Automate RtbF Processing with Webhook and Open Cloud

The setup can be done within 15 minutes, and you would only need to set up once for all your games.

Always happy to hear what your ideal solution would be and bring it back to our team!

I’m glad we’ve had a system for handling GDPR data deletion requests, but this can’t be the long-term solution. I’ve developed my own tool for this, which works for me, but:

1. Required a significant amount of time to set up and verify it works with Roblox’s requests.
2. Requires me to host this somewhere, which costs money.
3. Requires this application to be exposed to the internet with a domain name. Either this costs money or requires integration with another service (Guilded in this example, which is an idea I never thought of).
4. If you host your own domain, requires an SSL certificate. Some hosting solutions require you to pay for their special service whatever.

Needless to say, this is a lot to do with what the article covers. It is at my own expense to receive requests from Roblox just to send them back to Roblox, all while dealing with the security concerns of hosting an application with API keys to the open internet. Most people won’t even touch this. This can’t be the long-term solution if everyone complying is the goal.

And to anyone wondering: no, I will not open up my hosting of Nexus Clearing. I’m nervous about the security of my own games. I don’t want to risk the security of yours as well.

Isn’t an internal system built into roblox that doesn’t rely on 3rd party apps & setting up bots possible?
If bots/webhooks can do it, why can’t roblox? (Even if we have to add a script or something? Example: Roblox sends request, script detects [surely this is possible somehow], and deletes data for that user?)

Relying on 3rd party apps isn’t a very good solution.

Edit: not to mention the load it puts on those 3rd party apps. Like discord, theres a limit to webhook uses in a short time… It’s rare that it could happen, but not impossible… Big games probably get a lot of requests… that could potentially break the system.

You definitely raise good points, we are aware of the drawback of this sample solution. As stated in the post above:

Ever thought of giving us a field in the dashboard for each experience where we can input code to be run whenever a RtbF request comes through rather than us having to develop and run external bots. It would more fit in to the Roblox ethos of everything being available at your fingertips and accessible to everyone.

Repeating what I said on the previous post about this, webhooks aren’t really an adequate solution to automate GDPR removals. I should be able to write lua code on the creator dashboard (or in some special service in studio) that Roblox can run whenever a GDPR request is received. That way this code can delete whatever is necessary for that specific game without the creator having to do anything manual after writing the code.

I shouldn’t have to do all these steps just to complete GDPR requests.

I’ve wanted to respect these requests… but with how much clutter they generate in my inbox and how inefficient these requests have been to fulfill, I eventually just started archiving them. Is there a persistent record of what we should be wiping if we haven’t complied?

I can’t imagine I’m the only developer who just rolls their eyes and ignores these. Is some regulatory board across the sea going to audit me because I didn’t delete Timmy’s sandcastle? I don’t know how I can reasonably prove an erased user’s save data is negligible because:

1. It’s scoped to a live experience server only.
2. It never gets inspected outside of a Roblox server, only in-experience when a user with their ID shows up in a live server.
3. It cannot be cross referenced in any meaningful way.

In any case, I’m willing to comply now that it’s easier to do so, but I need to know how I can process requests I’ve ignored.

I know this isn’t the ideal place to ramble about this, but it should have been a much higher priority from the get-go. Doing the bare minimum to bounce this problem over to us isn’t very pro-developer.

Way I see it, there were 2-3 easy ways to make this compliance reasonable in the first place:

1. Response Rules — Have us input one or more format strings that consume UserIds and output keys that should be deleted from our DataStores. This would be compliant with 99.9% of requests where the data is never touched outside the context of in-experience save data.

2. A compliance callback on the DataStoreService — Developers implement a callback function on the DataStoreService which gets invoked with requests to delete specified UserIds from our records. An RCCService instance could be spun up to process these requests, or it could just be fed to a random running server.

3. Automatic DataStore Key Deletion — Get heuristics about DataStore keys and how they correlate to the UserId of players who join/leave an experience. If there’s a significant degree of confidence the key is associated solely with individual users, add it as a format key to the response rules system mentioned above.

Forgot to mention before: this is not a proper use of Guilded or Discord. Discord blocked requests from Roblox servers because people were using it for logging. Telling us to use like that Discord after being blocked is a really bad idea. The proper solution is to have a web server to accept the webhooks already. You are going to need to host this either way somewhere, which the article doesn’t cover.

Been using this feature ever since webhooks was released with a custom bot using node, and it has completely eliminated the need for me do this process manually.
One thing that would be nice is to disable the GDPR messages for certain games or make them less annoying now that its fully automated for me.
Maybe a call back that the bot has the option to tell roblox that the data has been deleted and then stops roblox sending the GDPR message.

Quick suggestion to the “In house solution”, let us register what database names we use (Users/Cash/${UserID}), and then just delete the datastores with that structure. It’s instant, it’s useful, and it won’t require us to run a program / discord bot on an external server.

On GlobalDataStore:SetAsync, the second parameter is a list of UserIDs associated with that data

Does Roblox not automatically delete data from DataStores when they receive a gdpr request from one of those user IDs?

Realistically there is no way people will put the effort in to set up up their own servers just to handle gdpr requests

Great Update but i don’t understand everything and i’m stuck at the last step…
There should be a a way to write lua code somewhere or in game to know when we have to delete something…
Why don’t you use the new key metadata with the player userid…

Please prioritise querying DataStore keys by UserId. We have half of the fully in-house solution already existing but further DataStore tooling just doesn’t exist. Out of all the potential future listing and writing methods that were said to come around, none of that has been added.

Since Roblox does maintain a lot of servers for games, I would have loved to see something akin to GitHub Actions — if that is what that ‘Universe Scripts’ was going to be.

Ideally it would be something with a budget that scales depending on the recent player-count, similar to MemoryStores.

Wouldn’t this reflect a breach of the spirit of GDPR? You’d be passing data (UserId and Id’s of games they played) to 3rd parties running unrelated games.

I appreciate the attempt, but as others have stated this is a very convoluted method that requires developing external tools.

It seems like a tall ask to expect me to either manually go through the outdated and scam filled message inbox and waste my time or build and host an external server with external tools to delete this data, further compromising my experience’s privacy.

Why not let us specify the locations in datastores where user data is stored and have Roblox automate the deletion when a GDPR request is submitted?

Hi Creators, we really appreciate your feedback. We looked through each of them, and noted all the suggestions and asks to prioritize in our future releases. In the meantime, we have some answers to your top questions.

Data Store already supports user ID tagging, why aren’t these data deleted automatically?
An overwhelming amount of data is not tagged, and any historical data introduced prior to the tagging feature is also not tagged. Deleting tagged data would only solve a minority of Data Store use cases today.

How come Roblox is not offering a fully in-house solution?
A fully in-house solution is still in the works. This guide showcases what creators can accomplish today using currently available tools, and does not take away from our long term commitment.

Does this solution abuse third party webhook policies?
We respect and follow all third party application’s terms of service. Contrary to webhooks generated in game using HttpService, Roblox webhooks closely follow rate limits set by third party apps, and is designed to not spam or overwhelm the webhook receiver.

If the user has erased their Roblox account, then they usually wouldn’t be able to access that button. Regardless, it’s all about the user experience :)

They could still contact you to remove their data via an email or discord ticket