RoTrades
Security FAQ
How RoTrades protects your account and data.
Do you store my Roblox password?
No. Roblox linking uses Roblox OAuth, so your Roblox password is never seen or stored by us.
How are passwords stored?
Site account passwords are hashed with bcrypt before storage. Stored hashes are not plaintext and are not reversible.
Can admins see my password?
No. Passwords are stored as cryptographic hashes, not readable values.
Do you sell or share user data?
No. User data is not sold or shared with third parties.
What information do you store?
- Discord ID (if linked)
- Roblox user ID/username (from OAuth)
- Account preferences and security/session metadata
We do not store Roblox passwords, Roblox cookies, or Roblox security tokens.
How is this safer than old trading sites?
- bcrypt password hashing
- Roblox OAuth for identity linking
- Short-lived access token + rotating refresh sessions
- Server-side session controls and revocation