1. The Direct-to-Roblox Guarantee
The biggest concern for any digital designer is asset theft. DecalLink operates on a strict "Local Bridge" architecture. When you queue your livery parts and initiate an upload, the software compiles a secure HTTPS POST request natively on your machine.
That request is sent directly from your router to apis.roblox.com. Your image files completely bypass the DecalLink Cloud. We literally have zero capability to intercept, view, or store the designs you upload.
Verify it yourself: We actively encourage our enterprise clients to run network analysis tools like GlassWire or Wireshark during an upload batch. You will see 100% of the heavy payload traffic routing exclusively to Roblox Corporation endpoints.
2. Local Credential Storage
Your Roblox Open Cloud API Key holds immense power over your account. DecalLink handles this key with the highest level of isolation.
- If you choose not to save your settings, the key only exists in your computer's temporary RAM and is wiped the moment you close the app.
- If you toggle "Save Settings," the software writes a secure JSON file locally to your machine's hidden AppData directory (
C:\Users\[You]\AppData\Local\DecalLink). - The API key is injected directly into the upload headers locally. It is never transmitted to, or stored in, any external database.
3. What The DecalLink Cloud Actually Sees
DecalLink does utilize Google Cloud Platform servers, but strictly for Software Licensing and Anti-Piracy measures. The only data our servers process is:
Username & Pass Hash
Used strictly to grant you access to the software. Passwords are irreversibly hashed via SHA-256 before transmission.
Hardware ID (HWID)
Binds your license to your specific PC motherboard to prevent unauthorized users from sharing your account.
Public IP Address
Monitored strictly to prevent account sharing and to enforce concurrent login blocks.
Version Validation
Checks your app version against the server to ensure you have the latest security patches.