Privacy Policy

rustunnel ("we," "us," or "our") operates the rustunnel.com website and the associated tunneling services (collectively, the "Service"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not use the Service.

Information We Collect

We collect information in the following ways:

Information You Provide

• Account information — email address when you register for an account.
• Billing information — payment details processed through Stripe. We do not store your full credit card number; Stripe tokenizes payment data on their end.
• Tunnel configuration — subdomains, labels, and settings you configure for your tunnels.
• Support communications — information you provide when contacting our support team.

Information Collected Automatically

• Usage data — pages visited, features used, time spent on pages, and interaction patterns within the dashboard.
• Device information — browser type and version, operating system, device type, and screen resolution.
• IP address — logged automatically when you access our Service, used for security, rate limiting, and diagnosing issues.
• Tunnel traffic metadata — to provide the tunneling service, we route traffic through our servers. We do not inspect or store the content of traffic passing through your tunnels.

Cookies and Analytics

We use PostHog for product analytics to understand how users interact with our Service. PostHog collects anonymous usage data such as page views, click events, and device information. We use essential cookies to maintain your session and authentication state. You can control cookie preferences through your browser settings.

How We Use Your Information

We use the information we collect for the following purposes:

• To provide, maintain, and improve the Service.
• To process payments and manage your account.
• To respond to your inquiries and provide customer support.
• To monitor usage patterns and diagnose technical issues.
• To detect, prevent, and address fraud, abuse, and security threats.
• To communicate with you about service updates, security notices, and account-related matters.

We do not use your personal data to train machine learning models or AI systems.

Data Sharing and Disclosure

We do not sell, trade, or rent your personal data to third parties. We may share your information only in the following circumstances:

• Service providers — we use third-party services to operate the Service: Stripe (payment processing), Vercel (web hosting), and Hetzner (infrastructure). These providers access only the data necessary to perform their functions.
• Legal requirements — we may disclose your information if required to do so by law, in response to a valid legal request (such as a court order or subpoena), or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business transfers — in the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred as part of such transaction.

Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with the Service. If you delete your account, we will remove your personal data within a reasonable period, except where retention is required by law or for legitimate business purposes such as resolving disputes or enforcing our agreements.

Data Security

We implement reasonable technical and organizational measures to protect your personal data. All traffic between your client and our servers is encrypted using TLS (HTTPS) and WebSocket Secure (WSS). We regularly review and update our security practices. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

Your Rights Under GDPR

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have certain data protection rights under the General Data Protection Regulation (GDPR):

• Right of access — you can request a copy of the personal data we hold about you.
• Right to rectification — you can request that we correct inaccurate or incomplete personal data.
• Right to erasure — you can request that we delete your personal data, subject to certain legal exceptions.
• Right to data portability — you can request to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to object — you can object to our processing of your personal data based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent — where processing is based on your consent, you can withdraw consent at any time without affecting the lawfulness of prior processing.
• Right to lodge a complaint — you have the right to lodge a complaint with a supervisory authority in your jurisdiction.

To exercise any of these rights, please contact us at hello@rustunnel.com. We will respond to your request within 30 days.

Children’s Privacy

The Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information as promptly as possible.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Effective" date at the top of this page. If we make material changes, we may notify you by email or through the Service. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: hello@rustunnel.com