RustWho Privacy Policy
Effective Date: 28 February 2026
Jurisdiction: Kingdom of Saudi Arabia (Dammam)
1. Controller, Scope, and Governing Law
Controller: RustWho LLC, Dammam, Kingdom of Saudi Arabia. Privacy contact: hello@rustwho.com.
We operate from Saudi Arabia and primarily follow Saudi law (PDPL). We do not direct or target the Service to the United States or the European Union. If you access the Service from outside Saudi Arabia, you do so at your own initiative and must comply with local law. Where other laws apply to a particular request, we will review and assist in good faith.
2. Definitions
- Personal Data: Any data that can identify an individual directly or indirectly.
- Sensitive Data: Data requiring higher protection (for example, government ID numbers, financial data, or precise location).
- Public Data: Information lawfully accessible without bypassing access controls.
- OSINT: Open-source intelligence from lawful public sources and public indexes.
- Processing: Any operation on data, such as collection, storage, analysis, disclosure, or deletion.
- Extension: The RustWho browser extension used on supported websites.
3. OSINT and Public Data Position
RustWho is an OSINT platform. We show and summarize lawfully public data and add analytics and AI-generated insights to make that data easier to understand. We do not sell personal data. We sell access to tools and features.
Publicly accessible endpoints, public indexes, and public search results that do not require authentication are treated as public data. We do not bypass access controls, paywalls, or authentication requirements.
If you are a data source owner and want us to restrict or remove access to specific public data, contact us. While we are not always legally required to do so, we value collaboration and will review requests in good faith.
4. What We Do (Summary)
- We provide OSINT tools and search features for the Rust gaming community.
- We do not sell personal data. We sell access to tools and analytics.
- We process limited account, billing, and usage data to run the Service.
- We summarize and reorganize public data using analytics and AI to produce insights.
5. Categories of Data We Process
| Category | Examples | Purpose |
|---|---|---|
| Account and identity | Email address, password (handled by our auth provider), account status | Account access, security, subscription management |
| Identifiers | SteamID, usernames, account links you provide | Profile lookup, linking, personalization |
| Subscription and billing | Plan name, status, payment identifiers from payment processors | Billing, renewals, refunds, fraud prevention |
| Communications | Support emails, feedback, reports, requests | Customer support, issue resolution, compliance |
| User content | Comments, reports, and other content you submit | Community features, moderation, safety |
| Technical and usage data | IP address, device type, browser, logs, event timestamps | Security, troubleshooting, performance, analytics |
| Preference storage | Cookies and local storage preferences (for example, UI state) | Remember settings and improve UX |
| OSINT and public data | Publicly accessible player, server, and activity information | Search, analytics, and summaries |
| Server and integration data | Server identifiers, tokens, or credentials you provide | Enable server-linked features you request |
| SMS and phone alerts (optional) | Phone numbers, verification codes, alert preferences, credits | SMS alerts, phone call alerts, account verification |
6. Data Sources
- Directly from you: When you create an account, subscribe, or submit content.
- Public sources: Information that is lawfully and publicly available.
- Partners and servers: Data provided with authorization or with evidence that it is public.
- Service providers: Payments, hosting, analytics, communications, and SMS delivery.
7. Legal Bases for Processing (PDPL)
We process personal data under one or more of the following bases:
- Contract: To provide the Service you request.
- Consent: For optional features, communications, or where required by law.
- Legitimate interest: Security, fraud prevention, and service improvement.
- Legal obligation: Compliance with Saudi laws and lawful requests.
8. How We Use Data
- Operate and secure accounts and subscriptions.
- Deliver searches, analytics, and AI summaries.
- Prevent abuse, fraud, and unauthorized access.
- Provide customer support and handle legal requests.
- Maintain service performance and reliability.
9. AI and Automated Processing
We use automated processing to summarize and reorganize public data into readable analytics. These outputs are informational and are not used to make legally significant decisions about individuals.
10. Tracker Feature (Public Server Data)
The Tracker feature provides player statistics by reading public, non-authenticated server data (for example, public leaderboards or publicly accessible stats endpoints). When a user tracks a SteamID, we only access data that the server has already made public to anyone. We do not access private, admin-only, or authenticated data without explicit authorization.
If you operate a service and believe our access to your public data is harmful or should be restricted, contact us at hello@rustwho.com, on Discord: @5xd5 (nickname: vigor0us), or via WhatsApp / call: +966555768760. While we may not be legally obligated to restrict public data, we value collaboration over conflict and will review requests in good faith.
11. Opt-Out and Removal Requests
11.1 Profile Visibility Opt-Out (Paid)
We offer a paid opt-out option (currently $4.99/month) that hides your profile from RustWho search results. This does not remove data from the original public sources.
11.2 Sensitive or Harmful Data
If you believe RustWho displays sensitive or harmful data (for example, government IDs, home addresses, or other high-risk data), contact us with specific details. We will review the request and remove or restrict access where appropriate.
11.3 Public Data Removal
RustWho is an OSINT service that summarizes lawfully public data. We may decline removal requests when the data is public and non-sensitive, but we will always review requests in good faith.
12. Sharing and Disclosure
We do not sell personal data. We share data only as needed to provide the Service:
- Hosting and infrastructure providers.
- Analytics and performance monitoring providers.
- Payment processors (for example, Stripe) for billing.
- Messaging and SMS providers for alert features.
- Authorities where required by law.
13. Cross-Border Transfers
We primarily process data in Saudi Arabia. If data is transferred outside Saudi Arabia, we do so in accordance with PDPL requirements and applicable transfer safeguards.
14. Cookies and Local Storage
We use essential cookies and local storage for login sessions, security, and preferences. You can control cookies through your browser settings, but some features may not work without them.
- Authentication cookies (required for login).
- UI preference cookies (for example, sidebar state).
- Local storage for saved searches and alert settings.
15. Data Retention
We retain personal data only as long as needed to provide the Service, meet legal obligations, and resolve disputes. You may request deletion. Some limited records may be retained for compliance, security, or backup purposes.
16. Your Rights Under PDPL
- Right to be informed about how your data is processed.
- Right to access your personal data and obtain a copy.
- Right to correct inaccurate or incomplete data.
- Right to request destruction of data when no longer needed.
- Right to withdraw consent where processing is based on consent.
We respond to verified requests within the timelines required by PDPL regulations. We may ask for identity verification to protect your data.
17. Security
We use administrative, technical, and physical safeguards to protect data, including access controls, encryption in transit, and monitoring. No system is 100 percent secure.
18. Children's Privacy
The Service is not intended for users under 18. If we learn that we have collected data from a minor without appropriate authorization, we will delete it.
19. Third-Party Links and Media
The Service may link to third-party websites or embed third-party media. Those services are governed by their own policies, and we are not responsible for their practices.
20. Browser Extension Privacy (BattleMetrics Integration)
The RustWho browser extension is designed to work only inside the end user's authorized sessions on supported sites (for example, BattleMetrics and the Rust+ companion site). It reads data the user can already access and uses it to render RustWho UI and analytics in the page. We do not bypass access controls.
The extension may transmit limited data to RustWho servers to provide features and improve accuracy. Examples include BattleMetrics player or server IDs, derived activity metrics (such as total hours, clan counts, or peak/low hours), and account identifiers such as a SteamID. If you choose to link your Rust+ account, the extension extracts the Rust+ SteamID and token from the companion login success page and sends them to RustWho to complete the link.
The extension stores settings and tokens in your browser storage and may cache limited analytics locally for performance. Optional BattleMetrics and Steam API keys you provide are stored locally and used only to call those third-party APIs; they are not shared with RustWho.
The extension is not affiliated with or endorsed by BattleMetrics. Users must comply with BattleMetrics terms and access rules when using the extension.
21. Changes to This Policy
We may update this Policy from time to time. Material changes will be posted on the Service with a new effective date.
22. Contact
For questions, requests, or complaints, contact: hello@rustwho.com or Discord @5xd5 (nickname: vigor0us). If Discord is inactive, contact the owner via WhatsApp / call: +966555768760.
Full Legal Document (PDF)
You can view or download the full Privacy Policy as a PDF: