DemoPro logo
DemoPro
Evidence bundles + portal workflow for Rust moderation teams
Open portal
← Back to DemoPro

Privacy Policy

Last updated: 2026-01-17

Plain-English summary

DemoPro exists to help Rust moderation teams store and review evidence bundles (uploads, metadata, and portal workflows). This policy explains what we collect, why we collect it, and what choices you have.

  • We do not sell personal data.
  • Organisation admins control their team access. Content is scoped to an Organisation and shown only to authorised members.
  • We store moderation evidence you upload (such as demo files and report metadata) so your team can review incidents.
  • We log usage for security (IP address, timestamps, actions) to prevent abuse and keep the Service reliable.
  • Retention is plan-based. Content may be deleted automatically when it expires or storage caps are reached.
  • Affiliate referrals are tracked to apply customer rewards and calculate commissions.

On this page

1. Who we are 2. Roles (Controller/Processor) 3. Data we collect 4. How we use data 5. Lawful bases (UK GDPR) 6. Sharing & disclosures 7. International transfers 8. Security 9. Retention 10. Your rights 11. Cookies 12. Children 13. Changes 14. Contact

1. Who we are

This Privacy Policy explains how DemoPro (“we”, “us”) collects and uses information when you use our website, portal, APIs, plugins/integrations, and evidence storage & review workflow (the “Service”).

If you do not agree with this policy, do not use the Service.

2. Roles: Controller vs Processor (important)

The Service is used by server owners/communities (“Organisations”) to manage moderation evidence. That means there are often two “roles” under data protection law:

  • Organisation (Controller): The server owner/operator is typically responsible for deciding what player/report data is collected and uploaded, how long it’s kept, who can access it, and what moderation actions are taken.
  • DemoPro (Processor): We typically process uploaded Content on behalf of the Organisation to provide the Service (hosting, indexing, access control, security, and evidence workflow).

If you are a player whose gameplay/report data appears in an Organisation’s evidence bundle: your first point of contact should be the server operator/admin team. They control what was uploaded and why. We may assist them with deletion or export where technically possible and where appropriate.

3. Information we collect

3.1 Account & identity data

  • Steam/OpenID identifiers (e.g., SteamID) used for authentication.
  • Profile basics such as display name/avatar (where returned by Steam).
  • Organisation membership & role (owner/admin/moderator permissions).

3.2 Evidence & Service content (uploaded data)

Organisations may upload and store moderation evidence and related records. This can include:

  • Demo files / archives and associated bundles.
  • Incident/report metadata (report reason, timestamps, involved SteamIDs, player names, server name, etc.).
  • Operational sidecars such as event markers, combat logs, or structured metadata generated by integrations.
  • Moderator notes added in the portal (where enabled).

3.3 Technical & usage data

  • Log data such as IP address, timestamps, user agent, request IDs, and action history (login, upload, download, viewing).
  • Security signals such as rate limits, failed logins, suspicious access patterns, and integrity checks.
  • Integration data such as API key identifiers (never the full key in plain text), server identifiers, and configuration state needed to operate uploads.

3.4 Support communications

  • Messages you send to us (e.g., Discord support chats, emails), plus diagnostic information you choose to provide.

3.5 Billing data (if you are on a paid plan)

  • Subscription status, plan tier, renewal dates, and payment confirmations.
  • Payment details (e.g., card numbers) are handled by the payment processor and are not stored by us directly.

3.6 Affiliate & referral data (if you use an affiliate code)

  • Referral attribution such as affiliate code, referral source, and timestamps.
  • Affiliate profile data (name, email, SteamID) and commission settings for approved partners.
  • Payout status and payout ledger entries where commissions are earned.
  • Stripe Connect metadata required to onboard and pay affiliates (processed by Stripe).

Note: Some Content may include personal data about players (e.g., identifiers, usernames, report text). Organisations are responsible for ensuring they have a lawful basis and appropriate notices for collecting and uploading that data.

4. How we use information

We use the information above to:

  • Provide and operate the Service (authentication, access control, storage, viewing, indexing, and workflow features).
  • Process uploads and evidence bundles (ingest, validate, package, generate metadata, and make content available to authorised Organisation members).
  • Secure the platform (fraud prevention, abuse detection, audit logging, rate limiting, and incident investigation).
  • Support customers (respond to support requests, troubleshoot issues, and communicate important service notices).
  • Manage billing and entitlements (plan enforcement, subscription state, and access changes).
  • Operate the affiliate program (track referrals, apply rewards/discounts, and calculate commissions).
  • Improve the Service (performance analysis, reliability improvements, feature development, aggregated reporting).
  • Comply with law and enforce our terms/policies.

5. Lawful bases (UK GDPR / GDPR)

Where UK GDPR/GDPR applies, we rely on one or more lawful bases depending on context. Common examples:

Contract (performance of a contract)
Running the Service, providing portal access, processing uploads, and delivering plan features.
Legitimate interests
Securing the Service, preventing abuse, maintaining reliability, and improving performance/features (balanced against user rights).
Legal obligation
Where we must comply with applicable laws, lawful requests, or maintain certain records.
Consent (where required)
Certain cookie/analytics uses or marketing communications (where applicable and required by law).

Organisations uploading moderation evidence typically determine their own lawful basis for collecting and uploading player/report data.

6. How we share information

We share information only as needed to run the Service:

6.1 Within your Organisation

  • Content is visible to authorised members of the Organisation, based on role and permissions.
  • Organisation Owners/admins control member access and are responsible for who they invite and what permissions they grant.

6.2 Service providers (“sub-processors”)

We use third-party providers to host and run parts of the Service (for example: cloud hosting, object storage, logging/monitoring, and payment processing). These providers process data only under our instructions and contractual safeguards.

  • Hosting & storage (to store evidence bundles and run the platform).
  • Payment processing (to manage subscriptions and payments).
  • Monitoring/logging (to detect outages, abuse, and diagnose issues).

We can provide a list of current sub-processors on request where appropriate.

6.3 Legal, safety, and enforcement

  • We may disclose information if required by law or lawful request.
  • We may disclose or preserve information to protect rights, investigate abuse, enforce terms, or prevent harm.

6.4 Business transfers

If we undergo a merger, acquisition, restructuring, or asset sale, information may be transferred as part of that transaction, subject to appropriate protections.

6.5 Affiliate disclosures

  • Affiliates can view aggregate referral and commission data for their own accounts inside the affiliate portal.
  • Affiliate payout processing requires sharing limited data with payment providers (such as Stripe Connect) to complete onboarding and transfers.

7. International transfers

Depending on where you and our providers operate, information may be processed in countries outside the UK. Where required, we use appropriate safeguards such as standard contractual clauses and/or the UK addendum, and we take steps to ensure a similar level of protection.

If you need specific details about transfer safeguards for a particular provider, contact us.

8. Security

We implement reasonable technical and organisational measures designed to protect information against accidental loss and unauthorised access, use, alteration, or disclosure. Measures may include access controls, audit logging, encryption in transit, and abuse prevention/rate limiting.

No method of transmission or storage is 100% secure. You are responsible for securing your Organisation accounts, API keys, server configuration, and moderator access.

9. Data retention

  • Plan-based retention: evidence bundles and related Content may be retained for the period defined by your plan (retention window) and/or until storage caps are reached.
  • Deletion: when Content expires or is deleted, it may be removed from active systems. Limited residual copies may persist briefly in caches or backups as part of normal operations.
  • Logs: security and operational logs may be retained for a reasonable period to detect abuse, troubleshoot issues, and meet legal obligations.

Don’t use us as your only archive. If you need long-term retention beyond your plan limits, export and store your own copies.

10. Your rights

Depending on your location, you may have rights such as access, rectification, deletion, restriction, portability, and objection. If UK GDPR/GDPR applies, you also have the right to lodge a complaint with your supervisory authority (in the UK, the ICO).

If you are an Organisation user (admin/moderator)

  • You can usually view and manage your Organisation data within the portal (where features exist).
  • You can request export or deletion of certain data, subject to plan features, security requirements, and legal obligations.

If you are a player included in an evidence bundle

  • Your request should generally be directed to the server operator (the Organisation) because they decide what data was collected and why.
  • If appropriate, we may assist the Organisation with fulfilment (e.g., deletion) where technically possible and consistent with legal obligations.

We may need to verify your identity and authority before fulfilling requests, and we may refuse requests where permitted by law (for example, where retention is necessary for security, legal compliance, or dispute resolution).

11. Cookies & similar technologies

We may use cookies and similar technologies for essential site operation, security, and (where enabled) analytics. You can control cookies through your browser settings.

For more detail, read our Cookie Policy.

12. Children

The Service is intended for Organisations and authorised operators/moderators. It is not directed at children, and we do not knowingly collect personal data from children as a consumer product.

13. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we’ll take reasonable steps to provide notice (for example, via the website or portal). Continued use of the Service after an update means you accept the updated policy.

14. Contact

If you have questions or want to make a privacy request, contact us:

If you are contacting us about Content uploaded by a specific Rust server/community, include the Organisation/server name and any relevant identifiers so we can route your request correctly.