Privacy Policy

This Privacy Policy explains how the Grow a Garden 2 website ("we", "us", the "Site") handles information when you choose to use the optional "Sign in with Roblox" feature and related account features. The Site is a fan-made release countdown and is not affiliated with, endorsed by, or sponsored by Roblox Corporation.

What we collect

The Site works fully without signing in. Signing in is entirely optional. If you choose to sign in with Roblox, we request only the identity scopes openid and profile, and we receive the following from Roblox's OpenID Connect service:

• Your Roblox user ID (a stable numeric identifier)
• Your Roblox display name and username
• Your Roblox avatar headshot image URL
• Your public Roblox profile link and account creation date

If you choose to use account features, we may also store an email address, a mobile phone number, and/or a linked Discord account that you provide, plus activity you generate on the Site (for example, referral link activity and in-Site rewards progress). We do not request or receive your Roblox password, email address, payment details, friends, messages, or any ability to act on your account.

How we use it

We use the information above to:

• Display your signed-in state (your name and avatar) on the Site;
• Operate account features such as Early Access referrals and in-Site rewards;
• Confirm that a contact you add belongs to you (via a one-time code);
• Communicate with you about your account, rewards, and early access; and
• With your separate opt-in consent, send you marketing communications — news, updates, and promotional offers about Grow a Garden 2 and our related games and experiences (see Marketing communications below).

How it is stored

For the sign-in feature itself, we do not operate a traditional login database. After you sign in, we keep your user ID, display name, and avatar URL inside a single signed, HttpOnly session cookie stored in your own browser. The access and refresh tokens issued by Roblox are used once to read your profile and are then discarded — they are never stored. The session cookie expires automatically after 7 days, or immediately when you sign out. Any email address and phone number you add are stored encrypted at rest (AES-256-GCM); we never store the one-time verification codes themselves.

Optional contact details & connected accounts

Signed-in users may optionally add a contact email address and/or mobile phone number, and may optionally connect a Discord account.

• Email & phone are stored encrypted at rest (AES-256-GCM). Adding a contact sends a one-time code to confirm it's yours; this confirmation message is transactional and is separate from any marketing opt-in.
• Discord: if you connect Discord we request only the identify scope and store your Discord user ID and display name. We never receive your Discord password, email, servers, or messages.

Marketing communications

We will only send you marketing messages if you give a separate, explicit opt-in that is distinct from confirming your contact details. Marketing consent is never a condition of signing in, verifying a contact, or using any part of the Site.

• What we send: news, updates, launch reminders, events, and promotional offers about Grow a Garden 2 and our related games and experiences.
• Channels: email and/or SMS (each opted into separately), and Discord where you've connected it.
• SMS: message frequency varies and message & data rates may apply. Reply STOP to unsubscribe at any time, or HELP for help.
• Email: every marketing email includes a one-click unsubscribe link and our postal mailing address.
• Withdraw anytime: you can opt out using the controls above, or by removing the email/phone from your Profile page, which also revokes that channel's marketing consent.

We use your Roblox profile details and the contact information you provide to decide what to send and to personalize these messages. We do not build advertising profiles of you, track you across other apps or websites, sell or rent your information, or share it with third-party advertising or profiling services.

Service providers

To deliver messages we share the minimum necessary data with trusted processors acting on our behalf: Twilio (verification codes and SMS), SendGrid (email delivery), and Cloudflare (hosting and security). We use Discord's official OAuth for account linking. They process this data solely to provide their service, under their own privacy terms.

Sharing

We do not sell or rent your information, and we do not use it to build profiles of you or to train AI models. Apart from Roblox's OAuth endpoints during sign-in, the only parties we share data with are the service providers described above, and only to deliver the features you request — or where required by law.

If you take part in Early Access referrals, your public Roblox profile (user ID, name, username, avatar) and your referral counts are processed to operate the public leaderboard and to rank participants, including by our own ranking service. This is used solely to rank and reward participants — it is never sold and never used to advertise to you.

Data retention & deletion

We keep your information only as long as needed to provide these features. You are in control:

• Sign out at any time to delete the session cookie from your browser;
• Remove any email, phone, or Discord connection from your Profile page, which deletes that data and revokes the related marketing consent;
• Request deletion of all data associated with your Roblox account by emailing privacy@gag.gg — we will delete it promptly and within the timeframe required by applicable law.

You can also revoke this app's access entirely from your Roblox account settings under Account → Security → Authorized Apps.

Your privacy rights

Depending on where you live, you may have rights to access, correct, delete, or port your personal information, to opt out of marketing, and to withdraw consent at any time. To exercise any of these, use the controls above or contact us at privacy@gag.gg. We will not discriminate against you for exercising your rights.

Analytics

The Site uses privacy-friendly, cookieless aggregate traffic analytics (Cloudflare Web Analytics) that do not identify individual users and are not linked to your Roblox identity.

Children's privacy

Roblox requires an account that is 13 years or older to authorize OAuth 2.0 apps, and our account and contact features are intended for users who are 13 or older. We do not knowingly collect personal information from, or send marketing to, anyone under 13 (or the minimum age of digital consent in your country, which may be higher). If you believe a child has provided us information, contact privacy@gag.gg and we will delete it.

Changes

We may change or update this Privacy Policy at any time, at our sole discretion and without prior notice. Any changes are effective immediately when posted to the Site; the "Last updated" date above reflects the current version. Please review this policy periodically, as your continued use of the Site after changes are posted constitutes acceptance of the updated policy.

Contact

Questions or privacy requests? Email us at privacy@gag.gg.