Oxton Hotels Oxton Hotels Sign In
Legal

Privacy Policy

How we collect, use, and protect your information.

Last updated: 09 May 2026

1. Introduction

Oxton Hotels ("we", "us", "our") respects your privacy and is committed to protecting any personal information you share with us. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

By using our website, Roblox experiences, Discord server, or related services (the "Services"), you consent to the practices described in this policy.

2. Information We Collect

We may collect the following types of information:

2.1 Information You Provide

  • Account Registration: Username, email address, and password when you create a website account.
  • Roblox OAuth: Your Roblox user ID, username, display name, and avatar when you link your Roblox account.
  • Discord OAuth: Your Discord user ID, username, and avatar when you sign in with Discord.
  • Support Requests: Any information you submit through support forms, ban appeals, or job applications.
  • Mailing List: Your email address if you subscribe to our newsletter.

2.2 Information Collected Automatically

  • Activity Data: For staff members, we track session attendance, activity minutes, and messages for leaderboard and performance purposes.
  • Group Membership: Your Roblox group rank and role are retrieved from the Roblox API when you sign in.
  • Audit Logs: Actions performed on the Dashboard (uploads, announcements, rank changes, setting updates, etc.) are recorded with your username, a timestamp, and a description of the action.
  • Usage Analytics: We may collect anonymised page-view data and session metrics to understand how our Services are used and to identify and fix technical issues. This data does not personally identify you.

3. How We Use Your Information

We use collected information to:

  • Provide and maintain our Services, including the Staff Portal.
  • Verify your identity and group membership.
  • Display your profile information (username, avatar, rank) within the Staff Portal.
  • Process support requests, ban appeals, and job applications.
  • Generate leaderboards, activity reports, and staff analytics.
  • Send newsletters and updates if you have opted in to our mailing list.
  • Improve our Services and user experience.

4. Data Storage & Security

Your data is stored securely using Supabase (hosted on cloud infrastructure with encryption at rest and in transit). We implement industry-standard security measures to protect your information, including:

  • Password hashing using secure algorithms (passwords are never stored in plain text).
  • HTTPS encryption for all website communications.
  • Row-level security policies on our database.
  • OAuth 2.0 for third-party authentication (Roblox, Discord).

While we take reasonable precautions, no method of transmission over the Internet or electronic storage is 100% secure.

5. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specifically:

  • Account Data: Retained for the duration of your account's existence. If you request deletion, account data is removed promptly unless retention is required for legal or moderation purposes.
  • Session & Activity Logs: Retained for up to 12 months to support performance reviews, leaderboards, and quota tracking.
  • Audit Logs: Retained for up to 24 months for moderation, security, and accountability purposes.
  • Support Requests & Ban Appeals: Retained for up to 12 months after resolution to handle re-appeals and maintain moderation history.
  • Uploaded Documents: Retained until explicitly deleted by an authorised staff member or until your account is removed.

After the applicable retention period, data is securely deleted or anonymised.

6. Third-Party Services

We integrate with the following third-party services:

  • Roblox: For OAuth authentication and retrieving player/group data.
  • Discord: For OAuth authentication, live chat integration, and community management.
  • Supabase: For secure database hosting and authentication.
  • Trello: For internal task and session management.
  • Google Fonts: For loading the Inter typeface on our website.

Each of these services has their own privacy policies. We encourage you to review them.

7. Data Sharing

We do not sell, rent, or trade your personal information to third parties. We may share limited data in the following circumstances:

  • With Roblox or Discord as part of the OAuth authentication process.
  • With Oxton Hotels management for staff administration purposes.
  • If required by law or to protect the safety and security of our community.

8. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data (subject to any legitimate reasons for retention).
  • Unsubscribe: Opt out of marketing emails at any time via the unsubscribe link in our emails.

To exercise any of these rights, please contact us through our Support page.

9. Children's Privacy

Our Services are available to users who meet the minimum age requirements set by Roblox. We do not knowingly collect personal information from children under the age of 13 without parental consent. If you believe we have collected such information, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of our Services after changes constitutes acceptance of the revised policy.

11. Contact Us

If you have any questions about this Privacy Policy or how your data is handled, please reach out through our Support page or contact us via our Discord server.

Oxton Support