Privacy Policy — EasyRobux

1. Data Controller

The data controller within the meaning of EU Regulation 2016/679 (GDPR) is EasyRobux, operating the online platform available at easyrobux.com (hereinafter: “Platform”, “we”, “us”).

Contact: blitzzcommunity@gmail.com

2. What Data We Collect

We collect the following categories of personal data:

Account data: email address, display name, avatar — provided by the login provider (Google) with your explicit consent during registration.
Activity data: number of ads watched, quiz results, time spent on the Platform, coin exchange history — generated automatically during use of the service.
Technical data: IP address, browser type, operating system, screen resolution — processed for security and anti-abuse purposes.
Cookies and similar technologies: session identifiers, authentication tokens, preferences — necessary for the Platform to function.

3. Purpose and Legal Basis of Processing

Purpose	Legal Basis	Data Category
Service delivery (registration, login, rewards)	Art. 6(1)(b) GDPR (contract performance)	Account, activity
Security and anti-fraud (AFK detection, rate limiting)	Art. 6(1)(f) GDPR (legitimate interest)	Technical, activity
Ad display and offerwall	Art. 6(1)(b) GDPR (contract performance)	Activity, technical
Robux order fulfillment	Art. 6(1)(b) GDPR (contract performance)	Roblox username, order history
Referral system	Art. 6(1)(b) GDPR (contract performance)	Referral code, user associations

4. Third-Party Data Processors

Your data may be shared with the following entities:

Supabase Inc.

Database and authentication infrastructure provider. Processes data in the USA under Standard Contractual Clauses (SCC). Supabase Privacy Policy.

Google LLC (Google OAuth & AdSense)

Google Login provides your email, name, and avatar. Google AdSense may display personalized ads based on your ad preferences. Google Privacy Policy.

Lootably (Offerwall)

The offerwall platform receives your unique user identifier (referral code) to attribute rewards. Lootably may collect data per their own privacy policy. Lootably Privacy Policy.

Unity Ads

Video ad provider. Unity may collect device identifiers and in-app activity data for advertising purposes, in compliance with COPPA and GDPR. Unity Privacy Policy.

5. Protection of Minors (COPPA & GDPR for Children)

The EasyRobux Platform is directed at a general audience and is not intended for children under 13. We do not knowingly collect personal data from individuals under 13.

If we learn that a person under 13 is using the Platform without parental or guardian consent, we will promptly delete their personal data and block the account.

All data shared with advertising partners (Unity Ads, Google AdSense, Lootably) is flagged as potentially from underage users, activating appropriate COPPA safeguards on the partner side.

6. Cookies and Tracking Technologies

The Platform uses the following types of cookies:

Essential (technical): Supabase session token (sb-xxx), referral cookie (ref_code) — stored up to 30 days. The Platform cannot function without them.
Functional: interface preferences, navigation state — session-based.
Advertising: used by advertising partners (Google AdSense, Unity Ads) — may be personalized. You can manage ad preferences at adssettings.google.com.

7. Your Rights (GDPR)

You have the right to:

Access — request a copy of your personal data
Rectification — correct inaccurate data
Erasure — request deletion of data (“right to be forgotten”)
Restriction of processing — suspend processing in certain cases
Data portability — receive data in a structured format
Objection — object to processing based on legitimate interest
Withdrawal of consent — at any time, without affecting the lawfulness of processing prior to withdrawal

To exercise these rights, contact us at: blitzzcommunity@gmail.com. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority.

8. Data Security

We implement technical and organizational measures in accordance with the state of the art, including:

Encrypted transmission (HTTPS/TLS 1.3)
Row Level Security (RLS) in the database — users can only access their own data
Service role key stored as an environment variable, not accessible on the client side
Rate limiting on API endpoints to prevent brute-force attacks
Signature verification (HMAC-MD5) on offerwall webhooks
Anti-cheat validation on reward endpoints (time tick, quiz answer)

9. Data Retention

Personal data is retained for:

Account data: for the duration of the account, deleted on request or 30 days after last activity
Transaction history: 3 years (accounting and settlement requirements)
Order history: 5 years (legal requirements for transactions)
Technical data / logs: 90 days
Referral cookie: 30 days from first visit

10. Data Transfers Outside the EEA

Your data may be transferred to the United States (Supabase, Google, Unity Ads, Lootably). Transfers are based on Standard Contractual Clauses (SCC) approved by the European Commission. All our partners implement appropriate technical safeguards.

11. Changes to This Privacy Policy

We reserve the right to update this policy. We will notify you of significant changes via a banner on the Platform or by email. Continued use of the Platform after changes constitutes acceptance of the updated policy.

12. Contact

For matters related to personal data protection, please contact:

Email: blitzzcommunity@gmail.com
Contact form: easyrobux.com/profile