This Cookie Policy explains how Shotai, LLC ("Company," "we," "us," "our") uses cookies and similar tracking technologies in connection with the GrowRo Chrome browser extension and the website at https://growro.com ("Website"). It explains what these technologies are and why we use them, what's actually set (very little), and how to control or remove them.
Cookies are small data files that are placed on your computer or
mobile device when you visit a website. Cookies are widely used
by website owners to make their websites work, work more
efficiently, or to provide reporting information. Browsers also
provide other client-side storage mechanisms (such as
localStorage and extension-specific storage like
chrome.storage.local / chrome.storage.session).
For the purposes of this policy we use "tracking technologies" to
refer to all of these together.
GrowRo's use of tracking technologies is lighter than a typical Robux Back product because most of what we do happens through a browser extension rather than a website. On growro.com itself we use a strictly-necessary session cookie, a small amount of first-party functional storage (described below), and a product-analytics tool (PostHog) to understand how the dashboard is used. In the European Economic Area, the United Kingdom, Switzerland, and Brazil, the product-analytics storage is blocked until you accept it on the consent banner; visitors in the United States, Canada, and the rest of the world see no banner and analytics initializes alongside the necessary storage. The technologies in the table are set by the GrowRo Chrome extension, by our backend at growro.com, by our consent-management vendor (Termly), or — in the case of affiliate cookies — by the affiliate networks our redirect chain routes through when you click "Activate Robux Back."
| Name / Mechanism | Set by | Purpose | Duration |
|---|---|---|---|
growro_session (httpOnly cookie on growro.com) |
GrowRo dashboard / API at growro.com | Strictly necessary. Server-side session token (stored only as a SHA-256 hash at rest, never readable from JavaScript) issued when you sign in. Authenticates your dashboard requests + your account-management actions. Sliding 1-year expiry that refreshes on use. | 1 year of inactivity, or until you sign out / sign out all other devices. |
userId, userAuthToken (extension storage, chrome.storage.local) |
GrowRo extension | Strictly necessary. Identifies your account and authenticates API calls from the extension service worker to growro.com (which can't use the httpOnly cookie above). Without these the extension cannot record activations or credit your balance. | Until you uninstall the extension, sign out from the popup, or you reset state explicitly. |
Stand-down cooldown record (extension storage, chrome.storage.session) |
GrowRo extension | Functional. Records that another affiliate publisher referred you to a given retailer, so we suppress the activation banner on that retailer for the rest of your browser session. See the Privacy Policy. | Cleared automatically when the browser closes. |
afsrc=1, growro_clk=<id> URL parameters |
GrowRo redirect | Functional. afsrc=1 is the universal stand-down marker that tells other compliant rewards extensions to pause on this retailer; growro_clk is our self-attribution marker so we recognize our own redirect chain. Both are stripped from the address bar via history.replaceState after the content script reads them. |
Per page-load; per-tab session flag preserves the verdict across reloads. |
cjevent, irclickid, awc, ranmid, sscid, and similar (affiliate cookies on the retailer domain) |
Affiliate networks (CJ Affiliate, Impact, Awin, Rakuten Advertising, Sovrn Commerce, ShareASale, FlexOffers, eBay Partner Network) at activation | Functional. Track the click for commission attribution so the network can pay GrowRo when your purchase confirms. We do not set these cookies directly; the network's tracking redirect does. We do not have access to read these cookies — only the network and the retailer do. | Network-defined, typically 7–30 days depending on the network's standard window. |
ph_*_posthog (cookie and / or localStorage on growro.com, depending on browser) |
GrowRo via PostHog | Analytics. Stores an anonymous distinct identifier so that page views, button clicks, and product events from the same browser group together for funnel analysis. Once you sign in to the dashboard the anonymous identifier is linked to your GrowRo user ID. We do not transmit your password, session token, IP address, or form contents to PostHog. In the European Economic Area, the United Kingdom, Switzerland, and Brazil, this storage is blocked until you accept it on the consent banner. | Up to 1 year, or until you clear browser storage or revoke consent via the Cookie Preferences link. |
growro_first_utm (localStorage on growro.com) |
GrowRo | Functional. Records the marketing campaign parameters (utm_source, utm_medium, utm_campaign, utm_term, utm_content) of your first visit, so we can credit acquisition channels even if you sign up days later from a different visit. Write-once: never overwritten on later visits. First-party only, not shared with third parties beyond the product-analytics processor named above. |
Until you clear browser storage. |
growro_install_modal_shown, growro_install_banner_dismissed (sessionStorage on growro.com) |
GrowRo dashboard | Functional. Remembers that you have already seen or dismissed the "install the GrowRo extension" prompts so we do not re-prompt during the same browser session. | Cleared automatically when the browser tab closes. |
TERMLY_API_CACHE and similar (cookies / storage set by Termly) |
Termly | Strictly necessary. Records your consent choices (which categories of optional cookies you have accepted or declined) so the consent banner does not re-appear on every page load in regions where the banner is shown. | Up to 1 year, or until you clear browser storage. |
GrowRo does not use any of the following:
In the European Economic Area, the United Kingdom, Switzerland, and Brazil, a consent banner appears on your first visit asking whether you want to allow product-analytics storage. Accepting is optional and you can decline without losing access to any feature of GrowRo. To change your choice later, click Cookie Preferences (this link opens the consent panel where you can update or withdraw your consent).
In the United States, Canada, and the rest of the world, no consent banner is shown because applicable law does not require opt-in consent for the storage described above. United States residents with rights under the California Consumer Privacy Act and similar state laws (Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia) can exercise their rights — including the right to opt out of any sharing of personal information — via the Do Not Sell or Share My Personal Information link, or by emailing privacy@growro.com. See Section 13 of our Privacy Notice for the full list of state-law rights.
The cleanest way to remove all GrowRo-related extension storage
is to uninstall the extension: right-click the GrowRo icon in
Chrome's toolbar → "Remove from Chrome." That removes
chrome.storage.local and
chrome.storage.session data immediately.
The dashboard's growro_session cookie is
httpOnly, so it can't be cleared from JavaScript. The
simplest options:
growro_session entry.Affiliate cookies set by the networks live on the retailer's own domain. You can clear them via Chrome's site-settings panel for the retailer in question, or by using your browser's general cookie-management settings. If you block third-party cookies entirely, GrowRo's commission tracking may fail (the network won't know who referred your click), and you may therefore not earn Robux Back on that activation.
The following links cover how to manage cookies in popular browsers:
At this stage, no uniform technology standard for recognizing and implementing Do-Not-Track ("DNT") signals has been finalized. We do not currently respond to DNT browser signals. If a standard is adopted that we must follow, we will update this Cookie Policy.
GrowRo is intended only for users 18 and older and is not designed for use by anyone under 18. See section 10 of our Privacy Policy.
We may update this Cookie Policy from time to time to reflect changes to the technologies we use or for other operational, legal, or regulatory reasons. Material changes will be posted on growro.com with an updated effective date before the new version takes effect. The "Last updated" date at the top of this Cookie Policy reflects the most recent change.
If you have any questions about our use of cookies or other tracking technologies, email us at privacy@growro.com, call us at +1 (347) 450-0718, or contact us by post at:
Shotai, LLC
c/o Legalinc Corporate Services Inc.
131 Continental Dr, Suite 305
Newark, DE 19713, USA