Privacy Policy
Last updated: 18/12/2025
Who We Are (Controller)
This Privacy Policy explains how Paralov AS (NO936301185MVA, Norway) (“Paralov”, “we”) processes personal data when you use studs.gg and related services (the “Service”). Paralov AS is the data controller for this processing unless stated otherwise.
Information We Collect
We collect information you provide directly to us and information generated when you use the Service, including:
- Roblox account information used for authentication (for example, identifiers required to link your account).
- Content you submit to the Service (e.g. prompts, inputs, and generated outputs) to provide the features you request.
- Usage and interaction data (e.g. feature usage, page views, clicks, and basic diagnostics).
- Device and log data (e.g. IP address, browser type, timestamps) generated when you access the Service.
Please do not submit sensitive personal data (such as health, biometric, or government ID numbers) in prompts or other inputs unless strictly necessary.
Payment Information
When you subscribe to a paid plan, our third-party payment processor collects and processes your payment information (such as credit card details). We do not store your full payment card information on our servers. Payment processing is handled securely by Polar and Stripe, and their privacy practices govern how your payment data is handled.
How We Use Your Information
We use the collected information to:
- Provide and improve our services.
- Communicate with you about our services.
- Prevent abuse, maintain security, and debug issues.
- Process subscriptions and manage billing.
Legal Bases (GDPR)
If you are in the EEA/UK, we process your personal data under the following legal bases:
- Contract: to provide the Service you request (e.g. authentication, core functionality).
- Legitimate interests: to improve the Service, measure performance, prevent fraud/abuse, and keep the Service secure.
- Legal obligation: to comply with applicable laws (e.g. accounting/tax record-keeping).
- Consent (where required): for certain analytics/cookies or optional features where local law requires consent.
Analytics & Cookies
We use analytics to understand how the Service is used and to improve it. This may involve cookies or similar technologies, depending on your device and settings.
We use PostHog for product and web analytics. We may also collect basic event telemetry (for example, button click events) to operate and improve the Service.
Information Sharing & Subprocessors
We do not sell your personal information. We share personal data only on a need-to-know basis with service providers (subprocessors) who help us run the Service, and only as necessary for the purposes described in this Policy.
| Subprocessor | Purpose |
|---|---|
| Hetzner | Compute hosting and infrastructure for running the Service. |
| Convex | Data storage and application backend used to operate the Service. |
| OpenRouter | Gen-AI pipeline: processing prompts/inputs and returning AI outputs. |
| Polar | Billing management and billing-related analytics. |
| Stripe | Payment processing (as Polar’s payment processor). |
| PostHog | Product and web analytics. |
We may also share information (i) with your consent, (ii) if you choose to make information public, or (iii) to comply with legal obligations and enforce our rights.
International Transfers
Some of our subprocessors may process personal data outside the EEA/UK. When we transfer personal data internationally, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) and other legally recognized transfer mechanisms, as applicable.
Data Retention
We keep personal data only as long as necessary for the purposes described in this Policy, including:
- Account data: retained while your account is active and deleted or anonymized after account deletion, subject to legal requirements.
- Billing records: retained as required by applicable accounting and tax laws (typically several years).
- Analytics data: retained for a limited period to measure and improve the Service.
Data Security
We implement appropriate security measures to protect the minimal information we have from all of our users.
Your Rights (GDPR)
If you are in the EEA/UK, you may have the right to: access your data, correct it, delete it, restrict or object to processing, and request data portability. Where we rely on consent, you can withdraw your consent at any time (this does not affect processing before withdrawal).
You also have the right to lodge a complaint with your local supervisory authority. In Norway, this is Datatilsynet.
Contact Us
For general questions, please contact us through our Discord server: discord.gg/studsgg.
For formal GDPR requests (including “delete me” requests), you can contact us via Discord or email hello@paralov.com.