Legal
Privacy Policy
Baseplate is a desktop application for building Roblox games with AI agents. This policy explains what personal data we process, why, and the rights you have. We designed Baseplate to be local-first, so for most of what the app does, we never receive your data at all.
1. Who we are (the data controller)
The controller of your personal data is:
- Name: Baseplate — an independent software developer
- Based in: Poland (European Union)
- Contact: contact@baseplatedev.com
We are based in the European Union, so we process personal data under the EU General Data Protection Regulation (GDPR / RODO).
2. The local-first principle
Baseplate runs entirely on your computer. The following never leave your machine and are never sent to us:
- Your game source code, projects and workspaces.
- Your Roblox Open Cloud API key (stored locally on your device).
- Your prompts, chat transcripts and agent activity.
- Your Baseplate settings and history.
The app's local server binds only to 127.0.0.1 (your own machine) and validates the origin of every connection.
Your AI provider sees your prompts
Baseplate drives your own Claude Code (Anthropic) or compatible AI account. When an agent runs, your prompts, code and context are sent to your AI provider under your agreement with them, to generate responses. This traffic goes directly from your machine to your AI provider — it does not pass through us. Their privacy policy governs that processing (e.g. Anthropic's Privacy Policy).
3. What we actually collect
We only process personal data in these limited situations:
a) When you buy a paid plan
Payments are handled by our payment provider (see below). We receive: your email address and which plan you bought, so we can issue and email your license key. We do not receive or store your card number or full payment details — the payment provider handles those.
b) When the app checks for updates
On launch, the app asks GitHub whether a newer version exists. GitHub receives the standard technical data of that request (such as your IP address and app version). This is necessary to deliver updates and security fixes.
c) When you visit this website
Our hosting provider processes standard server logs (IP address, browser type, pages requested) to serve the site and keep it secure. The site loads web fonts from Google Fonts, which means Google receives your IP address when fonts load. We do not use advertising or cross-site tracking cookies. See our Cookie Policy.
d) When you email us
If you contact support, we process the email address and content you send, to answer you.
4. Third parties we rely on (processors)
We use a small number of trusted providers to run the service. Each processes only what is needed:
| Provider | Purpose | Data |
|---|---|---|
| Our payment provider — Stripe | Process payments, tax & invoicing | Email, name, payment details, country |
| GitHub (Microsoft) | App downloads & auto-updates | IP, app version (request logs) |
| Cloudflare | License key issuing/validation service | Email, plan, license key |
| Resend | Delivering your license-key email | Email address, message content |
| Google Fonts | Website typography | IP address (on page load) |
| Your AI provider — Anthropic | Runs the agents you invoke | Your prompts & code (direct from your machine) |
Some of these providers are located outside the European Economic Area (e.g. the United States). Where that is the case, transfers are covered by appropriate safeguards such as the EU Standard Contractual Clauses or the EU–US Data Privacy Framework.
5. Legal basis for processing (GDPR Art. 6)
- Performance of a contract — issuing your license key and delivering the software you purchased.
- Legitimate interests — delivering security updates, preventing fraud/abuse, and answering support requests.
- Legal obligation — keeping tax and accounting records where required.
- Consent — any non-essential cookies or optional communications, which you can withdraw at any time.
6. How long we keep data
- Purchase & license records: for as long as your license is valid and afterwards as required by tax/accounting law (in Poland, generally 5 years).
- Support emails: up to 24 months after your last message.
- Server & update logs: a short period for security, then deleted or anonymised.
7. Your rights
Under the GDPR you have the right to: access your data; correct it; erase it; restrict or object to processing; data portability; and withdraw consent at any time. To exercise any of these, email us at the address below.
You also have the right to lodge a complaint with your supervisory authority. In Poland this is the President of the Personal Data Protection Office (UODO), uodo.gov.pl.
8. Children
Baseplate is a developer tool and is not directed at children. We do not knowingly collect personal data from anyone under 16.
9. Changes to this policy
We may update this policy as the product evolves. We will change the "last updated" date above and, for material changes, note it on the website.
10. Contact
Questions about privacy? Email contact@baseplatedev.com, or use our contact form.