Privacy Policy
Last Updated: November 28, 2025
Your Privacy Matters: BloxStrike Admin Panel is designed for staff members only. We collect minimal data necessary to verify your identity and provide administrative tools.
1. Information We Collect
1.1 Account Linking Data
When you link your accounts via /linkaccount:
| Data |
Purpose |
| Discord User ID |
Identify your Discord account |
| Discord Username |
Display in admin panel and logs |
| Roblox User ID |
Verify group membership and permissions |
| Roblox Username |
Display in admin panel |
| Roblox Avatar URL |
Profile picture in admin panel |
| Group Role |
Determine permission level |
1.2 Session Data
When you log into the admin panel:
- Session Token: Secure random token for authentication
- Browser Info: User agent for session management
- Last Activity: Timestamp for idle timeout
1.3 Audit Logs
All administrative actions are logged:
- Action performed (ban, unban, skin edit, etc.)
- Administrator who performed the action
- Target of the action (player ID, skin name, etc.)
- Timestamp
What We DON'T Collect:
- IP addresses
- Passwords (authentication is handled by Roblox/Discord)
- Private messages or chat history
- Roblox balance or purchase history
- Friends lists or social connections
2. How We Use Your Data
- Authentication: Verify you're authorized to use admin features
- Authorization: Determine your permission level based on Roblox group role
- Audit Trail: Track administrative actions for accountability
- Session Management: Keep you logged in and detect idle timeouts
3. Data Storage & Security
- Data is stored in MongoDB Atlas with encryption at rest
- All connections use HTTPS/TLS encryption
- Security codes expire after 10 minutes
- Sessions expire after 24 hours or 30 minutes of inactivity
- Access is restricted to BloxStrike infrastructure
4. Data Sharing
We do not sell, rent, or share your personal data with third parties except:
- When required by law
- To protect the rights and safety of BloxStrike users
- With your explicit consent
5. Data Retention
| Data Type |
Retention Period |
| Account Link |
Until you unlink or request deletion |
| Sessions |
24 hours or until logout |
| Security Codes |
10 minutes (auto-deleted) |
| Audit Logs |
Indefinitely (for accountability) |
6. Your Rights
You have the right to:
- Unlink: Use
/unlinkrobloxaccount to remove your account link
- Access: Request a copy of your stored data
- Deletion: Request deletion of your data (except audit logs)
- Correction: Request correction of inaccurate data
7. OAuth2 Scopes
During Roblox OAuth2 authorization, we request:
openid - Your Roblox user IDprofile - Username and display namegroup:read - Group membership (to verify your BloxStrike role)
8. Cookies & Local Storage
The admin panel uses browser local storage to:
- Store your authentication token
- Remember UI preferences (collapsed navigation, etc.)
No third-party tracking cookies are used.
9. Children's Privacy
BloxStrike Services are intended for authorized staff members only. We do not knowingly collect data from children under 13.
10. Changes to This Policy
We may update this Privacy Policy periodically. Significant changes will be announced in the BloxStrike Discord server.
11. Contact
For privacy questions or data requests, contact BloxStrike administrators in the official Discord server.