Privacy Policy

Effective date: 28 February 2026

1. Overview

TM RustPlus (“we”, “us”, “our”) is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and store your personal information in connection with our website and Discord bot service (“Service”).

We are bound by the Privacy Act 1988(Cth) and the Australian Privacy Principles (“APPs”) contained in that Act. This policy is drafted in accordance with those obligations.

Our servers are located in Australia. By using the Service, you consent to the collection and use of your information as described in this policy.

2. Information We Collect

Information you provide directly

  • When you link your Discord account: your Discord user ID, username, avatar, and email address (if provided to Discord)
  • When you link your Steam account: your Steam ID and public Steam profile data
  • When you pair the Rust+ companion app: your Rust+ player token and player ID
  • When you subscribe: billing details processed by Stripe (we do not see or store full card numbers)
  • Discount codes you enter at checkout
  • Rust game server details you add to your account (IP address, port, name)

Information collected automatically

  • FCM (Firebase Cloud Messaging) credentials generated on your device for push notification delivery
  • Session data (via secure HTTP-only cookies managed by NextAuth)
  • Server logs, including request timestamps and IP addresses, retained for up to 30 days

Information we do not collect

  • Full payment card numbers, CVVs, or bank account details (handled entirely by Stripe)
  • In-game chat content beyond what you explicitly relay through team chat integration
  • Sensitive information as defined by the Privacy Act (such as health, biometric, or government ID data)

3. How We Use Your Information

We use your personal information to:

  • Provide, operate, and maintain the Service
  • Authenticate your identity via Discord and Steam OAuth
  • Connect your Rust servers to Discord through the Rust+ protocol
  • Deliver in-game notifications and team chat messages to your Discord channels
  • Process and manage your subscription payments through Stripe
  • Apply discount codes and manage promotional offers
  • Communicate with you about service updates, billing, or support matters
  • Detect and prevent fraud, abuse, or security incidents
  • Comply with our legal obligations under Australian law

We will not use your personal information for direct marketing without your express or implied consent, and we comply with the Spam Act 2003 (Cth) in relation to any electronic commercial messages.

4. Disclosure of Your Information

We do not sell, rent, or trade your personal information. We may share information with the following third parties only to the extent necessary to provide the Service:

Stripe

Payment processing. Stripe handles all payment card data. Subject to Stripe’s Privacy Policy and PCI-DSS standards.

Discord (via API)

OAuth authentication and bot message delivery. Your messages are sent to Discord servers you control.

Valve Corporation (Steam)

Optional Steam account linking for server pairing. Only your public Steam ID is stored.

Facepunch Studios (Rust+)

Our bot communicates with Facepunch’s Rust+ infrastructure using your player token to relay game events.

Expo (push notification relay)

FCM credentials are used to receive Rust+ push notifications via Expo’s notification relay service.

We may also disclose your information where required by Australian law, a court order, or government authority, or where necessary to protect the rights, property, or safety of TM RustPlus, our users, or the public.

5. Overseas Disclosure

Some of our third-party service providers are based outside Australia (including in the United States). Where we disclose your personal information to overseas recipients, we take reasonable steps to ensure those recipients handle it in a way consistent with the APPs, or are bound by comparable privacy protections (such as Stripe’s PCI-DSS compliance and GDPR compliance programs).

By using the Service, you acknowledge that overseas disclosure may occur and consent to it as described above.

6. Data Retention

We retain your personal information for as long as necessary to provide the Service and comply with our legal obligations:

  • Account data (Discord ID, Steam ID, FCM credentials): retained while your account is active
  • Subscription and payment records: retained for 7 years to meet Australian financial record-keeping requirements
  • Server logs: retained for up to 30 days
  • Data after account deletion: de-identified or deleted within 30 days, except where retention is required by law

7. Security

We take reasonable steps to protect the personal information we hold from misuse, interference, loss, and unauthorised access, modification, or disclosure. Measures include:

  • HTTPS encryption for all data in transit
  • Passwords stored using bcrypt hashing and never in plain text
  • TOTP-based multi-factor authentication available for admin accounts
  • Database access restricted to the application server only
  • Player tokens and FCM credentials stored encrypted at rest

No method of transmission over the internet is 100% secure. If you suspect a security incident affecting your account, contact us immediately at [email protected].

8. Cookies and Session Data

We use secure, HTTP-only session cookies managed by NextAuth to keep you logged in. We do not use third-party advertising cookies or tracking pixels. No cookie consent banner is shown because we use only strictly necessary cookies.

9. Your Rights (APP 12 & 13)

Under the Australian Privacy Principles, you have the right to:

  • Access — request a copy of the personal information we hold about you
  • Correction — ask us to correct personal information that is inaccurate, out of date, incomplete, or misleading
  • Deletion — request deletion of your account and associated data (subject to our legal retention obligations)
  • Complaint — lodge a complaint with us, and if unresolved, with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au

To exercise any of these rights, contact us at [email protected]. We will respond within a reasonable time (generally within 30 days).

10. Children

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the effective date at the top of this page. We encourage you to review this policy periodically. Continued use of the Service after changes take effect constitutes your acceptance of the updated policy.

12. Contact & Complaints

For any privacy-related questions, access requests, or complaints, please contact us:

TM RustPlus

Australia

Email: [email protected]

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).