Privacy

Privacy

This Privacy Policy (“Policy”, “Privacy Policy”) describes how Alytica (“we”, “us”, “our”, or the “Company”), the data controller of your personal information, collects, uses, processes, stores, and protects your data when you access or interact with the Alytica mobile application, its native iOS system widgets (including Home Screen, Lock Screen, and StandBy mode widgets), our backend synchronization interfaces, and any associated technical systems or support channels (collectively, the “Application” or the “Service”). We are deeply committed to respecting and protecting the privacy of our users. The core purpose of Alytica is to serve as an administrative and analytical compilation utility, allowing you to seamlessly monitor your Roblox developer metrics and verify your identity through Discord. This Policy is designed to inform you exactly what data we access, how that data is transmitted, the ephemeral nature of our caching architecture, and your legal rights regarding your personal information. Alytica operates under a strict, non-negotiable data-isolation design known as our Zero-Spill Architectural Commitment. Because Alytica integrates third-party authentication protocols (Roblox OAuth and Sign-In with Discord) alongside mobile advertising monetization structures (Google AdMob via the Google Mobile Ads SDK), we have implemented strict technical firewalls within our code and backend infrastructure:


  • Total Data Isolation: Any data, metrics, telemetry, identifiers, or information retrieved from your Roblox account via the Roblox OAuth and Open Cloud APIs, or from your Discord account via the Discord API, is completely siloed.

  • Absolute Monetization Separation: Platform API data is processed exclusively to calculate, compile, and format your analytical graphs and metrics for delivery to your native iOS Widgets.

  • Prohibition on Commercial Tracking: Under no circumstances will any data retrieved via your Roblox or Discord API pipelines ever be shared with, transmitted to, linked to, processed by, or made accessible to Google AdMob, Google LLC, or any other third-party marketing, analytics, or behavioral advertising entity. Your platform statistics are never used to track your activities across external services or build promotional targeting profiles.


By installing, registering an active session context with, or displaying iOS Widgets from the Application, you explicitly acknowledge and consent to the collection, storage, and processing practices outlined in this Privacy Policy. If you do not agree with the terms, data barriers, or disclosures established within this Policy, you must refrain from using the Application, delete all active Alytica Widgets from your iOS Home and Lock screens, and remove the Application from your device immediately.


To provide the core analytics rendering functionality of the Application while maintaining strict adherence to platform policies, we categorize the data we collect by its precise ingress source. You acknowledge that our data ingestion is fundamentally modular, separating platform account contexts from device advertising telemetry. When you authorize Alytica via the Roblox OAuth 2.0 gateway, we receive cryptographically delegated, read-only access to specific attributes of your Roblox account and developer profile. This data is strictly limited to the permissions explicitly granted by you during the authorization flow and includes:


  1. Profile Identifiers: Your Roblox User Display Name, Profile Username, and avatar rendering thumbnails.

  2. Roblox Scoped User IDs: In strict compliance with Roblox platform policies, Alytica identifies your account via a unique, application-specific Scoped User ID. We do not receive, store, or attempt to resolve your singular global Roblox User ID.

  3. Authorized Analytical Metrics: Public and developer-permitted statistical attributes associated with your Roblox virtual experiences, virtual content, or group assets (e.g., active concurrent users, visit counts, vote ratios, and crash telemetry).

  4. OAuth Session Artifacts: Cryptographically secure, short-lived OAuth access tokens and refresh tokens required to communicate with Roblox Open Cloud endpoints on your behalf.


CRUCIAL PRIVACY DISCLAIMER: Alytica never requests, intercepts, observes, or stores your primary Roblox account password, real-world email address, phone number, government-issued identification, or raw financial data. All authentication occurs directly on secure Roblox Corporation domains.


When you authenticate your identity using the "Sign-In with Discord" authorization vector, we receive strictly scoped, minimal data from Discord Inc. to verify your active session context. This data includes:


  1. Discord Profile Attributes: Your unique numerical Discord User ID, global username, display name, and your profile avatar image hash.

  2. Contextual Configuration Data: Permitted contextual flags necessary to render custom widget themes or verify Discord-based community status tiers.

  3. OAuth Session Artifacts: Secure access and refresh tokens utilized exclusively to validate your session and keep your identity synchronized across app launches.


CRUCIAL PRIVACY DISCLAIMER: Alytica never requests, intercepts, observes, or stores your primary Discord password or any private direct messages, voice data, or unauthorized server content. All login verifications occur natively through secure Discord Inc. OAuth2 domains.


When you download, launch, or render Widgets from the Application, our local systems and embedded third-party software development kits (specifically the Google Mobile Ads SDK for AdMob monetization) automatically collect specific technical telemetry. This collection is completely detached from your Roblox and Discord data pipelines and includes:


  1. Device Telemetry: Hardware specifications (e.g., specific iPhone or iPad model), operating system version (e.g., iOS 18.2 or iOS 19.1), device screen resolution, and configured system language/locale.

  2. Network Telemetry: Your anonymized or truncated Internet Protocol (IP) address and coarse, city-level or country-level geographic location. We do not collect fine GPS or real-time spatial tracking data.

  3. Application Diagnostic Data: Internal error logs, memory dump signals, widget refresh latency metrics, and crash diagnostic files (handled via native Apple crash reporting or Firebase Crashlytics) to assist in bug remediation.

  4. Mobile Advertising Identifiers: Where explicitly permitted by you under Apple’s App Tracking Transparency (ATT) framework, the unique Apple Identifier for Advertisers (IDFA) tied to your hardware. If you opt out of tracking, this string is immediately zeroed out (00000000-0000-0000-0000-000000000000), forcing embedded ad networks to rely strictly on non-personalized contextual delivery.


To maintain absolute operational integrity and satisfy the strict third-party developer policies of our platform partners, Alytica processes your information under a "purpose-bound" framework. Data collected for one operational channel is technically restricted from crossing over into any other channel. We process the data retrieved via the Roblox OAuth, Roblox Open Cloud, and Discord APIs exclusively for the internal, functional delivery of the Application. Specifically, this data is utilized to:


  1. Render Visual Analytics: Parse raw numerical JSON data returned from platform APIs to calculate trends, format graphs, and project statistical widgets onto your iOS Home Screen, Lock Screen, and StandBy displays.

  2. Preserve User State: Utilize your Discord or Roblox Scoped User IDs to ensure the correct developer experiences, asset groups, and profile parameters remain synchronized across application reboots and scheduled iOS background refreshes.

  3. Execute Background Synchronization: Formulate low-footprint, scheduled requests to external platform endpoints via the native iOS Background Fetch API, ensuring your Widgets display current data without triggering external API rate-limit penalties.


PURPOSE BOUNDARY: Data ingested under Section 3.1 is utilized purely for display and synchronization. It is never used to determine the content of advertisements displayed to you.


The standard, non-premium tiers of the Application are financially supported through the display of mobile advertisements served via the Google Mobile Ads SDK (AdMob). We utilize the automatically collected device telemetry outlined in Section 2.3 strictly to:


  1. Request Ad Inventories: Transmit basic hardware parameters (e.g., screen dimensions) and coarse geographic signals (city/country level) to Google AdMob to fetch appropriately sized banner or interstitial advertisements.

  2. Process Attribution and Frequency Capping: If you have opted into tracking via the Apple App Tracking Transparency framework, pass your IDFA to Google to prevent you from seeing the exact same advertisement repetitively and to measure basic ad-click conversion rates.


PURPOSE BOUNDARY: The Google Mobile Ads SDK operates entirely inside its own sandbox. It is technically blocked from observing, querying, reading, or receiving your Roblox statistics, your experience names, your Discord identity, or your Scoped User IDs. We process automated application diagnostic data, IP logs, and user-submitted support inquiries to:


  1. Remediate Software Deficiencies: Identify, isolate, and patch memory leaks, widget rendering failures, or UI crashes occurring within the iOS operating environment.

  2. Preserve Ecosystem Integrity: Detect, intercept, and block malicious scraping bots, deliberate rate-limit abuse, or anomalous request floods targeting our backend synchronization servers.

  3. Fulfill Customer Support Requests: Investigate and resolve specific account synchronization or tier-allocation inquiries submitted by you to our support vectors.


In binding alignment with our Terms of Service, we place the following absolute, immutable restrictions on our own data processing activities:


  • No Cross-App Behavioral Profiling: We do not track your gaming activity, developer frequency, or application usage to compile psychological, consumer, or demographic profiles for third-party targeting.

  • No Data Broker Ingestion: We will never sell, rent, license, or transfer your platform API data, profile avatars, or metric histories to any data broker, marketing agency, or external analytics conglomerate.

  • Absolute AI / LLM Training Exclusion: No personal data, session tokens, developer metrics, or platform metadata collected by Alytica will ever be used, stored, or aggregated for the purpose of training, fine-tuning, evaluating, or prompting Large Language Models (LLMs) or artificial intelligence systems.


Because the non-premium architecture of Alytica relies on third-party ad networks to subsidize operational server and development costs, this section provides explicit clarity regarding how advertising identifiers are handled within the Apple iOS operating ecosystem. We partner directly with Google LLC via the integration of the Google Mobile Ads Software Development Kit (AdMob SDK). Google operates as an independent third-party advertising vendor within the Application. To serve relevant advertising inventories, measure ad performance, and prevent fraudulent click-loops, the AdMob SDK utilizes mobile advertising identifiers, digital tracking pixels, and localized device storage mechanisms (such as transient tracking cookies or cached ad payload files). In strict compliance with Apple’s App Store Review Guidelines and user privacy mandates, Alytica adheres entirely to the native App Tracking Transparency (ATT) framework.


  1. The Mandatory Prompt: Before Alytica or the embedded Google AdMob SDK can access your device’s unique advertising tracking identifier—the Apple Identifier for Advertisers (IDFA)—you will be presented with a native iOS system dialog asking: "Allow Alytica to track your activity across other companies’ apps and websites?"

  2. Absolute User Sovereignty: We do not gate access to the Application, restrict the formatting of your Widgets, or artificially throttle your analytics refresh rates based on your response to this prompt. Your decision to opt in or opt out is entirely voluntary and is immediately binding on our code.


The data transmitted to Google AdMob alters dynamically based on the cryptographic consent state returned by your iOS operating system:


  • If You Tap "Allow": The Application unlocks access to the IDFA string. The Google AdMob SDK will utilize this hardware identifier to track active ad interactions, measure conversion attributions, and serve personalized, targeted promotional content based on your historical mobile browsing and application usage across third-party properties.

  • If You Tap "Ask App Not to Track": The Application immediately denies programmatic access to the IDFA. The iOS system returns a completely zeroed-out string (00000000-0000-0000-0000-000000000000). Consequently, the Google AdMob SDK is strictly forced into Non-Personalized Ads (NPA) mode. Advertisements served in NPA mode are entirely contextual, selected based strictly on basic, non-identifying parameters such as device screen dimensions, general time of day, or coarse geographic location (city/state level).


You retain the right to modify your advertising tracking preferences at any time outside of the Application interface. You may globally revoke ad tracking permissions across all applications or reset your hardware identifier by navigating natively on your device to Settings > Privacy & Security > Tracking. For comprehensive details regarding how Google collects, utilizes, shares, and secures data when operating as an advertising vendor, you are encouraged to review the following official Google legal documentation:


Google Privacy Policy: https://policies.google.com/privacy

How Google Uses Information from Sites or Apps that Use Our Services: https://policies.google.com/technologies/partner-sites

Google Ad Technology Policies and Opt-Out Specifications: https://policies.google.com/technologies/ads


To operate our backend synchronization pipelines, deliver real-time widget updates, and maintain our technical infrastructure, Alytica engages select, highly vetted sub-processors and external service providers. We transmit transient metric snapshots, encrypted OAuth refresh tokens, and diagnostic telemetry to enterprise-grade cloud hosting providers (such as Amazon Web Services, Google Cloud Platform, or Supabase). These entities act strictly as Data Processors on our behalf. Contractual Protections: All sub-processors are bound by strict Data Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs). They are legally prohibited from querying, mining, utilizing, or retaining your data for any independent commercial purpose. Infrastructure Security: Our hosting providers operate under internationally recognized cryptographic and compliance standards, including SOC 2 Type II and ISO/IEC 27001 certifications. To facilitate the continuous rendering of your analytical data, necessary session handshakes, cryptographic refresh payloads, and Scoped User IDs are transmitted back to the primary ecosystem operators: Roblox Corporation and Discord Inc. This sharing is strictly limited to the technical API protocols required to maintain your active OAuth session context and verify your continued permission state. In the event that Alytica undergoes a corporate transition—such as a merger, acquisition by another company, bankruptcy, or sale of all or a portion of its digital assets—your user profile, cached widget configurations, and active session tokens may be transferred to the successor entity.

Binding Non-Negotiable Condition: Any acquiring entity must explicitly agree to be bound by the Zero-Spill Architectural Commitment established in this Policy. They are strictly prohibited from altering the data silo separating platform API metrics from advertising networks or attempting to commercialize previously ingested Roblox or Discord data.


We reserve the right to access, preserve, and disclose your personal information, session logs, or IP telemetry to public authorities, courts, or law enforcement agencies if we believe in good faith that such action is strictly necessary to:


  1. Comply with a lawful, legally binding subpoena, warrant, or judicial order issued by a court of competent jurisdiction;

  2. Enforce our Terms of Service, investigate potential API abuse, or defend our legal rights;

  3. Respond to verifiable claims that any content or widget layout violates the rights of third parties; or

  4. Protect the imminent physical safety, personal security, or vital interests of our users, our development personnel, or the general public.


Alytica implements a bifurcated data storage architecture designed to keep your most sensitive access parameters locally bound to your hardware: Client-Side Security: Cryptographic access tokens, raw user secrets, and authentication keys retrieved via Discord or Roblox OAuth are stored exclusively on your local iOS hardware utilizing Apple’s encrypted system Keychain. These keys are never exposed in plain text to our backend databases. Server-Side Caching: Our remote backend infrastructure holds only ephemeral statistical snapshots (e.g., your compiled visit graphs or concurrent user counts) and Scoped User IDs purely to serve immediate background fetch payloads to your iOS Widgets without violating external API rate limits. We employ rigorous technical, physical, and administrative safeguards to prevent the unauthorized access, destruction, loss, or alteration of your data:


  1. Encryption in Transit: All communications between your iOS device, our backend synchronization servers, Google AdMob, Roblox Open Cloud, and Discord APIs are strictly encrypted using standard Transport Layer Security (TLS 1.3) protocols.

  2. Encryption at Rest: All transient statistical caches and database backups residing on our cloud hosting infrastructure are encrypted at rest utilizing advanced AES-256 cryptographic standards.


Because Alytica is an analytical conduit rather than a permanent data repository, we enforce strict, automated data retention lifecycles across our backend servers: Active Widget Caching: Statistical snapshots pulled from Roblox or Discord are cached on our servers for a maximum period of seventy-two (72) hours before being completely overwritten by a fresh data pull. The 90-Day Inactivity Sunset: If your account context exhibits complete inactivity—meaning your iOS device fails to request a single Widget background refresh or app launch for a continuous period of ninety (90) days—our automated database cron jobs will interpret the session as abandoned. All historically cached statistical metrics, Scoped User IDs, and interface configurations tied to your profile will be permanently expunged. Our retention architecture listens dynamically for external permission state changes. If our automated systems detect that your OAuth access token has been invalidated, or if you actively disconnect Alytica from your Roblox Authorized Apps or Discord Authorized Apps settings menus, our backend pipelines will execute an immediate purge of your cached statistical profile within twenty-four (24) hours.


We operate under the fundamental belief that you own your analytical data and digital identity. In strict accordance with global privacy frameworks (including GDPR, CCPA, and Apple App Store Review Guidelines), Alytica provides you with immediate, unencumbered rights to access, rectify, restrict, and completely permanently erase your personal information. You do not need to contact support or navigate complex web forms to remove your footprint from our ecosystem. We have embedded an automated "Kill Switch" directly into the Application interface. To execute an immediate and permanent account purge, you must navigate natively inside the app to Alternatively, if you no longer have access to your iOS device, you may submit a formal, verifiable deletion request by emailing our Privacy Officer directly at privacy@alytica.app When you trigger the Kill Switch, our backend infrastructure executes an instantaneous, automated multi-step purge sequence that cannot be paused or reversed:


  1. Token Invalidation: All active OAuth access tokens, refresh tokens, and localized session identifiers tied to your Discord and Roblox accounts are immediately dropped from our active server memory and flagged for immediate invalidation.

  2. Roblox Identifier Erasure: Your unique Roblox Scoped User ID is permanently expunged from our synchronization tables, irreversibly severing our backend’s ability to query or pull analytical data from your Roblox developer assets.

  3. Statistical Database Flush: All historical, cached analytical snapshots, visit graphs, revenue projections, and custom Widget layout preferences associated with your profile are permanently deleted from our active storage databases.

  4. Third-Party Disconnection: A cryptographic revocation payload is fired off to Discord Inc. and Roblox Corporation endpoints (where supported by platform API architectures) to formally close the OAuth handshake pipeline.


You maintain the right to request a comprehensive, human-readable export of all data attributes currently tied to your active session context. You may request a Data Subject Access Request export by emailing privacy@alytica.app. Within thirty (30) days of verifying your identity, we will provide you with a structured, commonly used machine-readable file (specifically JSON format) containing your active Scoped User IDs, profile parameters, and cached widget telemetry. The Application, its backend analytics infrastructure, and its associated iOS Widgets are strictly intended for individuals who are at least thirteen (13) years of age (or the respective age of legal majority in your local jurisdiction). Alytica does not knowingly solicit, capture, process, or store personal data, analytics metrics, or platform identifiers from children under the age of 13. In binding alignment with the U.S. Children’s Online Privacy Protection Act (COPPA) and Article 8 of the European General Data Protection Regulation (GDPR-K):


  1. If you are under 13 years of age, you are explicitly prohibited from connecting your Roblox or Discord accounts to the Service.

  2. If we discover, through automated data flagging or verifiable parental notification, that we have inadvertently collected session tokens or platform data from a child under the age of 13 without verified parental consent, we will execute an immediate, manual Kill Switch purge of that account profile from our active databases.


To ensure absolute safety across our monetization vectors, all programmatic ad requests fired from the Application via the Google Mobile Ads SDK are dynamically parameterized to comply with child and teen protection policies:


  • TFCD (Tag for Child-Directed Treatment): If an active user context is identified or declared as falling under local child protection ages, ad requests are tagged with tag_for_child_directed_treatment=1, entirely disabling behavioral tracking and interest-based ad profiling.

  • TFUA (Tag for Users under the Age of Consent in Europe): For European users identified as under the age of digital consent (typically 16), ad requests are appended with tag_for_under_age_of_consent=1, forcing the Google SDK to strictly deliver non-personalized, contextual banner advertisements.


Alytica processes data globally while maintaining physical business operations inside New South Wales, Australia. Depending on your geographic domicile, you are afforded specific statutory protections under local legislation. For users residing in Australia, your data is managed in strict adherence to the Australian Privacy Principles (APPs) established under the Privacy Act 1988 (Cth). We collect data solely for the primary operational purposes outlined in Section 3. You have the statutory right to lodge a formal complaint regarding our data handling practices directly with the Office of the Australian Information Commissioner (OAIC) via their official web portal (www.oaic.gov.au). For users located within the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following strictly defined legal bases pursuant to Article 6 of the GDPR:


  • Contractual Necessity (Art. 6(1)(b)): Processing your Roblox Scoped User IDs, Discord profile avatars, and OAuth session tokens is fundamentally necessary to fulfill our contractual obligations under our Terms of Service (specifically, calculating and rendering your iOS Widgets).

  • Consent (Art. 6(1)(a)): Processing your Apple IDFA for the delivery of personalized Google AdMob advertisements is executed entirely based on your explicit, opt-in consent granted via the native App Tracking Transparency prompt.

  • Legitimate Interest (Art. 6(1)(f)): Capturing automated crash diagnostics and IP logs is executed under our legitimate interest in preserving application stability, remediating software bugs, and preventing server abuse.


You retain the absolute right to lodge a privacy infringement complaint with your local Data Protection Authority (DPA) or the UK Information Commissioner’s Office (ICO). For residents of California, Virginia, Colorado, Connecticut, and Utah, local state privacy statutes require explicit disclosures regarding the commercialization of consumer data. We reiterate our binding Zero-Spill Architectural Commitment. Alytica does not sell, rent, license, or trade your personal information, gaming metrics, or platform identifiers to third parties. Furthermore, because we firewall our platform APIs from our ad networks, we do not "share" your Roblox or Discord data for the purpose of cross-context behavioral advertising.


  • Categories Collected in the Last 12 Months: Identifiers (Scoped User IDs, usernames), Commercial/Analytical Data (Roblox experience visit graphs), and Internet Telemetry (coarse location, IP address, device models).

  • Categories Disclosed for Business Purposes: Ephemeral metric snapshots and encrypted OAuth tokens disclosed exclusively to our enterprise cloud infrastructure hosting processors (Section 5.1).


If you have questions, disputes, or formal requests regarding this Privacy Policy, our data isolation silos, or your underlying statutory rights, you must contact our designated Privacy Operations team via the following communication vectors:


Primary Privacy Email: privacy@alytica.app

General Support Operations: support@alytica.app

Data Controller Entity: Alytica Operations (NSW, Australia)

Create a free website with Framer, the website builder loved by startups, designers and agencies.