Privacy Policy

Last updated: June 10, 2026  ·  Applies to: Experience Appeal Center (“the Service”)

1. Who we are

Experience Appeal Center (“we”, “us”, “our”) is an independent ban appeal platform for Roblox experiences. We are not affiliated with, endorsed by, or sponsored by Roblox Corporation.

2. What data we collect

When you sign in with Roblox via OAuth 2.0, Roblox shares the following data with us, limited to the minimum scopes needed (openid, profile):

• Roblox User ID — your unique numeric Roblox identifier, used as your primary account key
• Roblox Username — your display name or @username, used to identify you within the Service
• Profile picture URL — your Roblox avatar thumbnail (optional, for display purposes only)

When you submit a ban appeal, we also collect:

• The name of the Roblox experience you were banned from
• The reason for ban you select
• The approximate date of the ban
• Your written appeal statement
• An optional evidence URL you provide
• The date and time of your submission

3. How we use your data

We use the data we collect solely to:

• Authenticate your identity before allowing you to submit an appeal
• Link your appeal submission to your Roblox account
• Process and review your appeal
• Prevent duplicate or fraudulent appeal submissions

We do not use your data for advertising, profiling, or any purpose beyond operating the appeal review process.

4. Data minimization

In accordance with the Roblox Creator Third Party App Policy, we request the minimal set of OAuth scopes necessary to provide this Service. We do not request scopes we do not need. We do not build profiles of Roblox users, and we do not track users across different platforms or services.

5. Data sharing

We do not sell, rent, or share your personal data with third parties, except:

• Service infrastructure: Your data is stored on Cloudflare's infrastructure (KV storage) under Cloudflare's Privacy Policy.
• Legal obligations: We may disclose data if required to do so by law or in response to valid legal process.

We do not sell Roblox API data and do not use Roblox-derived data to train AI or machine learning models.

6. Data retention

• Sessions: Your login session expires after 24 hours and is deleted automatically.
• Appeal submissions: Appeal records are retained for up to 90 days from the date of submission, then deleted.
• Account data: We do not maintain a persistent user account. Each login is a fresh session tied only to your active appeal.

7. Children's privacy

Roblox's OAuth 2.0 system requires users to be 13 or older to authorize third-party apps. We do not knowingly collect personal data from anyone under 13. If we become aware that a user under 13 has submitted data, we will delete it promptly.

8. Your rights

You may request deletion of your appeal data at any time by contacting us at the address below. You can also revoke this app's access to your Roblox account at any time through your Roblox App Permissions settings. Revoking access does not automatically delete previously submitted appeal data — contact us separately for that.

9. Security

We use PKCE (Proof Key for Code Exchange) for all OAuth flows, meaning your authorization code is cryptographically protected. Sessions are stored server-side in encrypted Cloudflare KV storage and transmitted only over HTTPS. We never store your Roblox access token or refresh token beyond the duration of a single login session.

10. Changes to this policy

We may update this Privacy Policy from time to time. Changes will be reflected by updating the “Last updated” date at the top of this page. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact

For privacy-related questions or data deletion requests, contact us at:

Email: privacy@YOUR-DOMAIN.com
Website: Experience Appeal Center