Privacy Policy
This Privacy Policy explains how [Registered company name], trading as Rust Shield ("we", "us", or "our"), collects, uses, shares, and protects personal data when you use the Rust Shield antivirus application, visit our website at rustshieldsecurity.com, purchase a subscription, or contact us for support. It also describes the rights you have over your personal data and how to exercise them.
Rust Shield is a fast, lightweight antivirus for Windows and macOS built around a Rust core. Protecting your device should not mean surrendering your privacy, so we designed the product to collect as little personal data as is necessary to deliver, license, and secure the service.
1. Who we are and how to contact us
The data controller responsible for your personal data is [Registered company name], [Registered business address]. If you have any questions about this policy, or if you wish to make a request about your personal data, you can reach us at:
- Email: [email protected]
- Phone: [Support phone number]
- Postal address: [Registered business address]
- Support hours: Mon–Fri, 9am–6pm
We do not currently operate a dedicated Data Protection Officer, but privacy requests sent to the address above are handled by our privacy team. If we are required by law in your jurisdiction to appoint a representative or DPO, their details will be published here: [DPO or EU/UK representative name and contact, if applicable].
2. The data we collect
We collect different categories of data depending on how you use Rust Shield. The table below summarises what we collect and where it comes from.
| Category | Examples | Source |
|---|---|---|
| Account & license data | Email address, subscription tier (Free, Plus, or Pro), license key, subscription status, billing period, and payment reference (we do not store full card numbers) | You, and our payment processor |
| Device & scan metadata | Operating system and version, app version, device identifier or MAC address used to bind a license, number and outcome of scans, quarantine counts, and definition-update status | The app on your device |
| Network data | IP address, approximate region derived from it, and connection timestamps | Automatically, when the app or site connects to our servers |
| Support & chat data | Messages you send through the in-app or website chat, your email, and any information you choose to include | You |
| Website usage data | Pages visited, referring page, browser type, and interactions with download or pricing pages | Automatically, via your browser |
| Cookies & local storage | Session identifiers, preferences, and security tokens stored in cookies or browser localStorage | Your browser |
2.1 Scanning and your files
Rust Shield scans files locally on your device. When the app checks a file against our malware definitions, it works with a cryptographic hash (a SHA-256 fingerprint) of the file rather than the file itself. We do not upload, read, or retain the contents of the files you scan. Scan results reported to us are limited to metadata such as counts, detection categories, and timestamps needed to run features like usage limits, quarantine history, and license enforcement.
2.2 Data we do not collect
We do not collect the contents of your documents, browsing history beyond our own site, keystrokes, or the personal files stored on your device. We do not build advertising profiles, and we do not track you across other websites.
3. Why we use your data and our legal bases
We only process personal data where we have a lawful basis to do so. The table below maps each purpose to its legal basis. Where more than one basis could apply, we rely on the most appropriate one for the activity.
| Purpose | Data used | Legal basis |
|---|---|---|
| Provide the antivirus service, deliver definition updates, and run features | Device & scan metadata, network data | Performance of a contract; legitimate interests |
| Create and manage your account and license | Account & license data | Performance of a contract |
| Process subscription payments and renewals | Account & license data, payment reference | Performance of a contract; legal obligation |
| Provide customer support and answer chat messages | Support & chat data, account data | Performance of a contract; legitimate interests |
| Secure the service, prevent abuse and fraud, and enforce fair-use limits | Network data, device metadata, license data | Legitimate interests; legal obligation |
| Improve the product and understand how the site is used | Website usage data, aggregated metadata | Legitimate interests; consent where required for non-essential cookies |
| Comply with legal, tax, and accounting obligations | Account & billing data | Legal obligation |
Where we rely on legitimate interests, we have considered your rights and freedoms and concluded that our processing does not override them. You may object to this processing at any time (see Section 8). Where we rely on your consent, such as for non-essential cookies or optional communications, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
4. Who we share your data with
We do not sell your personal data, and we never will. We share data only with the limited set of trusted parties needed to run the service, and only to the extent necessary.
4.1 Service providers
- Cloudflare acts as our content delivery network and security layer. It routes traffic to our website and servers, mitigates denial-of-service attacks, and filters malicious requests. In doing so, Cloudflare processes network data such as your IP address and request metadata on our behalf.
- Our payment processor handles subscription billing for Plus and Pro plans. When you pay, your card details are collected and processed directly by the processor under its own privacy terms; we receive only a token, a payment reference, and the status of the transaction. The specific processor we use is identified at checkout: [name of payment processor, e.g. Stripe or Paddle].
- Infrastructure and hosting providers that store our databases and run our license, definition, and chat servers, under contractual confidentiality and data-protection commitments.
4.2 Legal disclosures
We may disclose personal data to law enforcement, regulators, courts, or other authorities where we are legally required to do so, or where disclosure is necessary to protect our rights, your safety, or the safety of others, to investigate fraud, or to enforce our terms. We will only disclose what is strictly required and, where lawful and practical, will notify you.
4.3 Business transfers
If we are involved in a merger, acquisition, financing, or sale of assets, personal data may be transferred as part of that transaction. We will require the receiving party to honour the commitments in this policy and will notify you of any change in the controller of your data.
5. Cookies and local storage
Our website and app use cookies and browser localStorage for essential functions such as keeping you signed in, remembering preferences, securing forms, and enforcing rate limits. These strictly necessary items do not require consent. Where we use any non-essential or analytics cookies, we will request your consent first and provide controls to manage your choices.
You can control or delete cookies through your browser settings. Blocking essential cookies may prevent parts of the site or app from working correctly. Full details of the individual cookies we set are listed here: [cookie table or link to a dedicated cookie notice].
6. How long we keep your data
We keep personal data only for as long as necessary for the purposes described in this policy, after which we delete or anonymise it. Our typical retention periods are:
- Account & license data: for the life of your account and for a reasonable period afterward to handle reactivation, disputes, and legal claims, then deleted.
- Billing and tax records: for the period required by applicable tax and accounting law, which is commonly up to seven years.
- Device & scan metadata: retained on a rolling basis to run features and usage limits, and aggregated or deleted when no longer needed to operate the service.
- Network and security logs: retained for a short period for security and abuse prevention, typically measured in weeks to a few months.
- Support & chat messages: retained while your query is open and for a limited period afterward to provide continuity of support.
When retention periods differ under local law, we apply the longer period only where legally required.
7. How we protect your data
We take the security of your data seriously and apply technical and organisational measures appropriate to the risk, including:
- Encryption in transit: connections between the app, our website, and our servers are protected with TLS. Malware-definition bundles are delivered encrypted and verified before use.
- Hashing: files are matched by cryptographic hash rather than by uploading their contents, and secrets such as credentials are stored using strong hashing where applicable.
- Access controls: access to personal data is limited to authorised personnel who need it to do their job, protected by authentication and, where appropriate, network restrictions.
- Abuse protection: rate limiting and traffic filtering (including through Cloudflare) guard against automated attacks.
- Data minimisation: we collect and retain as little personal data as possible to deliver the service.
No method of transmission or storage is completely secure, but we work continually to protect your data and to review our safeguards. If a personal-data breach occurs that is likely to affect your rights, we will notify the relevant authority and, where required, you, in line with applicable law.
8. Your rights
Depending on where you live, you have some or all of the following rights over your personal data:
- Access: obtain confirmation of whether we process your data and receive a copy of it.
- Rectification: ask us to correct inaccurate or incomplete data.
- Erasure: ask us to delete your data where there is no ongoing lawful reason to keep it.
- Portability: receive certain data in a structured, commonly used, machine-readable format, and ask us to transfer it where technically feasible.
- Restriction: ask us to limit how we use your data in certain circumstances.
- Objection: object to processing based on our legitimate interests, and to any direct marketing.
- Withdraw consent: withdraw consent at any time where we rely on it.
- Complain: lodge a complaint with your local data-protection authority.
To exercise any of these rights, email [email protected]. We may need to verify your identity before acting. We will respond within the time required by applicable law, normally within one month, and we will not charge a fee unless a request is manifestly unfounded or excessive. If you are not satisfied with our response, you may complain to your supervisory authority: [name of the relevant data-protection authority for your jurisdiction].
9. International data transfers
We and our service providers may process your data in countries other than the one you live in, including where our hosting, CDN (Cloudflare), and payment providers operate. Where we transfer personal data across borders, we put appropriate safeguards in place, such as Standard Contractual Clauses or transfers to jurisdictions recognised as providing an adequate level of protection, so that your data continues to be protected to the standard described in this policy. You can request more information about the safeguards we use by contacting us.
10. Children's privacy
Rust Shield is not directed at children. We do not knowingly collect personal data from children under 13, or under 16 where a higher age applies under local law. If you believe a child has provided us with personal data, please contact us at [email protected] and we will take steps to delete it. A parent or guardian should manage any use of the software on a device used by a child.
11. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you through the app, by email, or on our website. We encourage you to review this policy periodically. Continued use of Rust Shield after an update means you accept the revised policy.
12. Contact us about privacy
If you have questions, concerns, or requests relating to this policy or your personal data, please contact us:
- Email: [email protected]
- Phone: [Support phone number]
- Address: [Registered business address]
- Support hours: Mon–Fri, 9am–6pm
This policy is governed by the laws of [Governing jurisdiction], without prejudice to any mandatory data-protection rights you have under the law of your country of residence.