CoreliaBack home

Legal

Privacy Policy

Last updated: May 2, 2026

This Privacy Policy explains how Corelia ("we", "us", "our") collects, uses, and protects your personal data when you use our website and services (the "Service"). We comply with the EU General Data Protection Regulation (GDPR), the UK GDPR, and the Data Protection Act 2018.

1. Who we are

Corelia is the data controller for the personal data we process about you. If you have any questions about this policy or your personal data, contact us at privacy@corelia.app.

2. Data we collect

Account data

  • Roblox user ID, username, display name, and avatar URL (provided by Roblox when you sign in).
  • Contact email address (only if you choose to add one).
  • Date of birth (used solely to confirm you meet the minimum age).

Community data

  • Roblox group ID, name, icon, and roles you elect to import.
  • Place IDs and metadata for Roblox experiences you connect.

In-game activity (only when you install the tracker)

  • Roblox user ID and username of players who join your game.
  • Join, leave, and session-length events.

Technical data

  • Authentication session identifiers stored in your browser.
  • Minimal server logs (timestamps, request paths, status codes) used for security and debugging — retained no longer than 30 days.

3. Why we process your data (legal basis)

  • Performance of a contract — to provide the Service to you and your community.
  • Legitimate interests — to keep the Service secure, prevent abuse, and improve features.
  • Legal obligation — where we must retain or disclose data by law.
  • Consent — for any non-essential cookies or optional communications.

4. How long we keep your data

We retain account data for as long as your account is active. If you delete your account, we erase your personal data within 30 days, except where we must retain it to comply with legal obligations. In-game activity events are retained for up to 13 months and then aggregated.

5. Sharing your data

We do not sell your personal data. We share it only with trusted sub-processors strictly necessary to run the Service:

  • Supabase — managed database and authentication (EU region).
  • Cloudflare — application hosting and DDoS protection.
  • Roblox — sign-in (OAuth) and group/place metadata lookups.

Where data is transferred outside the UK / EEA, we rely on the European Commission's Standard Contractual Clauses or an adequacy decision.

6. Your rights under GDPR

You have the right to:

  • access the personal data we hold about you;
  • request correction of inaccurate data;
  • request erasure ("right to be forgotten");
  • restrict or object to processing;
  • data portability (receive your data in a machine-readable format);
  • withdraw consent at any time, without affecting the lawfulness of past processing;
  • lodge a complaint with your local data protection authority (e.g. the UK ICO).

To exercise any of these rights, email privacy@corelia.app. We will respond within one month.

7. Security

All traffic is encrypted in transit (TLS 1.2+). Data at rest is encrypted by our infrastructure providers. Access to production systems is restricted and logged.

8. Children

Corelia is not intended for children under 13. If you believe a child has provided us personal data, contact us and we will delete it.

9. Changes to this policy

We may update this policy from time to time. Material changes will be announced in-app or by email. The "Last updated" date at the top of this page shows when it was last revised.

Privacy PolicyTerms of ServiceCookie Policy© 2026 Corelia