Privacy Policy

This Privacy Policy explains what information RbxBit ("we", "us") collects, how we use it, and the choices you have. By using the Service, you consent to the practices described here.

Short version: we collect the minimum data needed to operate a rewards site — your Roblox nickname, the offers you complete, your IP address, and basic browser info. We share data only with offer providers (so they can pay us when you complete an offer) and with security/anti-fraud tooling. We do not sell your data.

Information you provide

• Roblox nickname — required for sign-up and to deliver Robux to your account.
• Withdrawal details — the Roblox game and gamepass you select when requesting a payout.
• Promo and referral codes you enter.
• Communications you send us via Discord or support channels.

Automatic information

• IP address and approximate geolocation (country / city).
• Device and browser data — user-agent, language, screen size, OS.
• Usage data — pages visited, offers viewed and completed, time stamps, referral source.
• Session cookies — an authenticated JWT stored in an HTTP-only cookie so you stay logged in.

Information from third parties

• Offer Providers(Lootably, CPX Research, BitLabs, AdGate Media, OGAds, etc.) send us callbacks ( "postbacks" ) confirming you completed an offer. These typically include a transaction ID, the points to credit, payout value, and your IP.
• Analytics (Vercel Analytics) — aggregated, anonymous traffic metrics.

• To operate your account, credit points, and process withdrawals.
• To prevent fraud, multi-accounting, bots, and abuse of offers.
• To enforce our Terms of Service and respond to Offer Provider audits.
• To improve the Service, fix bugs, and analyze aggregate trends.
• To communicate with you about your account or important changes.

If you are in the EEA or UK, we process your data on the following bases:

• Contract — to provide the Service you signed up for.
• Legitimate interest — to prevent fraud, secure the platform, and improve our product.
• Consent — for any non-essential cookies or marketing communications.
• Legal obligation — to comply with applicable laws.

We share data only with:

• Offer Providers — they receive a non-identifying user ID and limited metadata (country, sometimes hashed IP) so they can serve relevant offers and confirm completions.
• Infrastructure providers — Vercel (hosting), Neon (database), Upstash (rate limiting). These process data on our behalf under standard data-processing terms.
• Authorities — when legally required (court order, subpoena, etc.).

We do not sell your personal information.

• Essential cookies — the session cookie that keeps you logged in. This cannot be disabled if you want to use the Service.
• Analytics cookies — used by Vercel Analytics for aggregate stats; no personal identifiers.
• Third-party cookies — when you interact with an offerwall, that provider may set its own cookies subject to their own privacy policy.

• Account data is kept while your account exists.
• Withdrawal and offer history is retained for at least 24 months for fraud-prevention and accounting purposes.
• IP logs are kept for up to 12 months.
• You may request deletion of your account; see Section 9.

We protect your data with industry-standard measures: HTTPS in transit, encryption at rest in our database, HTTP-only signed session cookies, HMAC signature verification on offer postbacks, rate limiting, atomic point ledger, and admin audit logging. No system is 100% secure — use a unique nickname and stay vigilant against phishing.

Depending on your jurisdiction (GDPR, UK-GDPR, CCPA, LGPD, etc.), you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data ("right to be forgotten").
• Object to or restrict certain processing.
• Request a copy of your data in a portable format.
• Withdraw consent at any time where consent is the legal basis.
• Lodge a complaint with your local data-protection authority.

To exercise these rights, contact us via our Discord support channel. We respond within 30 days.

The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has registered, contact us and we will delete the account.

For users between 13 and the age of majority, we recommend parental supervision and rely on parental consent as required by local law.

Our infrastructure providers may process your data in the United States and the European Union. We rely on Standard Contractual Clauses or equivalent safeguards for transfers outside your region.

We may update this Policy from time to time. The "Last updated" date above will reflect the latest revision. Material changes will be announced on the Service.

For privacy questions or requests, contact us through our Discord support channel or the contact form on our website.