RustWho Privacy Policy

This Privacy Policy explains how RustWho processes personal data in connection with the Service. RustWho operates from the Kingdom of Saudi Arabia and structures its privacy approach primarily around the Saudi Personal Data Protection Law ("PDPL") and related regulations, guidance, and lawful processing requirements.

This Policy applies to the RustWho website, dashboard, browser extension, payment flows, support channels, communications, and related services.

Depending on how you use the Service, RustWho may process:

• account data, such as email address, account ID, login status, and subscription status;
• billing and payment references, such as plan, payment status, transaction references, and processor identifiers;
• support and communications data, such as messages, requests, reports, and attachments you send us;
• technical and usage data, such as IP address, browser type, device information, timestamps, logs, and session events;
• identifiers used for Service functionality, such as SteamID, usernames, linked account references, server identifiers, and similar gameplay-related identifiers;
• public-source data, where a person or account may be directly or indirectly identifiable through information collected from publicly available sources;
• derived analytics, such as historical summaries, activity metrics, classifications, correlations, trend signals, and profile-level analytics; and
• user settings, local preferences, and browser or extension storage values required for product functionality.

Gaming identifiers such as SteamID, player aliases, and server identifiers are processed as public gameplay identifiers rather than personal identity information.

RustWho may collect or receive personal data:

• directly from you;
• from your browser or device when you use the Service;
• from payment providers, hosting providers, authentication providers, and other service providers;
• from public websites, public pages, public search results, and other publicly available sources;
• from public endpoints or other sources RustWho reasonably believed were publicly available at the time of collection; and
• from community partners, server operators, and other third parties that provide data or signals to RustWho.

Where data is collected from a publicly available source, RustWho still aims to apply review, limitation, and compliance controls rather than treating such data as unrestricted.

RustWho may process data to:

• create, manage, and secure user accounts;
• provide subscriptions, paid features, and account-linked services;
• deliver search, indexing, analytics, alerts, and intelligence features;
• operate and improve the browser extension;
• render compatibility and interface features inside supported pages;
• investigate abuse, fraud, manipulation, evasion, and misuse of the Service;
• respond to support requests and review disputes;
• preserve records for compliance, evidence, and security review;
• monitor product performance and reliability; and
• comply with legal obligations and lawful requests.

RustWho processes personal data where permitted by applicable law, including where processing is necessary to provide the Service, where you consent, where legal obligations apply, or where another lawful basis under applicable Saudi law is available for the relevant processing context.

Where consent is the relevant basis, you may withdraw it, subject to legal or technical limits affecting continued feature availability.

The RustWho browser extension is intended to operate only within the end user's browser and within the contexts the user chooses to use it, including supported BattleMetrics pages, the extension popup, and the Rust+ companion linking flow.

The extension does not monitor payment card details, private messages, or a user's full browsing history. It reads supported page content only to extract the gameplay identifiers and page context reasonably necessary to provide RustWho analytics features on supported pages. If a user chooses to sign in through the extension popup, the extension also collects the email address and password the user enters for authentication with RustWho or its authentication provider.

Collection. Depending on feature use, the extension may access, collect, store, or transmit limited data necessary to provide user-facing functionality, such as:

• supported page URLs, page type, and relevant page identifiers;
• SteamID, BattleMetrics, server, player, clan-tag, or similar identifiers;
• activity-related metrics, derived analytics, and snapshot fields such as total hours, detected clan counts, top clan tag, peak hour, low hour, and timestamps;
• extension sign-in data such as email address, password, RustWho access tokens, refresh tokens, token expiry, and subscription tier or feature flags;
• viewer profile data returned after authentication, such as email, name, avatar, linked SteamID, Steam name, and Steam avatar;
• user settings, preferences, cached results, and queued submissions; and
• limited account-link state, Rust+ linking data, request metadata, and technical logs where the user deliberately initiates an account-link, entitlement, informer, or compatibility feature.

If a user voluntarily enters an optional BattleMetrics admin token, Steam Web API key, or similar feature credential for an extension feature, that credential is stored locally in the browser or extension storage on the user's device and used only for the corresponding feature. Those optional credentials may be transmitted directly by the extension to BattleMetrics or Steam in user-initiated requests for the enabled feature. RustWho does not sell those credentials and does not receive them unless the feature expressly says otherwise at the point of collection.

If a user deliberately uses the Rust+ linking flow, the extension may extract the SteamID and Rust+ token shown on the Facepunch companion success page and send that data to RustWho solely to link and operate the informer feature requested by the user.

Handling and use. Extension-related data is handled only to render RustWho overlays and lookups, verify account access, operate account-linked features, perform user-requested extension functions, link Rust+ informer access, submit SteamID corrections or associations, send player or server snapshots to RustWho, prevent abuse, debug failures, maintain compatibility, and improve feature accuracy.

Storage. Extension-related data may be stored locally in browser or extension storage on the user's device, including settings, cached results, session-linked state, and locally retained optional credentials described above. Local storage may include RustWho access tokens, refresh tokens, token expiry, BattleMetrics admin tokens, Steam API keys, cached viewer data, player snapshots, server snapshots, and queued SteamID submissions. Where extension data is transmitted to RustWho servers, it may also be stored on RustWho systems or infrastructure providers for the period reasonably necessary to operate the feature, maintain security and logs, investigate abuse, troubleshoot, and comply with Section 11.

Sharing. RustWho does not sell extension-collected data and does not share it with advertisers, data brokers, or information resellers. Extension-related data may be shared only with the categories of recipients described in Section 9, such as hosting, authentication, logging, analytics, payment, communications, security, and legal-compliance providers, and only to the extent reasonably necessary for the feature or legal compliance. In addition, the extension sends relevant requests or identifiers to RustWho, BattleMetrics, Steam, and the Rust+ companion flow only when needed for the specific feature the user invokes.

User controls. Users can stop further extension-side collection by disabling the extension, clearing extension storage, signing out or unlinking an account-linked feature where applicable, or uninstalling the extension. Uninstalling the extension does not automatically delete data previously transmitted to RustWho servers, which remains subject to this Policy and the retention terms in Section 11.

RustWho may use cookies, local storage, and extension or browser storage for:

• authentication and session management;
• security;
• saving preferences;
• caching limited analytics for performance; and
• storing configuration and extension settings.

You may control some of these through your browser settings, but some features may stop working properly.

RustWho does not sell personal data as a standalone product.

RustWho may share data:

• with hosting, infrastructure, authentication, logging, and analytics providers;
• with payment processors and communications providers;
• with fraud-prevention, monitoring, and security providers;
• with professional advisors, auditors, or insurers where reasonably necessary;
• with competent authorities where required by law; and
• in connection with a reorganization, financing, acquisition, or asset transfer.

RustWho may process or store data inside or outside the Kingdom where operationally necessary and legally permissible. Where cross-border transfer or hosting rules apply, RustWho aims to use the safeguards required by applicable Saudi rules.

RustWho retains data only for as long as reasonably necessary for the purposes described in this Policy, including service provision, security, billing, troubleshooting, analytics, dispute resolution, legal compliance, and evidence preservation.

Retention periods may vary by data type, feature, risk, and dispute status.

Because some data shown or processed by RustWho may come from public sources or third parties, it may be incomplete, historical, delayed, disputed, or inaccurate.

RustWho may annotate, restrict, suppress, correct, or remove data where appropriate, but does not guarantee that all information in the Service is always current or error-free.

Subject to applicable law, verification requirements, and any lawful exceptions, individuals may request:

• information about how their data is processed;
• access to personal data and, where applicable, a copy of it;
• correction of inaccurate or incomplete data;
• deletion or destruction where legally appropriate; and
• withdrawal of consent where consent is the basis for processing.

RustWho may request identity verification and may refuse, limit, or defer a request where applicable law permits. Complaints or requests may be sent to hello@rustwho.com.

If you believe RustWho displays:

• highly sensitive data;
• government identifiers;
• home addresses;
• financial information;
• data involving a minor; or
• materially harmful or wrongly matched identity information,

contact hello@rustwho.com with sufficient detail. RustWho may request verification or supporting evidence before taking action.

RustWho uses reasonable administrative, technical, and organizational measures to protect data, including access controls, limited internal access, logging, monitoring, and encryption in transit where appropriate. No system is completely secure, and RustWho does not guarantee absolute security.

The Service is not intended for users under 18. If RustWho learns that it collected personal data from a minor without appropriate authorization, RustWho may restrict or delete the data as appropriate.

RustWho may update this Privacy Policy from time to time. Updated versions become effective when posted unless a later date is stated.

For privacy requests or complaints, contact hello@rustwho.com.