Legal

Privacy Policy

Last updated: March 18, 2026

What we collect

Titanite Shield collects the minimum data necessary to provide clone detection services:

  • Your Roblox user ID (via Roblox OAuth login)
  • Scan history — which items you've scanned and when
  • Registered items and their monitoring settings
  • Discord webhook URLs if you set up clone alerts
  • Stripe customer data if you subscribe to a paid plan (email, payment method — managed by Stripe)

What we store

When an item is scanned or registered, we compute and store mathematical fingerprints: shape distributions, perceptual hashes, and geometric signatures. We also store simplified mesh previews (vertex data for 3D comparison views).

We do not store the original meshes, textures, or any Roblox asset files. Fingerprints are one-way — they cannot be used to reconstruct the original item.

How we access Roblox data

We access the Roblox catalog API to download publicly available item data (thumbnails, mesh files) for fingerprinting. This data is processed in memory, fingerprinted, and discarded — the raw files are not retained.

What we don't do

  • We do not sell your data to anyone
  • We do not share personal information with third parties for their own purposes
  • We do not track you across other websites
  • We do not use your data for advertising
  • We do not store your Roblox password or session tokens

Cookies

Titanite Shield uses a single essential cookie: the Supabase authentication session cookie. This keeps you logged in. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

Third-party services

We use the following services to operate Titanite Shield. Each has its own privacy policy:

  • Stripe — payment processing
  • Supabase — database and authentication
  • Cloudflare — API hosting and security
  • Vercel — web hosting
  • Sentry — error monitoring (no personal data sent)
  • Discord — webhook alerts (only if you configure them)

Data retention

Fingerprint data and scan history are stored indefinitely — this is core to how the service works (detecting clones requires comparing against historical data). Account data is deleted on request. If you want your data removed, contact us and we'll delete everything associated with your account.

Data storage & security

All data is stored in Supabase (PostgreSQL) with row-level security enabled. Fingerprint computations run in Cloudflare Workers with no persistent storage. Data is encrypted in transit (TLS) and at rest.

Contact

Questions about this policy? Reach us on Discord.