Privacy Policy
Effective: May 2026 | Last updated: May 2026
This Privacy Policy explains how Rust Snowball ("we", "us", "our") collects, uses, shares, retains, and protects personal data in connection with your access to and use of the Rust Snowball platform, including the websites, applications, APIs, Steam bots, and any other service operated under our brand (the "Platform"). It forms part of, and should be read together with, our Terms of Service.
1. Controller
The data controller for the personal data described in this Policy is Rust Snowball. You can contact us at [email protected]. Where applicable law requires us to appoint a data protection officer or an EU / UK representative, the current designations are available on request.
2. Categories of personal data we collect
We collect only what we need to operate the Platform, comply with the law, and prevent abuse:
- Identity data: Steam ID (steam64), display name, avatar URL, and any aliases you set on the Platform.
- Verification data, only when needed: information used to confirm age, account ownership, payment-method ownership, wallet ownership, source of funds, or eligibility to receive a withdrawal. We ask for government ID or proof of address only where law, payment partners, risk controls, account recovery, or a specific review requires it.
- Settlement data: cryptocurrency deposit and withdrawal addresses, transaction hashes, network identifiers, memo / tag fields, Steam trade-offer identifiers and inventory snapshots, internal Coin ledger entries.
- Technical data: IP address, approximate geolocation derived from IP, user-agent, locale, accept-language, session and cookie identifiers, anti-abuse challenge results, and error logs.
- Behavioural data: game activity, wager and outcome records, login times, session duration, chat messages, support correspondence, feature usage, and risk signals.
- Affiliate & referral data: referral code applied, referral graph linkage, click attribution, commission ledger.
- Communications data: emails, in-platform chat, support tickets, social media interactions you initiate with us.
We do not knowingly collect personal data from anyone under eighteen (18) years of age. If you believe we hold data of a minor, contact [email protected] and we will delete it as required by law.
3. How we collect personal data
- From you directly — when you sign in via Steam OpenID, deposit, withdraw, place wagers, chat, file a support request, redeem a referral code, or submit verification material we request.
- Automatically — through cookies, server logs, and security telemetry while you use the Platform. See our Cookie Policy.
- From third parties — Steam (your profile), our cryptocurrency payment processor (settlement data), blockchain-risk or sanctions-screening providers where engaged, anti-fraud providers, and law-enforcement or court orders directed at us.
4. Purposes of processing and lawful bases
We process the categories above for the purposes below. Where we operate under the EU / UK GDPR, the lawful basis is shown in brackets.
- Operating the Platform, authenticating you, settling deposits and withdrawals, recording wagers, and crediting outcomes — performance of a contract.
- Reviewing withdrawals, confirming account or payment ownership where needed, checking source-of-funds or wallet risk where required, and screening for sanctions concerns — compliance with legal obligation and legitimate interest.
- Preventing and detecting fraud, multi-accounting, collusion, bonus abuse, chip-dumping, bot activity, account takeover, and other abuse; protecting the Platform against attacks — legitimate interest in protecting the Platform, our users, and the integrity of our games.
- Responsible gambling controls, self-exclusion enforcement, soft-loss notifications — compliance with legal obligation and legitimate interest.
- Internal analytics, capacity planning, debugging, and quality assurance — legitimate interest; analytics is aggregated and de-identified wherever feasible.
- Sending operational notifications (deposit confirmations, withdrawal updates, security alerts, terms updates) — performance of a contract and legitimate interest.
- Sending optional marketing or product announcements — consent, which you may withdraw at any time.
- Responding to lawful requests from regulators, courts, and law enforcement; defending and exercising legal claims — compliance with legal obligation and legitimate interest.
5. Automated decision-making and profiling
We use automated systems to score deposit and withdrawal risk, score chat and gameplay for abuse signals, throttle requests from suspect IPs, and reject withdrawals to high-risk destinations. These systems do not produce a fully automated decision that has legal effect on you without human review: a staff reviewer reviews cryptocurrency withdrawals before they are dispatched. If you believe an automated decision has affected you adversely, contact [email protected] and we will arrange a manual review where the law requires.
6. Sharing personal data
We do not sell your personal data, and we do not disclose your personal data for cross-context behavioral advertising. We share personal data only with:
- Service providers / processors acting on our instructions and under written data-processing agreements — cloud hosting, database hosting, Redis hosting, payment processing (NOWPayments), Steam Web API, blockchain-risk providers where engaged, verification providers where needed, anti-fraud providers, support-ticketing, email and transactional notification providers, error and performance monitoring.
- Law enforcement, regulators, and courts — where required by valid legal process or where we reasonably believe disclosure is necessary to comply with the law, prevent harm, or protect our rights. We do not tip off the subject of a suspicious-activity report and we are under no obligation to seek your prior consent before responding to lawful process.
- Professional advisers and auditors — lawyers, accountants, and auditors bound by duties of confidentiality.
- Successors — in connection with a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar transaction.
- Other users on the Platform — your display name, avatar, public chat messages, public leaderboards, public bet feeds, opt-in tipping, public coinflip lobbies, and public case-battle lobbies are visible to other users by design. Use anonymization features if you do not want this.
7. International data transfers
We operate and process data on infrastructure located across multiple jurisdictions. Where personal data is transferred from the European Economic Area, the United Kingdom, or any other jurisdiction that restricts cross-border transfers, we rely on one or more of the following: the European Commission's Standard Contractual Clauses (with the UK addendum where applicable), an adequacy decision, your explicit consent, or any other lawful transfer mechanism. Where you would like a copy of the safeguards we apply to a specific transfer, email [email protected].
8. Retention
We retain personal data only for as long as is necessary for the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, regulatory, or reporting requirement. Indicative retention periods:
- Account and ledger data (deposits, wagers, withdrawals): for the life of the Account, then for as long as needed for tax, audit, dispute, fraud-prevention, legal, and regulatory purposes.
- Verification records: only where collected, retained for as long as needed for the review, legal retention, audit, dispute, fraud-prevention, or regulatory purposes.
- Logs and security telemetry: typically 90–365 days, longer where preserved for incident investigation.
- Chat messages: visible-history window as displayed on the Platform; system-level retention up to 12 months for moderation.
- Marketing data: until you withdraw consent or 24 months of inactivity, whichever is earlier.
9. Security
We apply technical and organizational measures designed to protect personal data against unauthorized access, disclosure, alteration, and destruction. These include TLS in transit, encryption at rest for sensitive stores, Steam OpenID for player sign-in, principle-of-least-privilege access controls, two-factor or hardware-key authentication for staff, audit logging of staff actions, segregation of duties for value-affecting actions, rate limiting, and anti-fraud monitoring. Security reports can be sent to [email protected]. No system is perfectly secure; you acknowledge the residual risk inherent in any internet service.
10. Your rights
Depending on where you live, you may have some or all of the following rights in respect of your personal data:
- Access — to obtain a copy of personal data we hold about you.
- Rectification — to correct inaccurate or incomplete data.
- Erasure — to have your data deleted, subject to our retention obligations.
- Restriction — to restrict certain processing.
- Objection — to object to processing based on legitimate interest or for direct marketing.
- Portability — to receive certain data in a structured, machine-readable format.
- Withdraw consent — at any time, where processing is based on consent. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
- Non-discrimination (US residents) — we will not deny goods or services, charge different prices, or provide a different level of quality because you exercised a privacy right.
- Opt out of "sale" or "sharing" (US residents) — we do not sell or share personal data within the meaning of US state privacy laws; there is nothing to opt out of, but if that changes we will provide a mechanism.
- Lodge a complaint — with your local data-protection authority. Exercising rights with us does not preclude that route.
To exercise any of these rights, email [email protected] from the email address associated with your Account or include sufficient information for us to verify your identity. We will respond within the period required by applicable law (typically 30 to 45 days; we may extend by up to a further 60 days for complex requests with notice to you). We may refuse or charge a reasonable fee for manifestly unfounded or excessive requests, and we will explain why if we do.
11. Cookies and similar technologies
We use cookies and similar technologies to authenticate you, to secure the Platform against abuse, and to remember your preferences. Details, including a per-cookie inventory and your choices, are in our Cookie Policy.
12. Steam, blockchain and third-party data
Signing in with Steam means a portion of your Steam profile (Steam ID, display name, avatar) is transmitted to us by Steam. Cryptocurrency deposits and withdrawals are public on the relevant blockchain by design; once a transaction is on-chain it is permanently visible and outside our control. Skin deposits and withdrawals occur as Steam trade offers that are visible in your Steam trade history. Once data leaves our systems via these channels, we cannot guarantee its handling, recall, or deletion by the recipient platform.
13. Children
The Platform is not directed at, and we do not knowingly collect personal data from, any person under 18 years of age. If we learn that we have collected personal data from a minor we will delete that data and close any associated Account.
14. Data breaches
We maintain an incident-response process for personal-data breaches. Where a breach is likely to result in a high risk to your rights and freedoms, and where applicable law requires it, we will notify the relevant regulator and affected users without undue delay. We may withhold or delay specific details where doing so is necessary to contain the incident, preserve evidence, or comply with law-enforcement instructions.
15. Changes to this Policy
We may update this Policy from time to time. Updates take effect when posted on the Platform. Where a change is material we will provide additional notice. Your continued use of the Platform after the change takes effect constitutes acceptance of the updated Policy.
16. Contact
Privacy inquiries and data-subject requests: [email protected]. General support: [email protected]. See also our Help & Support page.