1. Introduction
This Privacy Policy describes how Roblox VSCode ("we," "our," or "us") collects, uses, stores, and protects your personal information across all our products and services, including:
- The Roblox VSCode website and web applications
- The Support System and Help Desk
- The Roblox OAuth Application
- IDE Extensions (VS Code:, Visual Studio, and other supported IDEs)
- The Roblox Studio Plugin
- Any services or features under the Roblox VSCode brand
By using our services, you agree to the collection and use of information in accordance with this Privacy Policy.
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
| Data Type |
Purpose |
Storage |
| Email Address |
Account identification, authentication, communication |
Firebase Authentication |
| Username |
Display name, support ticket identification |
Firebase Realtime Database |
| Password (hashed) |
Account security |
Firebase Authentication |
| Authentication Provider |
Login method tracking (Email, Google) |
Firebase Realtime Database |
2.2 Roblox Verification Data
For verification purposes, we collect:
- Roblox User ID: Unique identifier from Roblox APIs
- Roblox Username: Your Roblox display name
- Verification Status: Whether your account is verified
- Verification Timestamp: When verification was completed
Important: We only access publicly available Roblox profile information during the verification process. We do not access or store your Roblox account credentials, inventory, friends list, or private messages.
2.3 Roblox OAuth Data (For IDE Extensions)
When you connect your Roblox account via OAuth:
- OAuth Access Token: Temporary token for API access (encrypted storage)
- OAuth Refresh Token: For token renewal (encrypted storage)
- Token Expiry: When the token expires
- Authorized Scopes: What permissions you granted
2.4 Support System Data
When you use our support system:
- Support Tickets: Subject, description, status, creation date
- Chat Messages: All messages exchanged in support chat
- Ticket Metadata: Priority, category, assigned agent
- Device Information: Used for troubleshooting (OS, IDE version)
2.5 Extension/Plugin Usage Data
- Sync Operations: When you sync code to Roblox Studio
- Error Logs: Technical errors for debugging (no personal data)
- Feature Usage: Which features you use (anonymous analytics)
- IDE Information: VS Code: version, extension version
2.6 Automatically Collected Data
- IP Address: For security and rate limiting
- User Agent: Browser/IDE information
- Timestamp: When actions are performed
- Cookies: Session management and preferences
3. How We Use Your Information
3.1 Primary Purposes
| Purpose |
Data Used |
Legal Basis |
| Account Management |
Email, username, password |
Contract performance |
| Authentication |
OAuth tokens, verification data |
Contract performance |
| Technical Support |
Support tickets, messages, device info |
Legitimate interest |
| Service Improvement |
Usage analytics, error logs |
Legitimate interest |
| Security |
IP address, access logs |
Legitimate interest |
| Communication |
Email address |
Consent |
3.2 What We Do NOT Do
- We do not sell your personal information to third parties
- We do not use your data for advertising purposes
- We do not access your Roblox game scripts or assets without permission
- We do not share your support conversations publicly
- We do not store your Roblox login credentials
4. Data Storage and Security
4.1 Storage Locations
Your data is stored in the following secure systems:
- Firebase Authentication: Account credentials and OAuth tokens (Google Cloud)
- Firebase Realtime Database: User profiles, support tickets, chat messages
- Wasmer Edge: Temporary verification codes (encrypted, 5-minute expiry)
- Local Storage: OAuth tokens in IDE extensions (encrypted at rest)
4.2 Security Measures
- Encryption: All data transmitted via HTTPS/TLS 1.3
- OAuth Tokens: Encrypted using AES-256 in IDE extensions
- Database Security: Firebase Security Rules enforce access control
- Rate Limiting: API endpoints protected against abuse
- reCAPTCHA: Bot protection on registration
- Access Logging: All admin access to support tickets is logged
4.3 Data Retention
| Data Type |
Retention Period |
Deletion |
| Account Information |
Until account deletion |
Manual request or account closure |
| Support Tickets |
2 years after closure |
Automated + manual request |
| Verification Codes |
5 minutes |
Automatic expiry |
| OAuth Tokens |
Until logout/disconnect |
Automatic on token expiry |
| Access Logs |
90 days |
Automatic rotation |
5. Information Sharing
5.1 Third-Party Services
We use the following third-party services:
- Google Firebase: Authentication, database, and hosting
- Roblox Corporation: OAuth authentication and API access
- Wasmer: Edge function hosting for verification
- Google reCAPTCHA: Bot detection (Enterprise version)
5.2 Legal Requirements
We may disclose your information if required by:
- Subpoena or court order
- Law enforcement request (with proper legal process)
- Protection of our rights, property, or safety
- Protection of users or the public from harm
6. Your Rights
6.1 GDPR Rights (EU Users)
If you are in the European Union, you have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("Right to be Forgotten")
- Restriction: Limit how we process your data
- Portability: Receive your data in a machine-readable format
- Objection: Object to certain types of processing
- Withdraw Consent: Withdraw previously given consent
6.2 CCPA Rights (California Users)
If you are a California resident, you have the right to:
- Know what personal information is collected
- Know if your information is sold or disclosed (we do not sell data)
- Request deletion of your personal information
- Non-discrimination for exercising your privacy rights
6.3 How to Exercise Your Rights
To exercise any of these rights, contact us using the information in Section 9.
7. Cookies and Tracking
7.1 What We Use
| Cookie Type |
Purpose |
Duration |
| Session Cookies |
Maintain login state |
Session |
| Firebase Auth |
Authentication persistence |
Up to 2 weeks |
| reCAPTCHA |
Bot detection |
Session |
| Preferences |
Theme, language settings |
1 year |
7.2 Managing Cookies
You can control cookies through your browser settings. However, disabling cookies may limit functionality.
8. Children's Privacy
Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.
If we discover that a child under 13 has provided us with personal information, we will immediately delete it.
If you are a parent or guardian and believe your child has provided personal information, please contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be:
- Posted on this page with an updated "Last Updated" date
- Announced via email for significant changes
- Notified in-app for IDE extensions
Your continued use of our services after changes constitutes acceptance of the revised policy.
11. Specific Service Privacy Notices
11.1 IDE Extensions
Our IDE extensions (VS Code:, Visual Studio) store OAuth tokens locally on your machine using:
- VS Code:: SecretStorage API (encrypted by OS keychain)
- Visual Studio: Windows Credential Manager
Tokens are never transmitted to our servers except when making API calls to Roblox.
11.2 Roblox Studio Plugin
The Roblox Studio plugin operates within Roblox's environment and:
- Only connects to our Firebase database
- Does not collect additional telemetry
- Accesses only your support tickets (filtered by your Roblox username)
11.3 Support System
Support conversations are:
- Stored in Firebase Realtime Database
- Accessible only to you and authorized support agents
- Retained for 2 years after ticket closure
- Never used for training AI models