RUSTPOCKET
Fields shown in [brackets] are the operator's own registration details, still to be completed by the site owner. These notices are written under Swiss law (FADP, Code of Obligations, UWG) with EU overlays (GDPR, Consumer Rights Directive, Accessibility Act) for customers in the EU. General information, not individual legal advice.

Privacy Policy

This policy explains how personal data is handled on rust-pocket.com. It is written under the Swiss Federal Act on Data Protection (FADP / revDSG, SR 235.1, in force since 1 September 2023). Because RustPocket is offered to customers in the EU, the EU General Data Protection Regulation (GDPR, Regulation 2016/679) also applies to EU residents under its Art. 3(2), and this policy is written to meet both.

Controller

Thimo Mägert, address as in the Imprint
Contact: loeschen-anbrechen0b@icloud.com

What we process, and why

The website processes what a purchase needs, plus - only if you agree - anonymised analytics.

  • Checkout (Stripe). When you subscribe you are taken to Stripe Checkout. Stripe processes your email and the data needed to take payment (payment method, name, billing details). Card data never reaches our own systems. Legal basis: performance of the contract (GDPR Art. 6(1)(b), and the lawful-processing principles of the FADP).
  • Installer delivery (GitHub). After payment you are given access to the Windows installer, served from a private GitHub release. The request needed to hand you the file is processed for that purpose only.
  • Licence key. Your licence key identifies your subscription. There is no account and no password; the key is the only identifier. It is used to deliver the software, verify entitlement, and provide support.
  • Server logs. The site is hosted on Vercel. Standard technical log data (such as IP address, timestamp, requested resource) is processed to run the site securely. Legal basis: legitimate interest in secure, stable operation (GDPR Art. 6(1)(f)).
  • Analytics (Google Analytics 4), consent only. If, and only if, you accept in the cookie banner, we load Google Analytics 4 to measure which pages help. It is configured with IP anonymisation, and Google Consent Mode is set to deny advertising signals - we run no ads. Nothing loads and no cookie is set until you accept; declining or ignoring the banner means no analytics at all. Legal basis: your consent (GDPR Art. 6(1)(a); Swiss FADP consent). You can withdraw it any time via "Cookie settings" in the footer.

Cookies and tracking

A security nonce enforces the Content Security Policy on every page; it does not identify you and needs no consent. A small first-party cookie (rp_consent) remembers your choice in the cookie banner for a year. Google Analytics cookies are set only after you accept analytics, and never before. There is no advertising or cross-site tracking.

Processors and international transfers

We use Stripe for payment, GitHub for file delivery, and - with your consent - Google (Google Analytics 4) for analytics. These may process data outside Switzerland and the EU, including in the United States. Such transfers rely on the safeguards those providers maintain, such as the EU Standard Contractual Clauses and, where the provider self-certifies, the EU-U.S. and Swiss-U.S. Data Privacy Frameworks. [Owner to confirm the current transfer mechanism named in Stripe's and Google's data processing agreements.]

Retention

Payment and subscription records are kept while the subscription is active and thereafter for the periods required by Swiss bookkeeping law. [Owner to supply exact retention periods for payment records, licence keys, and support correspondence.]

Your rights

You can exercise the following by emailing <mail/>.

  • Access to your data (GDPR Art. 15; FADP right of access)
  • Rectification of inaccurate data (GDPR Art. 16)
  • Erasure (GDPR Art. 17)
  • Restriction of processing (GDPR Art. 18)
  • Data portability (GDPR Art. 20; FADP data portability)
  • Objection to processing (GDPR Art. 21)

There is no automated decision-making or profiling beyond a licence-key check. If you believe your data is handled unlawfully, you may complain to a supervisory authority: in Switzerland, the Federal Data Protection and Information Commissioner (FDPIC / EDÖB); in the EU, your national data-protection authority.

EU representative

[Owner to confirm: whether an EU representative under GDPR Art. 27 is appointed, or whether the Art. 27(2) exemption for occasional, low-risk processing is relied on. Because the subscription is recurring, this should be confirmed with Swiss / EU counsel.]

Age

RustPocket is intended for adults. Rust is an 18-rated game.

Changes

We may update this policy; the current version is always the one published here.
Last updated: 15 July 2026.