Privacy Policy

Rust On Top is an unofficial Windows companion app for the game Rust, and this website is its home: the place you download the app, sign in with Steam, manage a ROT Pro subscription, and connect Discord if you want the subscriber role. This policy explains what data the app and the website handle and why.

We collect as little as possible. Your Rust+ sign-in credentials stay on your own device. We store a small amount of account, team, and subscription data on our servers so cross-device, team, and billing features work. Stripe handles all payments; your card details never touch our servers. When you die in-game, the app sends a small cropped image of your screen to an AI service that reads the on-screen text. That image is used once for that purpose and never stored.

We do not sell your data, show you ads, or use your data to train AI models. The website sets no advertising or tracking cookies, only the cookies needed to keep you signed in (see our Cookie Policy).

Rust On Top is built by an independent developer in Sweden. We are the data controller for the personal data described here.

Questions about this policy or your data: richard@rustontop.com or anton@rustontop.com.

This one policy covers both the Rust On Top desktop app and the rustontop.com website, including your web account, ROT Pro billing, and the optional Discord connection. Where something applies to only one of the two, we say so.

Vercel hosts the website. Like nearly every website, the hosting keeps short-lived technical logs of requests (IP address, browser type) to run the site, prevent abuse, and diagnose problems.

We measure traffic with Vercel Web Analytics, which is cookieless and anonymous: it counts page views in aggregate and cannot follow you across other sites. We use no advertising networks and no third-party tracking pixels.

You can sign in to the website with your Steam account to manage a subscription. Sign-in happens on Steam's own pages through Steam's OpenID service. We never see your Steam password.

The sign-in gives us your verified 64-bit Steam ID. We also look up your public Steam profile (display name and avatar) through the Steam Web API so the site can greet you by name, and we cache that name and avatar with your account record.

Staying signed in uses a single signed cookie holding your Steam ID. The Cookie Policy has the details.

If you subscribe to ROT Pro, Stripe hosts the checkout page and the billing portal. Your card or other payment details go directly to Stripe and never touch our servers. We cannot see your full card number.

To know which account is subscribed, we store a billing record in our database: your Steam ID, your Stripe customer and subscription identifiers, the subscription's status and plan, its current period and trial end dates, and whether it is set to cancel.

Stripe records your acceptance of our terms at checkout, including your express request that the service start immediately, so that consent can be shown later.

Stripe also processes your payment data for its own legal purposes (fraud prevention, financial compliance) as an independent controller under the Stripe Privacy Policy. Stripe issues the receipts and invoices.

On your account page you can connect a Discord account to receive our subscriber role on the Rust On Top Discord server. The authorization happens on Discord's own pages. We never see your Discord password.

If you connect, we store your Discord user ID and username alongside your Steam ID, plus whether the role is granted. Our bot adds or removes the role on our server as your subscription starts and ends.

Disconnecting Discord on your account page deletes the link from our database and removes the role.

You sign in through Steam using Facepunch's official Rust+ companion login. We never see or store your Steam password; Steam and Facepunch handle the sign-in.

From this sign-in the app receives a Rust+ authentication token, push-notification (FCM) credentials, and a device coordination token. These are stored on your own device and are used to talk to the official Rust+ service on your behalf, the same way the official Rust+ mobile app works.

These stay on your computer: your Rust+ authentication token, your push-notification (FCM) credentials, and the device coordination token. We never upload them.

The app reads item and map icons from your own installed copy of Rust. We do not collect them.

So that team, cross-device, and billing features work, we store the following in our database (Supabase):

• Your Steam ID and Steam display name, so we know who is signed in.
• Your teammates' Steam IDs and in-game names, and the identifiers of the servers you have paired.
• Team-death events: the Steam IDs, names, map location and time of deaths involving your team, including the player who killed you (who may not be on your team), together with the related combat-log details such as weapon, distance, and damage.
• Players you choose to track: their name or Steam ID and whether they are currently online.
• Decay reminders you create: the base location and decay details.
• Live team presence (who on your team is online). This is short-lived and refreshed as you play.
• Your ROT Pro billing record, as described above: your Steam ID, Stripe identifiers, and subscription status, but not your card details.
• Your Discord link, if you connect one: your Discord user ID and username.

We do not store your real name, postal address, phone number, or any sensitive information such as health, religion, biometrics, or precise real-world location.

We do not store your payment card details; those go directly to Stripe.

We do not store the death screenshots. The app discards them as soon as the text has been read (see below).

We do not sell your data, show you ads, or use your data to train AI models.

When you die, the app captures a small cropped region of your screen (the thin strip showing who killed you) and sends that single image to our server, which forwards it to Google's Gemini AI service.

Gemini reads the text in the image (the killer's name) and returns that text to the app. The process is automated from end to end; no person at Rust On Top or Google reviews your screen for this feature.

The image is used once to extract that text and then discarded. It is not saved on your device, not saved on our servers, and not used to train any AI model. Only the extracted text (the killer's name) is kept where the feature needs it.

Google processes this image under its own terms and privacy policy. See Google's AI / Gemini API Terms and Google's Privacy Policy.

BattleMetrics public API: the app queries BattleMetrics' public API to look up public player online status and resolve Steam IDs. This uses publicly available information.

Official Rust+ API (Facepunch): live data such as your team, map markers, and server info comes from Facepunch's official Rust+ service. When the app makes a Rust+ request on your behalf, your Rust+ token is sent to Facepunch's API, exactly as the official Rust+ app does. Outgoing team or clan chat you send is delivered only through the official Rust+ chat function.

We use a small number of trusted service providers (sub-processors): Google LLC (Gemini AI, to read screen text); Supabase (our database and storage); Hetzner Online (hosting for our server/API); Stripe (payments and billing); and Vercel (website hosting and cookieless analytics).

We also interact, on your behalf, with Facepunch / Rust+, Steam (Valve) for sign-in, Discord if you connect it, and the BattleMetrics public API. Each of these has its own privacy policy.

We do not sell your personal data and do not share it for advertising.

The website sets only strictly necessary cookies: one that keeps you signed in after Steam sign-in, and one short-lived cookie that protects the Discord connection flow. There are no advertising or cross-site tracking cookies, so the law does not require a consent banner and we do not show one.

The full list, lifetimes, and how to manage them are in our Cookie Policy.

Under the GDPR we rely on: performance of our agreement with you, to provide the features you ask for (sign-in, team coordination, death screen reading, your ROT Pro subscription); our legal obligations, such as keeping billing records for bookkeeping and tax law; our legitimate interests, to keep the app and website working, secure, and debuggable; and your consent where a feature is optional and you switch it on, such as connecting Discord.

Where we rely on consent, you can withdraw it at any time by turning the feature off or contacting us.

Some of our providers (Google, Stripe, Vercel, our hosting) may process data outside the European Economic Area, including in the United States.

Where that happens, the transfer is protected by an appropriate safeguard, such as the European Commission's Standard Contractual Clauses and/or the EU-US Data Privacy Framework.

We do not keep death screenshots; the app discards them as soon as the text has been read.

We keep account and team data (your Steam ID, teammates, paired servers, team-death events, tracked players) while you use the app, and delete it within 30 days of your deletion request or of your account becoming inactive.

Billing records follow different rules: bookkeeping and tax law requires us to keep invoicing and transaction data, in Sweden generally for seven years. We keep only what those laws require, and Stripe retains the payment records it must hold under its own obligations.

We keep your Discord link until you disconnect it or ask us to delete your account.

We keep support emails for around 12 months and server error logs for up to 90 days.

You have the right to access the data we hold about you, to correct it, to delete it, to restrict or object to our use of it, to data portability, and to withdraw any consent you have given.

To use any of these rights, email richard@rustontop.com or anton@rustontop.com. We will respond within one month.

Email richard@rustontop.com or anton@rustontop.com to delete the data we hold about you, and include your Steam ID if you can. We will erase it within 30 days. If you have an active subscription, cancel it first from your account page. Bookkeeping law requires us to keep invoicing records for its retention period even after the rest of your data is deleted.

You can also cut off the app's access at any time by signing out of Rust+ inside the app and uninstalling it. Pressing "Re-register" in the in-game Rust+ menu invalidates every Rust+ token Facepunch has issued you, including ours.

Signing out or uninstalling removes the credentials stored on your device: the Rust+ token, push credentials, and device token.

Rust On Top is not intended for children. Rust is rated PEGI 16 / ESRB Mature, and you should be old enough to use Rust and its companion tools in your country. We do not knowingly collect data from children.

To subscribe to ROT Pro you must be old enough to enter into a paid agreement in your country, or have a parent's or guardian's permission.

If you are unhappy with how we handle your data, you can complain to your local data protection authority. In Sweden, that authority is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY).

We may update this policy from time to time. We will change the "Last updated" date above and, for important changes, tell you in the app or on the website.

Questions: richard@rustontop.com or anton@rustontop.com.