Legal

Privacy Policy

Last updated: April 23, 2026

This policy explains how SafeAdd processes personal data when you use the website, API, and related services. SafeAdd is an independent community tool and is not affiliated with Roblox Corporation.

This page is written to be understandable first. It is also designed to support major privacy frameworks, including GDPR (EU/EEA), UK GDPR, CCPA/CPRA (California), and Polish data protection requirements.

1) Who controls your data

SafeAdd acts as the data controller for the data described below. For privacy requests, contact us through our Discord support channel at https://discord.gg/hR5GShJKFS or by email at support@safeadd.org.

2) Data we collect

  • Verification and account linkage data: Roblox username, Roblox user ID, verification status, and verification timestamps.
  • Safety signal data: comfort level, selected flags, target profile identifier, and submission timestamp.
  • API account and key data: API key identifiers and account linkage needed to authenticate requests and apply usage limits.
  • API request logs: timestamps, endpoint usage, and key identifiers for abuse prevention, integrity, and service analytics.
  • Abuse-prevention data: internal identifiers and cooldown records to prevent spam, duplicates, and manipulation.
  • Cookie and analytics data (optional): if you consent, Google Analytics may collect events, device/browser information, and IP-derived region-level location.

3) What we do not do

  • We do not sell personal information for money.
  • We do not allow public free-text accusations in user signals.
  • We do not publicly expose who submitted an individual signal.
  • We do not run advertising profiling based on your SafeAdd activity.

4) Legal bases (GDPR / EU)

  • Contract (Art. 6(1)(b)): account and service functionality you request.
  • Legitimate interests (Art. 6(1)(f)): trust and safety scoring, abuse prevention, security, and platform integrity.
  • Consent (Art. 6(1)(a)): non-essential analytics cookies.
  • Legal obligations (Art. 6(1)(c)): where required by law.

5) Cookies and consent choices

We use a consent banner before loading non-essential analytics cookies. Essential cookies needed for core security and session functions are always active.

  • Accept all: enables analytics cookies.
  • Reject non-essential: analytics cookies remain off.
  • Save choices: you can enable or disable analytics specifically.

You can change your cookie choices at any time by clicking "Cookie Settings" in the footer.

6) Why we use data

  • Provide account verification and platform functionality.
  • Compute and display aggregated safety signals.
  • Detect and prevent abuse, spam, and score manipulation.
  • Authenticate API requests and apply rate limits.
  • Maintain system security, reliability, and performance.
  • Improve product quality when analytics consent is provided.

7) Retention periods

  • Verification linkage data: while account is active, then typically deleted within 30 days of a valid deletion request.
  • Signal data: up to 24 months unless earlier deletion is required by law or approved request.
  • API request logs: retained on a rolling basis for integrity, abuse prevention, and rate-limit enforcement.
  • Abuse-prevention records: up to 12 months after account deletion where necessary for integrity and fraud prevention.
  • Analytics data: according to Google Analytics retention settings.

8) Third parties and international transfers

We use service providers such as Supabase, hosting providers, Roblox public APIs, and (if consented) Google Analytics. Some providers process data outside the EEA, including in the United States.

Where required, we rely on transfer safeguards such as Standard Contractual Clauses (SCCs) or equivalent legal mechanisms.

9) Your rights (EU/EEA, Poland, UK)

  • Access, rectify, erase, restrict, and port your personal data.
  • Object to processing based on legitimate interests.
  • Withdraw consent at any time for consent-based processing.
  • Lodge a complaint with your supervisory authority.

For Poland: Urzad Ochrony Danych Osobowych (UODO), https://uodo.gov.pl.

10) California and other US state privacy rights

If US state privacy laws apply to you (including California), you may have rights to know/access, delete, correct, and receive information about data categories and disclosures.

SafeAdd does not sell personal information for money and does not knowingly share personal information for cross-context behavioral advertising in the ordinary operation of the service.

We do not discriminate against users for exercising applicable privacy rights.

11) Children and minors

SafeAdd is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that such data was collected, we will delete it.

For EEA/Poland contexts, where relevant, additional protections may apply for users under 16.

12) Requests and response times

To submit privacy requests, contact us through Discord support or by email at support@safeadd.org. We may request account verification to protect against unauthorized requests. We aim to respond within 30 days where legally required.

13) Changes to this policy

We may update this policy to reflect legal, technical, or business changes. We will update the "Last updated" date whenever this page changes materially.

14) Contact

For privacy-related questions, email us at support@safeadd.org or join our Discord community at https://discord.gg/hR5GShJKFS. SafeAdd is an independent project and is not affiliated with or endorsed by Roblox Corporation.