesCopyright / DMCA
© 2026 ROID. All trademarks belong to their respective owners.roid.sufenueshub.com