Privacy Policy

Last Updated: December 27, 2025

Applies to: os.tirust.fun (Admin Dashboard)

Overview

Treasure Island Rust (TIRust) prioritizes the privacy and security of our gaming community and staff members. This Privacy Policy outlines how the TIRust Admin Dashboard collects, uses, stores, and protects data related to gameplay, player interactions, and staff activities.

Information We Collect

1. Authentication Data

Discord Information: Discord ID, username, avatar, roles, guild membership
Session Data: JWT tokens (HTTP-only cookies), login timestamps, IP addresses
Permission Levels: Staff role assignments (Owner, Admin, Moderator, Linked)

2. Player Data (Displayed in Dashboard)

Player Identifiers: Steam ID, Steam username, Discord username (if linked)
Gameplay Statistics: Kills, deaths, K/D ratio, playtime, server activity
Session History: Join/leave timestamps, session duration, server connections
Moderation Records: Bans, kicks, mutes, warnings, watchlist entries

3. Staff Activity Logs

Access Logs: Login attempts, session duration, logout events
RCON Commands: All commands executed, timestamps, server targets
Moderation Actions: Bans created, kicks issued, watchlist modifications
Player Searches: Search queries, profile views, data access

How We Use Your Data

Player Data

• Display gameplay statistics
• Public leaderboards
• Server management
• Moderation enforcement
• Community insights

Staff Activity Logs

• Security monitoring
• Accountability tracking
• Audit compliance
• Dispute resolution
• Performance review

Data Sources

🎮 Game Servers

Gameplay data is collected automatically by our Rust game servers via custom plugins (StashTraps). This includes kills, deaths, playtime, and session information.

🔗 Discord Integration

When you link your Discord account to Steam, we store the connection to provide role-based access and display Discord usernames alongside Steam profiles.

📊 BattleMetrics API

Server status and player information from BattleMetrics is displayed for server management purposes. We do not store BattleMetrics data locally beyond caching for performance.

🔍 Rust Admin API

Player lookup and validation data from Rust Admin API is cached to reduce API quota usage. This data is used for player identification and moderation support.

Data Storage and Security

Security Measures:

✓ All data stored in encrypted SQLite database with WAL mode
✓ JWT tokens use HS256 algorithm with 7-day expiration
✓ HTTP-only cookies prevent XSS attacks
✓ SSL/TLS encryption for all dashboard connections
✓ Permission-based access control (5 levels)
✓ Prepared SQL statements prevent injection attacks
✓ Regular security audits and monitoring

Data Location: All data is stored on our secure, dedicated VPS server with restricted access. Only authorized staff members can access player data through the dashboard.

Data Retention

Data Type	Retention Period
Gameplay Statistics	Indefinitely (for leaderboards)
Session History	Indefinitely (for analytics)
Moderation Records	Indefinitely (for accountability)
Staff Activity Logs	Indefinitely (for audit compliance)
JWT Session Tokens	7 days (then auto-expire)
Server Status Cache	30 seconds (then refresh)
API Response Cache	5-10 minutes (then refresh)

Third-Party Services

The Dashboard integrates with the following third-party services:

🎮

Discord

OAuth2 authentication and role verification.Privacy Policy

🎮

Steam

Player identification and profile information.Privacy Policy

📊

BattleMetrics

Server management and player statistics.Privacy Policy

🔍

Rust Admin API

Player lookup and validation services.

We are not responsible for the privacy practices of third-party services. Please review their privacy policies directly.

Your Privacy Rights

Access Your Data

You can view your gameplay statistics, Discord-Steam link status, and session history through the dashboard or by requesting a data export from staff.

Request Data Deletion

You may request deletion of your Discord-Steam link and personally identifiable information. Note: Gameplay statistics are anonymized but retained for leaderboard integrity.

Unlink Accounts

You can unlink your Discord and Steam accounts at any time using the /unlink command in Discord. This removes the association but retains anonymized gameplay data.

Opt-Out of Data Collection

Gameplay data collection is automatic on our servers. If you wish to opt-out, you must stop playing on TIRust servers. The dashboard cannot function without this data.

Cookies and Tracking

Cookies Used:

Cookie Name	Purpose	Duration
auth_token	JWT session authentication	7 days

Third-Party Cookies: We do not use Google Analytics or other third-party tracking cookies on the admin dashboard. The main TIRust website uses Google Analytics (seemain privacy policy).

Changes to This Privacy Policy

We reserve the right to update this Privacy Policy as our data handling practices evolve or as required by law. Changes will be posted on this page with an updated “Last Updated” date. Continued use of the Dashboard after changes constitutes acceptance of the updated policy.

Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your data:

Email: treasureislandrust@gmail.com
Discord: Join our community server and contact ownership
Website: www.tirust.fun

Last Updated: December 27, 2025

For the player-facing Privacy Policy, visit tirust.fun/privacy.php

← Back to Dashboard