This Privacy Policy explains how Rust Pulse ("we", "us", "our"), a small independent project based in Ireland, collects, uses, shares, and protects your personal information across rustpulse.app, the Rust Pulse Credentials desktop helper, and the Rust Pulse Overlay. If any of it isn't clear, email support@rustpulse.app.
| Name | Rust Pulse |
|---|---|
| Based in | Ireland |
| Privacy contact | support@rustpulse.app |
| Supervisory authority | Data Protection Commission of Ireland |
Rust Pulse is the data controller for the personal data described below. You have the right to lodge a complaint with the DPC if you believe we've handled your data improperly.
When you sign in with Steam (OpenID 2.0), we receive your Steam64 ID, your Steam persona name, and your public avatar URL. We store these to identify your account and to call Facepunch's Rust+ API on your behalf. Steam OpenID explicitly does not transmit your password, email, or any private profile data.
Legal basis: contract (Article 6(1)(b) GDPR).
We issue a long-lived device bearer token that the desktop apps store locally (encrypted with Windows DPAPI). We store a hashed reference server-side so we can revoke it if you "unpair" the device.
Legal basis: contract.
To deliver in-game pairing notifications, the desktop helper captures and uploads:
We also briefly handle a Facepunch SteamAuthToken during the registration handshake — used once server-side, then discarded. It is never persisted.
Legal basis: contract.
When you pair a Rust server, we receive — through Facepunch's official Rust+ API — your in-game position and team members' positions, map markers (cargo, heli, supply drop), team-chat messages, smart device states you control, and notifications. We store only the most recent state required to render the dashboard and overlay; we don't archive your movements or chat history. When you stop playing or unpair the server, that data is purged within 24 hours.
Legal basis: contract.
Rust Pulse is a paid service with three subscription tiers — SCOUT, OPERATOR, and OVERLORD. Payment is processed by Stripe, Inc. (Stripe is the data processor for billing; we are the merchant).
When you check out via Stripe, Stripe collects your billing email and payment details directly. We do not store, query, or use your email address for any purpose. Our database identifies you only by your Steam ID. From Stripe's side we maintain a record of: your subscription tier and status, Stripe's customer and subscription IDs, and the last four digits of your card (for receipt display).
We never see your full card number, CVV, expiry, your bank details, or your billing email in our own systems. Any subscription-related emails you receive (receipts, payment retries, cancellation confirmations) are sent by Stripe directly using the email you gave Stripe at checkout. See Stripe's privacy practices.
Legal basis: contract; legal obligation (Irish tax law requires we retain financial records for 6 years).
For security and debugging, our servers record: IP address (truncated to /24 subnet within 24 hours), browser user agent, request URL, HTTP status code, and timestamp. Logs are kept for 30 days then deleted. Not used for analytics or profiling.
Legal basis: legitimate interest (Article 6(1)(f) GDPR).
After pairing, the Credentials helper makes a single call to Steam's public profile XML endpoint to retrieve your persona name and public avatar image. This is the same information anyone visiting your Steam profile can see. The avatar bytes are cached locally on your computer for 24 hours then re-fetched.
Legal basis: contract.
The dashboard uses strictly necessary cookies and localStorage entries only: a session cookie to keep you signed in, and a preference cookie remembering your last-selected server and UI layout. We do not set any third-party, advertising, or analytics cookies. Because none are non-essential, we don't show a cookie banner — the EU ePrivacy Directive only requires consent banners for non-essential cookies.
We share data only with sub-processors who help us deliver the service. Each is bound by a Data Processing Agreement and processes your data only on our instructions.
| Sub-processor | Role | Data shared | Jurisdiction |
|---|---|---|---|
| Facepunch Studios Ltd. | Rust+ companion API | Steam64, push token | United Kingdom |
| Valve (Steam) | OpenID identity | OpenID redirect only | United States |
| Google (Firebase Cloud Messaging) | Push delivery | FCM token registration | United States |
| Expo | Push token brokerage | FCM token, Steam64 | United States |
| Stripe | Payments (subscribers) | Email, card brand & last-4, billing address | United States / Ireland |
| Our hosting provider | Server infrastructure | Everything stored server-side | EU (Frankfurt region) |
We do not sell, rent, or otherwise transfer your personal data for marketing purposes. We will not share your data with anyone else unless legally compelled (e.g. valid court order from an Irish court), in which case we will tell you unless prohibited by law from doing so.
Some sub-processors above are based outside the European Economic Area. When personal data is transferred outside the EEA, we rely on the European Commission's Standard Contractual Clauses for the transfer, plus each provider's own GDPR adequacy commitments (Google, Expo, and Stripe each maintain SCCs and are EU-US Data Privacy Framework participants where applicable).
| Data | Retention |
|---|---|
| Account record (Steam ID, persona) | While your account is active. Deleted on account deletion. |
| Device tokens (paired devices) | Until you unpair or delete your account. |
| FCM credentials | Until you unpair or revoke at Facepunch. |
| Game state (map markers, team positions) | 24 hours after your last activity on that server. |
| Subscription billing records | 6 years (Irish Revenue requirement). |
| Operational request logs | 30 days. |
| Local files on your computer | Until you uninstall the app or click "Unpair". |
You can delete your entire account at any time via the dashboard (Settings → Delete account) or by emailing support@rustpulse.app. Deletion is processed within 30 days, except for records we're legally required to retain.
Because we process your data in Ireland under EU law, you have these rights regardless of where you live:
Email support@rustpulse.app to exercise any of these rights. We respond within 30 days (often within 48 hours). No fee unless the request is manifestly excessive or repetitive.
No system is 100% secure. If we ever experience a personal data breach affecting your data, we'll notify the Irish Data Protection Commission within 72 hours of becoming aware, as required by Article 33 GDPR.
Because we do not store your email address (see section 2.5), individual email notification of affected users would involve disproportionate effort within the meaning of GDPR Article 34(3)(c). In its place, for any breach that meets the Article 34 high-risk threshold, we will publish a prominent public notice on rustpulse.app and on the dashboard sign-in screen describing the breach, the affected data categories, and recommended steps for users to take. This public-communication route is expressly permitted by Article 34(3)(c) when direct contact would be disproportionate, and is the most effective channel available to us given the data-minimisation choice that we do not collect email addresses.
Rust Pulse is intended for adult players of Rust (PEGI 16 / ESRB Mature 17+). We do not knowingly collect data from anyone under 16. If you believe a child has used our service and provided personal data, email support@rustpulse.app and we will delete the associated account.
We do not use automated decision-making or profiling that produces legal or similarly significant effects on you, within the meaning of Article 22 GDPR.
If we make material changes (a new sub-processor, a changed legal basis), we'll update the "Last updated" date at the top of this page and display a clear notice on the rustpulse.app dashboard for at least 30 days before the change takes effect. Because we do not store your email address, the dashboard notice is the practical channel through which we reach existing users — please check it periodically. For non-material changes (typo fixes, clarifications), we'll just update the date. Past versions are available on request from support@rustpulse.app.
For any privacy-related question, request, or complaint:
Email: support@rustpulse.app
If you do not get a response within 30 days, you can also contact:
Data Protection Commission
21 Fitzwilliam Square South
Dublin 2, D02 RD28, Ireland
www.dataprotection.ie · +353 (0)761 104 800