Kovix is a professional invoicing platform built specifically for Roblox creators, developers, and freelancers. It lets you send invoices in Robux, track commission payments, and manage your freelance income — all in one place.

How do I get paid in Robux as a Roblox developer?

Kovix lets you send professional invoices to your clients. When the work is done, your client processes a Roblox group payout in Robux and marks the invoice as paid on Kovix. The platform tracks the full payment history so both sides always have a clear record.

Is Kovix free to use?

Yes. Kovix has a free plan that lets you send up to 2 invoices per month at no cost — no credit card required. The Pro plan (£4.99/month) unlocks unlimited invoices, an AI assistant, and advanced email notifications.

Can Roblox developers invoice clients for commission work?

Yes. Kovix is purpose-built for Roblox commission work. Scripters, builders, UI designers, animators, GFX artists, and any other Roblox freelancer can use Kovix to send professional invoices and collect Robux payments from clients.

How does Roblox group payout work with invoicing?

Kovix works alongside Roblox's group payout system. You create an invoice on Kovix and send it to your client. Your client pays you via Roblox group payout, then marks the invoice as paid on Kovix. Kovix records the payment and tracks your earnings over time.

What is the difference between a Creator and a Client on Kovix?

A Creator is a Roblox freelancer or developer who sends invoices to collect Robux. A Client is someone who receives invoices and pays for services. Most Roblox developers sign up as Creators, though you can be both — Kovix shows you any invoices sent to you regardless of your role.

Does Kovix take a percentage of my Robux?

No. Kovix charges a flat monthly subscription fee for Pro features. It does not take any percentage or cut of the Robux you earn. Every Robux your client pays goes directly to you.

How do I track my Roblox commission payments?

Kovix provides a full dashboard with your earnings history, invoice pipeline, revenue chart, and pending payments. Every invoice you send is tracked through statuses — Pending, Viewed, Paid, and Overdue — so you always know exactly where each commission stands.

Privacy Policy

This Privacy Policy is issued by Kovix, a service operated by Vylix Group Ltd, a company registered in England and Wales ("we", "us", "our"), the data controller responsible for your personal data. It explains what personal data we collect, why we collect it, the lawful basis under which we process it, who we share it with, how long we keep it, and the rights available to you under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).

This Policy applies to all users of the Kovix website, platform, and associated services (collectively, the "Service"). If you are based in the European Economic Area, the EU GDPR may additionally apply to you; this Policy is written to satisfy both frameworks where they overlap.

By creating an account or using the Service you acknowledge you have read and understood this Policy. If you do not agree, please do not use the Service.

Who We Are & How to Contact Us

Data Controller: Vylix Group Ltd (operating as Kovix)
Registered in: England and Wales
Contact: support@kovix.app
Website: kovix.app
Parent company: vylix.net — Vylix Privacy Policy · Vylix Terms

Our Data Protection Officer (DPO) can be contacted at: dpo@vylix.net. The DPO is responsible for overseeing compliance with UK GDPR and DPA 2018 and is your primary point of contact for data protection matters. General support enquiries may also be directed to support@kovix.app.

We will respond to data subject requests within one calendar month as required by Article 12 UK GDPR. We may extend this by a further two months for complex or numerous requests, in which case we will notify you of the extension and the reason for the delay.

Personal Data We Collect

2.1 Data You Provide Directly

Account registration — first name, last name, and email address, collected when you create or update your account.
Invoice content — recipient details, Robux amounts, descriptions, line items, and due dates that you enter when creating invoices. Where recipient details identify a living individual, that information constitutes personal data and is processed on your behalf as a controller-to-controller arrangement.
Support communications — messages, files, and metadata you submit through our support chat or email.
Payout requests — payout request history, amounts, and any identity or verification information we request in connection with a payout.

2.2 Data Received from Roblox via OAuth

When you authenticate with your Roblox account, Roblox provides us with:

Your Roblox user ID and username.
Your Roblox display name.
Your Roblox avatar thumbnail URL.
OAuth access and refresh tokens — stored securely and used solely to verify your Roblox group membership when you request a payout. We do not use these tokens for any other purpose.

We do not receive your Roblox password, private messages, real-money balance, or any other information beyond the above.

2.3 Payment & Transaction Data

Robux invoice payments.When a client pays a Kovix invoice via Roblox, we record: the Roblox transaction ID, the payer's Roblox user ID, the Robux amount, the platform fee calculation, and an idempotency key to prevent duplicate recording. We do not hold real-money payment card data in connection with Robux transactions.

Pro plan subscription billing — hosted by Stripe. All billing information for Pro plan purchases is collected, stored, and processed by Stripe, Inc. directly. This includes your payment card number, card expiry, CVV, billing name, and billing address. Kovix does not receive, store, or have access to your full card details. We receive only a limited set of non-sensitive metadata from Stripe: a Stripe customer ID, your subscription status (e.g. active, trialing, cancelled), the current billing period dates, and payment success or failure events. Stripe acts as an independent data controller for the billing data it holds; their processing is governed by Stripe's Privacy Policy and their UK GDPR commitments.

Transaction logs. We maintain structured internal logs of payment events (e.g. payment recorded, duplicate detected, payment rejected) for security, fraud prevention, and audit purposes. These logs contain transaction identifiers and outcome codes, not payment card data.

2.4 Data Collected Automatically

Server log data — IP addresses, browser type and version, pages visited, HTTP referrer, timestamps, and error codes. Collected automatically when you access the Service.
Cookies and browser storage — used for authentication sessions, theme preference, and support-chat continuity. See Section 9 for full details.
Game API request data — endpoint called, response outcome, and Roblox game identifier when the Service is accessed via the game integration API.

Lawful Basis for Processing

Under Article 6 of the UK GDPR, we rely on the following lawful bases. Where we rely on legitimate interests, we have carried out a balancing test confirming those interests are not overridden by your rights and freedoms.

Processing activity	Lawful basis	Details
Account creation & management	Art. 6(1)(b) — Contract	Necessary to perform the contract when you register.
Delivering invoicing, payments & payouts	Art. 6(1)(b) — Contract	Core service delivery under your agreement with us.
Roblox group membership verification	Art. 6(1)(b) — Contract	Required to process payout requests per our Terms.
Pro plan subscription management	Art. 6(1)(b) — Contract	Necessary to manage your paid subscription.
Transactional email notifications	Art. 6(1)(b) — Contract	Invoice alerts, OTP codes, payout status updates.
Fraud detection & security	Art. 6(1)(f) — Legitimate interests	Protecting our platform and users from abuse.
Audit & transaction logging	Art. 6(1)(f) — Legitimate interests	Maintaining accurate records for accountability.
Service improvement (anonymised analytics)	Art. 6(1)(f) — Legitimate interests	Aggregated data only; no individual profiling.
Legal compliance & regulatory disclosures	Art. 6(1)(c) — Legal obligation	UK law, court orders, or regulatory requests.
Optional marketing communications	Art. 6(1)(a) — Consent	Only where you have opted in. Withdrawable at any time.

Where we process data under Schedule 2 of the DPA 2018 (e.g. for crime prevention or legal proceedings), we will identify the applicable condition at the time of processing. We do not process special category data (Article 9 UK GDPR) in the ordinary course of providing the Service.

How We Use Your Personal Data

We use personal data only for the purposes identified at collection. Specifically:

To create, authenticate, and maintain your account.
To generate, send, and manage invoices on your behalf.
To record and track Robux payments and Creator earnings.
To verify Roblox group membership for payout eligibility.
To process payout requests and disburse Robux earnings.
To manage your Pro plan subscription and billing events received from Stripe.
To send transactional communications (invoice alerts, OTP codes, payout notifications).
To provide customer support.
To detect, investigate, and prevent fraud, abuse, and Terms violations.
To maintain security audit trails and transaction logs.
To comply with legal and regulatory obligations.
To improve the Service using aggregated, anonymised analytics.

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects (Article 22 UK GDPR). We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.

Disclosure of Personal Data

We do not sell or rent your personal data. We share it only where necessary, as set out below. All third-party processors acting on our behalf are bound by data processing agreements consistent with Article 28 UK GDPR.

5.1 Data Processors (acting on our instructions)

Stripe, Inc. — Payment infrastructure provider. Stripe acts as the data processor for our subscription management and, separately, as an independent data controller for billing data it collects. See Section 2.3 above. Stripe is certified under the UK International Data Transfer Agreement (IDTA) framework for transfers from the UK.
Transactional email provider — Used to deliver invoices, OTP verification codes, and payout notification emails. Receives only your email address and the content of the relevant email.
Hosting & infrastructure providers — Our platform and databases are hosted with cloud infrastructure providers. They process personal data only as necessary to host and operate the Service.

5.2 Roblox Corporation (controller-to-controller)

We communicate with Roblox's APIs to authenticate users and verify group membership. In doing so we pass your Roblox user ID and OAuth tokens to Roblox. Roblox is an independent data controller; their handling of this data is governed by the Roblox Privacy Policy.

5.3 Legal Disclosures

We may disclose personal data where required to do so by law, court order, or a lawful request from a UK public authority (e.g. the police, HMRC, or the ICO). We may also disclose data to enforce our Terms of Service or to protect the vital interests, rights, or safety of Kovix, our users, or the public. Where permitted, we will notify you of such a disclosure.

5.4 Business Transfers

If Kovix undergoes a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity. We will notify affected users by email or prominent in-app notice before their data becomes subject to a different privacy policy, and we will ensure the receiving entity provides equivalent protections.

International Transfers of Personal Data

Some of our service providers operate outside the United Kingdom, including in the United States. Where we transfer personal data from the UK to a country not covered by UK adequacy regulations made under section 17A DPA 2018, we ensure that a lawful transfer mechanism is in place. These mechanisms include:

UK International Data Transfer Agreements (IDTAs) — the UK's standard contractual mechanism for international transfers post-Brexit, approved by the Secretary of State under Article 46 UK GDPR.
UK Addendum to EU Standard Contractual Clauses — where a provider uses the EU SCCs with the ICO-approved UK Addendum.
Adequacy regulations — where the UK has determined that the recipient country provides adequate protection.

Stripe processes data in the United States and relies on IDTAs and its BCR (Binding Corporate Rules) framework for UK transfers. Details of the specific mechanisms applicable to each transfer are available on request.

Retention of Personal Data

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law. Our standard retention periods are:

Account data — for the lifetime of your account, plus 90 days after deletion to allow for dispute resolution. After that period, data is deleted or irreversibly anonymised.
Invoice and payment records — 6 years from the end of the relevant financial year, in accordance with HMRC record-keeping requirements under the Taxes Management Act 1970. Where a transaction is disputed or subject to legal proceedings, we may retain relevant records until the matter is resolved.
Transaction logs — 3 years, for fraud prevention and internal audit.
Support communications — 3 years from the date of the last message in a thread.
Server log data — 12 months, after which logs are deleted or anonymised.
Stripe billing metadata — retained for the duration of the subscription plus 6 years for tax and accounting purposes. Full card data is held solely by Stripe subject to their retention policy.

When a retention period expires, data is securely deleted or anonymised such that it can no longer be linked to an identifiable individual.

Security of Personal Data

We implement appropriate technical and organisational measures as required by Article 32 UK GDPR, taking into account the nature, scope, context, and purposes of processing and the risk to your rights and freedoms. Our measures include:

Encryption of all data in transit using TLS 1.2 or above.
Encrypted storage of OAuth tokens and other sensitive credentials at rest.
Role-based access controls restricting internal access to personal data to authorised personnel only.
Separation of production and non-production environments.
Regular review of security practices and access logs.

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and, where required, will report the breach to the Information Commissioner's Office (ICO) within 72 hours of becoming aware of it, in accordance with Article 33 UK GDPR.

Cookies & Similar Technologies

We use cookies and browser storage technologies in accordance with the Privacy and Electronic Communications Regulations 2003 (PECR) as they apply in the UK. We present a cookie consent banner on your first visit so you can choose which categories to allow.

Strictly necessary cookies — used for authentication sessions and CSRF protection. These are essential for the Service to function and cannot be disabled.
Analytics cookies (opt-in) — anonymous page performance and visitor data via Vercel Analytics and Vercel Speed Insights. No personal data is collected. Disabled by default; only active if you consent.
Functional cookies (opt-in) — used by our Chatwoot live-chat support widget to save your conversation and widget preferences. Disabled by default; only active if you consent.

We do not use advertising or cross-site tracking cookies. We do not share cookie data with advertising networks. Analytics and functional cookies are off by default — the most privacy-preserving option — unless you explicitly enable them.

You can review or change your cookie choices at any time:

Children's Privacy

The Service is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13 without verified parental or guardian consent. If you believe a child under 13 has provided personal data to us, please contact us at support@kovix.app and we will promptly delete it.

Users aged 13–17 should use the Service only with the involvement of a parent or guardian who has reviewed and agreed to this Policy on their behalf.

Your Rights Under UK GDPR & DPA 2018

You have the following rights in relation to your personal data under the UK GDPR and DPA 2018. These rights are not absolute and are subject to exemptions — we will explain the position if we are unable to comply with a request.

Right of access (Article 15) — to request a copy of the personal data we hold about you and information about how we process it (a Subject Access Request or SAR).
Right to rectification (Article 16) — to request correction of inaccurate or incomplete personal data without undue delay.
Right to erasure (Article 17) — to request deletion of your personal data where it is no longer necessary, you withdraw consent, or processing was unlawful, subject to our legal retention obligations.
Right to restriction of processing (Article 18) — to request that we limit how we use your data in certain circumstances (e.g. while accuracy is contested).
Right to data portability (Article 20) — to receive personal data you have provided to us in a structured, commonly used, machine-readable format, where processing is based on consent or contract and carried out by automated means.
Right to object (Article 21) — to object to processing based on our legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
Rights relating to automated decision-making (Article 22) — we do not carry out automated decision-making producing legal or similarly significant effects. If this changes, we will update this Policy and provide appropriate safeguards.
Right to withdraw consent (Article 7(3)) — where we rely on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

How to exercise your rights. Submit your request to support@kovix.app with sufficient information to verify your identity. We will respond within one calendar month (extendable by two further months for complex cases). We will not charge a fee unless a request is manifestly unfounded or excessive.

Right to complain to the ICO.If you are dissatisfied with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office, the UK's supervisory authority:

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113
Website: ico.org.uk

We would, however, ask that you contact us first so that we have an opportunity to address your concern before escalating to the ICO.

Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy policy of any external site before providing personal data to it.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our processing activities, legal requirements, or guidance from the ICO. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify you by email or in-app notice. We encourage you to review this Policy periodically. Continued use of the Service after the updated Policy is posted constitutes acceptance of the changes.

Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or our processing of your personal data, please contact us:

Vylix Group Ltd (operating as Kovix) — Data Controller
General enquiries: support@kovix.app
Data Protection Officer: dpo@vylix.net
Website: kovix.app
Parent company: vylix.net