Privacy Policy

Last updated: March 4, 2026

This policy explains what data M AUTO collects, why it is collected, and how it is handled across our website, loader, backend authentication service, and admin tooling.

1. Scope

This Privacy Policy applies to:

the public M AUTO website and documentation pages
the M AUTO loader and in-app telemetry endpoints
the private admin dashboard and moderation tooling
official support and automation integrations we operate

2. Data We Collect and Why

Category	What We Collect	Why We Collect It
License and authentication	License key (at login), license hash, HWID hash, auth challenge nonces, session ID, token hashes, device ID mapping.	Validate paid access, bind licenses to devices, issue sessions, prevent replay abuse and unauthorized access.
Login telemetry	Loader version, computer name, OS username, public IP, timestamp, license fingerprint, HWID fingerprint.	Basic audit trail for license security, abuse prevention, and support diagnostics.
Security events	Detected threat details, system context (including IP and hardware prefixes), and optional screenshot evidence.	Detect tampering/reversing activity, investigate incidents, and protect platform integrity.
Error diagnostics	Error summaries, stack trace previews, session context, encrypted log bundles and context logs when auto-reporting is active.	Fix crashes and reliability issues, and improve software stability.
Website delivery metadata	Standard request metadata handled by hosting/CDN and requests made to Google Fonts and Font Awesome CDN.	Serve website assets and keep pages functional and fast.

3. Data Not Intentionally Collected by Backend

Your Roblox .ROBLOSECURITY cookie is used locally for device login automation and is not intentionally uploaded to M AUTO telemetry endpoints.
Payment card details are not processed directly by M AUTO; checkout is handled by external payment providers.
We do not run advertising pixels or marketing analytics trackers on the current website pages.

4. Third-Party Services

Depending on your usage, data may be processed by third-party services:

SellAuth for purchase and license delivery workflows
Vercel (including Blob storage) for backend hosting and event attachment storage
GitHub OAuth for private admin sign-in
Discord for support, command interactions, and optional audit channel messages
Google Fonts / Font Awesome CDN for website asset delivery
Roblox API for cookie validation during auto-login flows

5. Retention

Event records are retained according to the backend retention window (default configuration: 30 days).
Short-lived auth artifacts (nonces/challenges) are automatically purged after expiry/use.
License/device/session and moderation records are retained as needed for licensing, anti-abuse, and operational security.
Local files (profiles/config/logs) remain on your machine until you remove them.

6. Security Measures

Signed API requests and replay protection via nonce + timestamp validation.
License and hardware identifiers are processed as hashes for backend matching.
Session refresh tokens are stored as hashes.
License plaintext issuance records are encrypted in backend storage.
Local log encryption is supported when enabled in configuration.

7. Your Choices and Rights

You may request clarification or deletion review for stored data through official support channels.
You can remove local profile/config/log files directly from your own machine.
You can choose not to use optional integrations (for example, Discord command features).

8. Contact

For privacy questions or data-related requests, contact us through our Discord server.

M AUTO may update this policy when the product or infrastructure changes. Continued use after updates means acceptance of the revised Privacy Policy.