Privacy Policy for Rovloo

Last updated: July 27, 2025

1. Introduction

Welcome to Rovloo! This privacy policy explains how we collect, use, and protect your information when you use our Chrome extension ("Rovloo" or "the extension"). Our goal is to provide a valuable community review system for Roblox games while respecting your privacy and protecting your data.

2. The Single Purpose of Rovloo

Rovloo has a single, narrow purpose: to add a comprehensive community review system directly onto Roblox game pages. This includes automatic playtime tracking to ensure review credibility, allowing users to write informed reviews based on actual play experience. The system enables users to read and rate reviews, helping players make informed decisions and discover quality games based on authentic community feedback. Every permission requested and every piece of data collected is essential to fulfill this core function, with playtime tracking being fundamental to the integrity of the review system.

3. Information We Collect and Why

To provide our services, we collect the following information:

3.1 Information You Provide

• Roblox Account Information: When you authenticate via Roblox OAuth, we access your public Roblox user ID, username, and display name. This is necessary to attribute reviews to the correct author and display your public profile information next to your content.
• Review Content: We store the text of the reviews you write, your like/dislike status for the game, and any associated playtime data you provide. This is the core content of our review system.
• Voting Data: We record your upvotes and downvotes on other users' reviews to calculate review scores and help surface the most helpful content.
• Game Information: We identify the game ID of the Roblox game you are viewing or reviewing to display the correct reviews for that page.

3.2 Automatically Collected Information

• Playtime Data: Time spent playing specific Roblox games (essential for review credibility and automatically tracked - stored locally in your browser and synced to our servers for functionality)
• Usage Analytics: Basic usage statistics to improve our service (anonymized)
• Technical Data: Browser type, extension version, and error logs for debugging purposes

We do not collect any data unrelated to this purpose, such as your browsing history outside of Roblox, personal files, or any information from your computer.

4. Authentication Method

Rovloo uses secure OAuth 2.0 authentication:

• OAuth 2.0 Authentication: We use Roblox's official OAuth 2.0 system for secure authentication. Your Roblox password is never shared with us - you authenticate directly through Roblox's secure servers. OAuth sessions expire after 24 hours for security.

This method only accesses your public Roblox profile information (User ID, username, display name) necessary for review attribution.

5. How We Use Chrome Permissions

Rovloo requires specific permissions to function, each for a justified reason directly related to our core review functionality:

• storage: Saves your preferences and settings (filter choices, OAuth tokens, dismissed system messages) to improve your experience and maintain authentication state between sessions.
• activeTab: Used only when you click the Rovloo extension icon to identify the current Roblox game and provide relevant actions for that specific game, without persistent tab access.
• tabs: Required for OAuth authentication flow management - opening and monitoring the Roblox OAuth authorization window during secure account linking.
• alarms: Enables periodic playtime tracking and OAuth token refresh to maintain authentication without requiring constant re-login.
• scripting: Used exclusively for OAuth token extraction from Roblox callback pages during the secure authentication process. This permission allows the extension to retrieve the authorization token from the OAuth callback URL after you successfully authenticate with Roblox, enabling secure account linking without exposing your credentials.
• Host Permissions: Limited to domains essential for our review functionality:
  • https://*.roblox.com/*: Required to inject review interface, fetch game metadata, user avatars, and communicate with official Roblox APIs for game information and user presence data.
  • https://rovloo.online/*: Communication with our review backend server for storing and retrieving community reviews and ratings.
  • https://presence.roblox.com/*: Access to Roblox's presence API for playtime tracking functionality.

6. Chrome Web Store Limited Use Compliance

Rovloo's use and transfer of information received from Google APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements.

We affirm that:

• All user data is used only for the disclosed purposes of providing game review functionality
• We do not transfer, sell, or use data for personalized advertising
• We do not share data with third-party advertising platforms or data brokers
• We do not use data for credit-worthiness or lending purposes
• All data handling is transparent and limited to our extension's core review functionality

7. How We Use Your Information

We use your information to:

• Provide and maintain the Rovloo review service
• Display your reviews and ratings to other users
• Prevent spam, abuse, and fraudulent activity
• Improve our services and user experience
• Communicate with you about service updates

8. Data Storage, Security, and Sharing

• Secure Storage: All review and voting data is stored securely on our servers hosted at rovloo.online. Personal extension settings and OAuth tokens are stored locally on your computer using Chrome's secure storage APIs.
• Data Transmission Security: All data transmission between the extension and our servers uses HTTPS encryption (TLS 1.2+). No personal or sensitive data is transmitted over unencrypted connections.
• Authentication Security: OAuth tokens are transmitted and stored using industry-standard encryption. Session tokens automatically expire for security and are refreshed transparently.
• Server Security: Our servers employ security measures including rate limiting, input validation, CORS restrictions, and regular security monitoring to protect against unauthorized access and abuse.
• Data Sharing Policy: Your reviews, Roblox username, and display name are publicly visible to other Rovloo users as part of the review system's core functionality. We do not sell, rent, or share your personal data with any third parties for marketing, advertising, or commercial purposes.
• No Web Browsing Activity Collection: We do not collect or monitor your general web browsing activity. Our data collection is strictly limited to Roblox game pages where our extension is active and only for review-related functionality.

9. Data Retention

• Reviews: Retained indefinitely unless you request deletion
• Playtime Data: Stored locally in your browser; synced to server for functionality
• OAuth Sessions: Automatically expire after 24 hours
• Technical Logs: Retained for 30 days for debugging purposes

10. Your Rights and Controls

You have full control over your data and content:

• Access: Request access to your personal data
• Correction: Request correction of inaccurate data
• Deletion: You can edit or delete your own reviews at any time through the extension, or request deletion of your account data
• Portability: Request a copy of your data in a portable format
• Playtime Tracking: Essential for review functionality and cannot be disabled
• Report: You can report reviews that you believe violate community guidelines

11. Children's Privacy and Target Audience

Rovloo is intended for a general audience but is recommended for users aged 13 and older. The extension displays user-generated content (reviews) which may contain language that may not be suitable for all ages. We do not knowingly collect personal information from children under 13 beyond what is publicly available on their Roblox profile. Parents can contact us to review or delete their child's information. We recommend parental guidance for users under the age of 13.

12. Third-Party Services

Our extension integrates with:

• Roblox: For authentication and game data (subject to Roblox's privacy policy)
• Chrome Extension APIs: For browser functionality (subject to Google's privacy policy)

13. International Users

Our service is hosted in the United States. By using Rovloo, you consent to the transfer of your information to the United States, which may have different data protection laws than your country.

14. Changes to This Policy

We may update this privacy policy from time to time. We will notify users of material changes through:

• Extension notifications
• Email (if we have your email address)
• Updates to this page with a new effective date

Your continued use of the service after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have any questions about this privacy policy or our data practices, please contact us:

• Website: https://rovloo.online
• Email: shpeelock2@gmail.com
• Data Requests: Submit requests for data access, correction, or deletion through our support channels

16. Compliance

This Privacy Policy is designed to comply with:

• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• Children's Online Privacy Protection Act (COPPA)
• Roblox Developer Terms of Service
• Chrome Web Store Developer Program Policies