← Back to BloxStart

Privacy Policy

Last updated: March 9, 2026

BloxStart ("we", "us", or "our") operates the BloxStart web application at https://bloxstart.vercel.app (the "Service"). This Privacy Policy explains how we collect, use, and protect your information when you use our Service.

1. Information We Collect

Account Information

When you create an account, we collect your email address and an encrypted password. We do not collect your real name, age, phone number, or physical address.

Game Configuration Data

When you use BloxStart to design a game, we store your answers to game-design questions (e.g., game type, theme, mechanics) and the generated Luau scripts. This data is tied to your account so you can access your projects later.

Roblox Connection (Optional)

If you choose to connect your Roblox account, we store your Roblox user ID and Roblox username. OAuth access tokens and refresh tokens are AES-256 encrypted at rest and are never exposed to client-side code.

Usage Data

We collect basic usage data such as session counts and feature usage to improve the Service. We do not track browsing activity outside of BloxStart.

AI Interaction Data

When you chat with our AI personas (Jordan, Alex, Casey), we send your game-design answers to the Claude API (Anthropic) for response generation. We never log prompt content or user answers — only token counts for billing purposes.

2. How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Generate personalized game scripts based on your design choices
  • Remember your preferences across sessions (persona memory)
  • Facilitate Roblox account connection and script publishing
  • Improve the Service based on aggregate usage patterns

    • We do not:

  • Sell your personal information to third parties
  • Use your data for advertising
  • Share your game designs with other users without your explicit consent (e.g., publishing a template)

    • 3. Data Sharing

    We share data only with the following service providers, strictly for operating the Service:

    ProviderData SharedPurpose
    SupabaseAccount data, game configsDatabase and authentication
    Anthropic (Claude API)Game design context (per-session)AI response generation
    VercelRequest logsHosting and deployment
    StripeEmail, subscription statusPayment processing (Pro plan)
    RobloxOAuth tokens (encrypted)Script publishing via Open Cloud

    We do not share data with any other third parties.

    4. Children's Privacy (COPPA)

    BloxStart is designed for young Roblox creators. We take children's privacy seriously:

  • We collect the minimum information necessary to provide the Service
  • We do not collect age, real name, or location
  • We do not serve advertising or track users across sites
  • Users can delete their account and all associated data at any time
  • Persona memory can be deleted independently via the Memory Settings panel

    • If you are a parent or guardian and believe your child has provided personal information beyond what is described here, please contact us so we can delete it.

    5. Data Security

    We implement appropriate security measures including:

  • AES-256 encryption for sensitive tokens (Roblox OAuth)
  • Row-Level Security (RLS) on all database tables — users can only access their own data
  • HTTPS for all data transmission
  • Server-side validation on all API routes
  • Secrets and API keys are never exposed to client-side code

    • 6. Data Retention and Deletion

  • Account data: Retained until you delete your account
  • Game configurations: Retained until you delete individual games or your account
  • Persona memory: Can be deleted independently at any time via Memory Settings
  • Roblox tokens: Deleted immediately when you disconnect your Roblox account
  • Generated zip files: Stored with signed URLs that expire after 1 hour; files are retained in storage until account deletion

    • To delete your account and all associated data, contact us at the email below.

    7. Your Rights

    You have the right to:

  • Access your data (visible in your dashboard)
  • Delete your game data, persona memory, or entire account
  • Disconnect third-party services (Roblox) at any time
  • Export your generated game scripts (via download)

    • 8. Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify users of significant changes by posting a notice on the Service. Your continued use after changes constitutes acceptance of the updated policy.

    9. Contact Us

    If you have questions about this Privacy Policy, please contact us at:

    Email: support@bloxstart.com

    BloxStart | Privacy Policy | March 9, 2026

    See also: Terms of Service