Privacy Policy
Last updated: February 12, 2026
FigBloxUI ("we", "our", "the Service") is a Figma-to-Roblox UI conversion tool. This policy explains what data we collect, how we use it, and your rights.
1. Data We Collect
| Data | Purpose | Retention |
|---|
| Figma User ID | Trial tracking, license management | Until account deletion request |
| Roblox User ID | OAuth authentication, image upload, Studio pairing | Until account deletion request |
| Email address | Billing (collected by Stripe during checkout only) | Managed by Stripe per their retention policy |
| Design data | Processed in-browser, relayed to Studio via server | 30 minutes (auto-deleted) |
| Exported images | Uploaded to Roblox via Creator API | Not stored on our servers after upload |
| OAuth tokens | Roblox API authentication | Server-side only, 30 min expiry, auto-refresh |
| License key | Subscription validation | Until subscription cancelled + 30 days |
2. Roblox OAuth Scopes
We request the following Roblox OAuth permissions:
- openid — Verify your identity
- profile — Read your Roblox User ID for Studio auto-pairing
- asset:write — Upload images (PNG exports from Figma) as Decal assets to your Roblox account
We do not access your Roblox inventory, games, or any other data. You can revoke access at any time from your Roblox Account Settings.
3. What We Don't Collect
- We do not track your browsing activity or use analytics trackers
- We do not sell or share your data with third parties for marketing
- We do not store your Figma design files permanently
- We do not access your Roblox games, inventory, or Robux
- We do not store Roblox OAuth tokens on the client side
4. How We Process Design Data
Your Figma design is converted to Roblox UI format entirely within the Figma plugin (in your browser). The converted data is sent to our server only to relay it to the Roblox Studio plugin and to upload images. The server does not analyze, modify, or permanently store your designs.
5. Cookies
Our website and API are hosted on Cloudflare, which may set security cookies (e.g., cf_clearance) for DDoS protection. We do not use cookies for tracking or advertising.
6. Third-Party Services
- Cloudflare — Hosting, CDN, and DDoS protection. Privacy Policy
- Stripe — Payment processing. Handles your payment info directly; we never see your card number. Privacy Policy
- Roblox — Image upload via Creator API using your OAuth consent. Privacy Policy
- Figma — Plugin runs within Figma's sandbox. We access your design data only through Figma's Plugin API with your explicit action (clicking "Send"). Privacy Policy
7. Children's Privacy (COPPA)
FigBloxUI is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you are under 13, you must have parental or guardian consent to use this service.
If we learn that we have collected data from a child under 13 without parental consent, we will delete that data promptly. Parents or guardians can contact us at support@figbloxui.dev to request deletion.
8. Data Security
- All communication uses HTTPS (enforced by the
.dev TLD) - OAuth tokens are stored server-side only and never sent to the client
- Cloudflare provides DDoS protection and rate limiting
- License keys are validated server-side on every request
- Import sessions use one-time tokens that expire after use
9. Your Rights
All Users
- Revoke Roblox access — anytime from your Roblox account settings
- Delete your data — email us at support@figbloxui.dev and we will delete all data associated with your Figma/Roblox user ID within 30 days
- Cancel subscription — anytime through the Stripe customer portal
- Export your data — request a copy of all data we store about you
EU/EEA Residents (GDPR)
If you are in the EU/EEA, you have additional rights under GDPR:
- Legal basis — We process data based on your consent (OAuth authorization) and legitimate interest (service operation)
- Right to access — Request what data we hold about you
- Right to rectification — Request correction of inaccurate data
- Right to erasure — Request deletion of your data
- Right to portability — Receive your data in a machine-readable format
- Right to object — Object to processing of your data
- Data transfers — Your data may be processed on Cloudflare servers globally. Cloudflare complies with EU-US Data Privacy Framework.
To exercise any of these rights, contact support@figbloxui.dev. We will respond within 30 days.
California Residents (CCPA)
If you are a California resident, you have the right to:
- Know what personal information we collect and how it's used
- Request deletion of your personal information
- Opt out of the sale of your personal information (we do not sell your data)
- Non-discrimination for exercising your rights
10. Changes to This Policy
We may update this policy from time to time. The "Last updated" date at the top will reflect changes. Continued use of the service after changes constitutes acceptance. For significant changes, we will notify users through the Figma plugin.
11. Contact
Questions or requests? Email support@figbloxui.dev