Privacy Policy

The Short Version

We collect the minimum data needed to make Baseplate work. We don't sell your data, we don't track you across the web, and we don't do creepy advertising stuff. Your Roblox info stays between you, us, and Roblox.

1. What We Collect

From Roblox (via OAuth)

• Roblox User ID: your unique identifier on Roblox
• Username: your current Roblox display name
• Profile picture: your Roblox avatar thumbnail
• Group memberships: which groups you're in and your rank in each (used for access control)

From Your Use of Baseplate

• Content you create: support tickets, messages, documentation, project data, status monitoring configurations, and other content you submit
• Session data: authentication tokens to keep you logged in
• Integration tokens: OAuth tokens for third-party integrations (stored until expiry plus 30 days, refresh tokens up to 90 days)
• Status monitoring data: URLs you choose to monitor, response times, and check results (retained for 30 days)
• Access rules: Roblox group rank mappings for permission control
• Basic logs: IP addresses and timestamps for security and rate limiting (retained for 30 days)

Temporary Processing

• Real-time collaboration: when editing documents with others, we temporarily process cursor positions and document state. This data exists only while you're actively editing and is not stored long-term.
• Caching: we temporarily cache Roblox group and avatar data (15-30 minutes) to reduce API calls and improve performance.

What We Don't Collect

• Your Roblox password (we use OAuth, never see it)
• Your email address (unless you contact us directly)
• Payment information (we don't charge for the service)
• Tracking cookies or advertising identifiers

2. How We Use Your Data

• Authentication: verifying you are who you say you are
• Access control: determining what features and data you can access based on group membership
• Service operation: making the features you use actually work
• Security: detecting and preventing abuse, fraud, and attacks
• Debugging: fixing issues when things break

3. How We Share Your Data

We don't sell your data. Period. We share data only in these situations:

• With your team: other members of your Roblox groups can see your username and content you create within shared workspaces
• Infrastructure providers: we use Hetzner (Germany/EU) for servers, Redis for caching and rate limiting, and Roblox APIs for group and avatar data. Infrastructure may be located in various regions, but where possible we select EU-based or GDPR-compliant data centers.
• Legal requirements: if we're legally compelled to disclose data, we'll comply with valid legal process
• Safety: if we believe disclosure is necessary to prevent harm to you, us, or others

4. Cookies & Sessions

We use cookies for one thing: keeping you logged in and secure. That's still it.

• Session cookie: stores your authentication state (30 days)
• CSRF token: prevents cross-site request forgery (session)
• OAuth cookies: PKCE verifier, state, nonce, and callback URL for secure Roblox sign-in (15 minutes each, then they self-destruct)

We don't use analytics cookies, tracking pixels, or any third-party cookies. No cookie banner needed because we're not doing anything that requires your consent beyond basic functionality.

5. Data Retention

• Account data: kept while your account is active
• Content: kept until you or a workspace admin deletes it
• Logs & status checks: automatically deleted after 30 days
• OAuth tokens: access tokens until expiry plus 30 days; refresh tokens up to 90 days or until revoked
• Deleted content: purged from our systems within 30 days of deletion (backups may retain data slightly longer)
• Real-time collaboration: temporary data cleared when editing session ends

6. Your Rights

You can:

• Access your data: see what we have stored about you
• Delete your data: request removal of your account and associated data
• Revoke access: disconnect Baseplate from your Roblox account via Roblox's settings

To exercise these rights, contact us at privacy@baseplate.engineering

7. Security

We implement reasonable security measures to protect your data, including encryption in transit (HTTPS), secure authentication flows, and access controls. However, no system is perfectly secure. If we discover a breach affecting your data, we'll notify you promptly.

8. Children's Privacy

Baseplate is available to users who can create Roblox accounts under Roblox's Terms of Service. We don't knowingly collect additional personal information from children beyond what Roblox provides through OAuth. If you believe we've inadvertently collected data from a child in violation of applicable law, contact us and we'll delete it.

9. Data Location

Baseplate Engineering LLC is a Wyoming limited liability company based in the United States. Your data is primarily stored on servers in Germany (EU). Some data, such as file uploads, may be stored in other regions including the United States.

By using the Service, you consent to the transfer and processing of your data in these locations. We handle data in accordance with this policy regardless of where it's processed.

10. Changes to This Policy

We may update this policy. If we make material changes, we'll notify you through the Service. The "last updated" date at the top tells you when the policy was last revised.

11. Contact

Questions about privacy? Email us at privacy@baseplate.engineering