Privacy Policy

1. Preamble & Jurisdictional Acknowledgment

This exhaustive Privacy Architecture and Data Governance Document unequivocally outlines the robust methodologies, technical contingencies, and compliance frameworks enacted by the Creamá Leadership Team. This platform acts exclusively as an internal infrastructural component interfacing directly with the Roblox Open Cloud API. By interacting with this infrastructure, you legally recognize that this system strictly complies with the Roblox Community Standards, the Roblox Developer Terms of Use, the General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).

2. OAuth 2.0 Identity Verification & Open Cloud Data Attainment

Authentication into the Core Dashboard is strictly facilitated via the Roblox Open Cloud OAuth 2.0 framework. Under no circumstances do we present custom credential interfaces. We explicitly limit authorization scopes to precisely 'openid' and 'profile'. Upon successful token exchange, the system identifies your unique 'sub' identifier and strictly verifies your hierarchical status within the Creamá Roblox Group. No other demographic, financial, or spatial metadata is fetched, parsed, or retained.

3. Granular Data Minimization & Cryptographic Retention

The ranking sub-routines process immutable payloads specifying a Target User ID and an execution command. In strict adherence to data minimization parameters, the database schema solely captures categorical statuses, HTTP resolution codes, timestamps, and target identifiers exclusively for the prevention of systemic abuse, security auditing, and internal telemetry. Persistent cookies are cryptographically signed using HS256 JWT algorithms, and constrained by HTTP-only and Secure flags. No Personally Identifiable Information is utilized outside of standard Roblox API routing.

4. Third-Party Data Transmission & Webhooks

Data routing is architecturally isolated. Telemetric audit payloads are strictly transmitted via Secure Sockets Layer to internally governed, private Discord Webhook endpoints. This transmission is strictly limited to authorized auditing contexts to observe ranking anomalies and enforce internal guidelines. We explicitly forbid the sale, distribution, algorithmic training utilizing, or public dissemination of this telemetry to any external advertising or data brokerage entities.

5. User Agency, Right to Erasure, and Developer Contact

Pursuant to international data governance mandates, authorized personnel possessing an active record within the telemetric systems hold the explicit right to request instantaneous erasure of associated execution logs. For the execution of these rights, security vulnerability disclosures, or legal inquiries, direct communication must be established with the Lead Engineer at @yeetysenny via Discord, or @dqlistic via Roblox. Erasure requests are processed within a strict 72-hour internal SLA window.

6. Telemetry Operations and System Health Monitoring

In addition to the explicit data captured during API payloads, passive systemic data regarding application routing, backend error codes, and asynchronous execution timings are strictly stored for operational health checks. These metrics ensure stable uptime and safeguard against malicious exploitation. The Creamá Leadership Team reserves the absolute right to expand these metrics within the bounds of Open Cloud regulations to guarantee systemic fluidity and pinpoint latency bottlenecks before they affect end-users.

7. Cookie Directives and Session Management Infrastructure

Active connections utilizing the Creamá Dashboard are uniquely identified via securely signed HTTP-only cryptographic session tokens. These tokens do not track behavior outside of our domain nor perform any advertising heuristics. The cookies exist strictly to maintain the continuous authorization state required to interface with management utilities. All tokens automatically invalidate upon explicit session termination or predetermined expiry thresholds hardcoded into the backend infrastructure.

8. Cross-Border Data Transfers and Global Compliance

The physical database architectures governing this platform may reside in jurisdictions disparate from your geographic origin. By transmitting payloads or authenticating via Open Cloud, you render absolute consent to the encrypted transfer, regional processing, and localized storage of your Roblox Identity markers. The Creamá Leadership Team ensures that all hosting environments uphold strict physical and digital isolation protocols to meet international standards.

9. Incident Response and Data Breach Notification Protocols

In the highly improbable event of a cryptographic fracture or unauthorized backend intrusion, the Creamá Leadership Team maintains a rigid, multi-stage response protocol. Affected identities will be notified via appropriate Roblox communication vectors, and compromised telemetric data will be instantly purged or siloed. Internal access keys, tokens, and webhook endpoints will be universally regenerated within twenty-four hours of anomaly detection to immediately patch the infrastructural breach.

10. Iterative Policy Modifications and Acknowledgment

Due to the evolving nature of the Roblox API and internal structural adjustments, this Privacy Policy remains subject to immediate, unannounced modification. The Creamá Leadership Team is not obligated to disseminate personalized notifications concerning policy iterations. Continued interaction with our telemetric architecture constitutes explicit, legally binding acknowledgment of the most current iteration of this framework.

11. Information Captured via Open Cloud API

The Roblox Open Cloud API solely facilitates the transfer of your numerical User ID, current public Display Name, and Group Hierarchy Role. This data acts as the absolute baseline for our ranking and auditing mechanics. We implement strict field filtering ensuring no auxiliary arrays containing inventory metadata, private chat histories, or gamepass ownership are parsed by our servers. What is requested is mathematically limited to what is structurally required.

12. Retention Periods for Audit and Ranking Telemetry

To ensure data freshness and prevent unwarranted bloating of the database architectures, an automated asynchronous garbage collection sub-routine routinely parses all saved telemetry. Any system audit or ranking execution log older than precisely thirty days is permanently and irrecoverably excised from the persistent storage drives. This ensures compliance with modern data retention laws dictating the swift removal of outdated internal records.

13. Systemic Audit Logging and Administrator Oversight

Every significant state mutation processed by the interface—including login occurrences, manual log deletions, comment appending, and blacklist generation—is strictly logged into the System Audit Registry. These logs attach the acting administrator’s Roblox Identity to the performed action to establish an irrefutable chain of accountability. This oversight is exclusively monitored by the highest echelons of the Creamá Leadership Team.

14. Processing of Blacklist and Disciplinary Data

Data logged within the Blacklist architecture includes qualitative reasoning, media attachments for contextual evidence, and specific duration parameters. This data is considered highly sensitive internal operational metadata. Access to this disciplinary data is cryptographically walled behind specific Roblox Group role hierarchies. The Creamá Leadership Team processes this data strictly to enforce internal security and maintain group integrity.

15. Security Infrastructure and Database Encryption

The backend SQLite relational databases and active memory pools are strictly housed within Linux-based, highly secure containers shielded by advanced firewall configurations. Connection pooling limits, HTTP/2 enforcement, and rate-limiter algorithms act as the first line of defense against penetration or Denial of Service attacks. The Creamá Leadership Team guarantees that the raw database files are never exposed to public routing domains.

16. Analytics Processing and Dashboard Metrics

Mathematical calculations deriving successful payload injections versus anomalous errors are performed entirely server-side. The dashboard metrics presented to management visualize pure numerical distributions without tying individualized qualitative data to the broader trends. This separation of personalized logging and aggregated telemetry ensures the overarching analytics engine remains entirely anonymized and privacy-compliant.

17. Children's Privacy and Age Requirements

The internal architecture provided by the Creamá Leadership Team is explicitly reserved for appointed staff members verified within the Roblox ecosystem. By nature of the Roblox platform’s Terms of Service and parental controls, any user authenticated into this specific staff interface has inherently agreed to the structural age and usage covenants provided by Roblox Corporation. We perform no secondary demographic age harvesting.

18. External Trackers and Do Not Track Signals

Our architecture strictly abstains from deploying third-party tracking pixels, Google Analytics frameworks, or cross-site fingerprinting scripts. Consequently, the platform is inherently compliant with all web-browser 'Do Not Track' (DNT) header signals. The Creamá Leadership Team prioritizes operational fluidity over behavioral surveillance, ensuring a sterile, tracker-free management environment.

19. Consent Withdrawal and Account Termination

Authorized personnel may completely withdraw their consent for data processing by officially severing their connection with the Creamá Roblox Group and executing a manual logout from this dashboard. Doing so actively scrubs the ephemeral cryptographic session keys and halts any further metric logging. Past audit records remain subject to the hardcoded thirty-day garbage collection parameters.

20. Governing Law and Data Processing Agreements

All disputes stemming from the collection, processing, or deletion of data within this system shall be governed by international data laws aligned with the physical hosting infrastructure, superseded primarily by the binding Developer Agreements set forth by Roblox Corporation. The Creamá Leadership Team dictates that interaction with this system constitutes binding consent to this jurisdictional hierarchy without exception.