nullX Softworks

Choose a page to begin.

Privacy Policy

This Privacy Policy explains how nullX and RUSH LABS GLOBAL LLC collect, use, store, and disclose information when you use our website, Developer Portal, support channels, and connected product services.

This page is written around the current behavior of this website and Developer Portal, including Discord sign-in, Roblox OAuth, license redemption, runtime tokens, and support flows.

Information We Collect

We may collect information you provide directly, information received from connected services, and technical information generated when you use the site.

This can include license keys, customer labels, Discord account identifiers, Roblox account identifiers, usernames, display names, linked universe identifiers, runtime token metadata, support emails, and similar account or product access details.

We also collect technical and diagnostic information such as IP address, browser or device information, user agent data, session cookie state, OAuth state values, request timestamps, and product event or access logs needed to operate, secure, and troubleshoot the service.

Depending on the feature you use, this may also include license redemption records, linked universe information, runtime token and claim-token status metadata, configuration history, and security or audit records tied to portal access, token rotation, or runtime event activity.

How We Use Information

We use information to provide and secure access to the Developer Portal, validate licenses, bind licenses to approved accounts, connect Roblox experiences, issue and rotate runtime tokens, process support requests, prevent abuse, investigate incidents, and improve service reliability.

We also use operational data to enforce product rules, such as account-bound license access, one-universe linking flows, token usage checks, and audit records tied to redemption or configuration events.

We may also use information to detect misuse, investigate suspected compromise, rotate credentials, invalidate sessions, enforce rate or access controls, and document security or support actions taken on a license workspace.

Cookies And Connected Services

We use cookies and similar storage to keep you signed in and to carry short-lived OAuth state during sign-in or account connection flows. For example, the portal uses session cookies such asnullx_portal_session and temporary OAuth cookies during Discord and Roblox connection steps.

When you choose to connect third-party accounts, we receive profile or token data from providers such as Discord and Roblox, and we use that data only for the account-linking, authentication, and service operations described in this policy.

Sharing And Disclosure

We may share information with infrastructure and service providers that help us run the website and Developer Portal, including hosting, database, authentication, analytics, communications, and support tooling vendors, but only as reasonably necessary to provide the service.

We may also disclose information when required by law, to enforce our terms, to protect users or the service, or as part of a merger, financing, acquisition, or asset transfer.

We do not sell personal information or share personal information for cross-context behavioral advertising through this website as it currently operates.

Retention And Security

We keep information for as long as reasonably necessary to provide the service, enforce product and licensing rules, maintain security and audit records, comply with legal obligations, and resolve disputes.

We use administrative, technical, and organizational safeguards that are designed to protect the information we maintain. No internet or storage system can be guaranteed perfectly secure, so please use care when sharing credentials, runtime tokens, or claim tokens.

The current service is designed with layered controls intended to make unauthorized access materially less likely. Those controls include account-bound license redemption, short-lived OAuth state flows, HTTP-only session cookies, encrypted OAuth cookie payloads, hashed license and token records, token rotation and revocation workflows, linked-universe checks, and security logging tied to access and runtime activity.

Even with those controls, no website, customer environment, connected third-party platform, or credential workflow can promise absolute security or guarantee that every breach, compromise, outage, or misuse attempt will be prevented.

Shared Responsibility For Security

We are responsible for the security measures we choose for the service we operate. You are responsible for the security of your own devices, browsers, source repositories, build pipelines, local files, email accounts, Discord accounts, Roblox accounts, team permissions, and any credentials or configurations you copy into your own games, dashboards, scripts, or infrastructure.

You must protect license keys, runtime tokens, claim tokens, webhook destinations, and other sensitive values from disclosure, misuse, or insecure storage. If you share credentials, commit them to source control, expose them in a client context, reuse them insecurely, fail to rotate them after suspected compromise, or allow unauthorized team access, the resulting risk remains with you.

Security is a shared responsibility. We work to secure the platform we operate, but you remain responsible for securing your own accounts, devices, repositories, deployment environment, and any credentials you handle outside the service.

Security Incidents And User-Side Breaches

If we detect or reasonably suspect misuse, exposure, or compromise, we may investigate, retain relevant logs, invalidate sessions, require re-verification, rotate credentials, revoke tokens, unlink connected experiences, or suspend access while the issue is reviewed.

If a security incident arises from your own environment or actions, including credential sharing, phishing, malware, repository leaks, third-party account compromise, insecure local storage, team misuse, or exposure within your own game or deployment flow, that incident is outside our control and outside our responsibility.

If you believe your license workspace, runtime token, claim token, or connected account has been compromised, contactsupport@nullxsoftworks.com promptly so we can review the issue and take any platform-side actions we decide are appropriate.

Your Choices And Rights

You can disconnect from the portal by logging out, avoid optional third-party connections by not initiating them, and contact us if you want to request access, correction, deletion, or additional details about the information associated with your account.

If applicable law gives you specific privacy rights, including rights available to California residents, you may exercise those rights by contacting us at support@nullxsoftworks.com. We may need to verify your identity before fulfilling certain requests.

Children And Updates

The website and Developer Portal are not intended for children under 13. If you believe a child has provided personal information through the service, contact us so we can review and take appropriate action.

We may update this Privacy Policy from time to time. When we do, the revised version will be posted on this page and will apply as of the updated effective date shown in the portal.

Contact

Questions about this Privacy Policy can be sent tosupport@nullxsoftworks.com.

Security, at its finest.