Privacy Policy
This page explains what personal data Convergence Gaming Network processes when you visit rust.convergencegaming.net or sign in with Steam or Discord, why we process it, how long we keep it, and the rights you have under the EU General Data Protection Regulation (GDPR).
1. Controller
The controller responsible for processing your personal data on this site is Christopher Tejada, operator of Convergence Gaming Network (Germany). For data-protection inquiries, account-deletion requests, or any other GDPR matter, contact:
Email: srtzero@posteo.de
2. What data we process
We collect only what is needed to operate the website and the in-game account that links a player to it.
2.1 When you visit the site (no login)
- Your IP address, the time of the request, the page requested, the HTTP referrer, and your browser's user-agent string. These are written to our server's access log.
- Two strictly necessary cookies only if you start a login flow (see §4 below).
2.2 When you sign in with Steam
We receive from Valve / Steam:
- Your SteamID64 (the public 17-digit numeric identifier of your Steam account).
- Your Steam display name (personaname).
- The URL of your current Steam avatar image (a link to Steam's CDN).
We never receive or store your Steam email address, password, friends list, owned games, or any other Steam data.
2.3 When you sign in with Discord
We request the Discord scope identify only, which gives us:
- Your Discord user ID (the 17–19 digit snowflake).
- Your Discord display name (global name, or username if no global name is set).
- The URL of your current Discord avatar image (a link to Discord's CDN).
We do not request access to your Discord email, servers, friends, or messages.
2.4 What we store in our database
For each player who signs in, our user database holds:
- An internal user ID (auto-incremented number).
- Your SteamID64 and/or Discord user ID (whichever providers you used to sign in).
- Your display name and avatar URL, as received from Steam/Discord.
- The timestamp of when you first signed in and when you last signed in.
- An opaque random session token while you are logged in (see §4).
3. Purposes and legal bases (Art. 6 GDPR)
| Purpose | Data | Legal basis |
|---|---|---|
| Serving the website (delivering pages and assets, securing the server) | IP, request metadata, user-agent (access logs) | Art. 6 (1)(f) — legitimate interest in operating and securing the service |
| Letting you sign in and stay signed in | Steam ID / Discord ID, display name, avatar, session token, login timestamps | Art. 6 (1)(b) — performance of the implicit "user account" agreement you enter into by signing in |
| Linking your in-game player to your account here | Your SteamID (which is also the identifier used by the Rust game server) | Art. 6 (1)(f) — legitimate interest in offering you a unified profile |
| Diagnosing problems and preventing abuse | Application log entries (login events with user ID + provider ID) | Art. 6 (1)(f) — legitimate interest in operating the service |
4. Cookies
This site uses two cookies, both strictly necessary for the login flow. They are not used for analytics, advertising, or tracking, so no consent banner is required under § 25 (2) TTDSG.
| Cookie | Purpose | Lifetime |
|---|---|---|
cv_session |
Identifies your active login session. | 14 days (renewed each time you sign in) |
cv_link |
Short-lived flag set while you are linking a second account (Steam ↔ Discord). | 10 minutes maximum, deleted as soon as the link round-trip completes |
Both cookies are HttpOnly, Secure, and SameSite=Lax. You can
clear them at any time using your browser, or by signing out of the site.
5. Recipients / third parties
Personal data is transferred outside our server only in the following cases:
- Valve Corporation (Steam) — when you click "Sign in with Steam", you are redirected to Steam to authenticate. Steam receives the request from your browser. We then call the Steam Web API with your SteamID64 to retrieve your public display name and avatar URL. Steam's privacy policy: store.steampowered.com/privacy_agreement
- Discord Inc. — when you click "Sign in with Discord", you are redirected to Discord to authenticate, then we call Discord's API once with the resulting access token to retrieve your public display name and avatar. Discord's privacy policy: discord.com/privacy
- Hetzner Online GmbH — our server is hosted in Germany on a dedicated machine at Hetzner (Gunzenhausen / Falkenstein data centres). Hetzner acts as our infrastructure provider. Their privacy policy: hetzner.com/legal/privacy-policy
We do not use any analytics, advertising, or tracking third parties. Fonts, scripts, and styles are served from our own server — no Google Fonts, no CDNs, no embedded widgets.
5.1 International transfers
Valve (Steam) and Discord are based in the United States. When you choose to sign in with one of them, your authentication request is transmitted to their U.S. infrastructure. This transfer is necessary to complete the authentication you initiated (Art. 49 (1)(b) GDPR).
6. Retention
- Account record (SteamID/Discord ID, display name, avatar URL, timestamps): retained until you request deletion or until your account becomes inactive for a long period.
- Session tokens: automatically deleted 14 days after creation, or immediately on logout.
- Access logs: rotated daily, retained for 14 days, then deleted.
- Application log (login events): retained in our system log subject to size-based rotation; not actively pruned.
7. Your rights under GDPR
You have the following rights with regard to your personal data:
- Access (Art. 15) — to know what data we hold about you.
- Rectification (Art. 16) — to have inaccurate data corrected.
- Erasure (Art. 17 — "right to be forgotten") — to have your data deleted. You can do this yourself at any time from your profile page using the "Delete my account" button, or by emailing us.
- Restriction (Art. 18) — to have processing restricted in certain cases.
- Portability (Art. 20) — to receive your data in a structured, machine-readable format.
- Objection (Art. 21) — to object to processing based on legitimate interest.
- Withdrawal of consent (Art. 7 (3)) — where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, write to srtzero@posteo.de. We will respond within 30 days as required by Art. 12 (3) GDPR.
8. Right to lodge a complaint
If you believe our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. The competent authority for us is:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz
Hintere Bleiche 34
55116 Mainz, Germany
Email: poststelle@datenschutz.rlp.de
Web: datenschutz.rlp.de
9. No automated decision-making
We do not carry out automated decision-making or profiling that produces legal effects concerning you (Art. 22 GDPR).
10. Security
The site is served exclusively over HTTPS with a valid TLS certificate. Session cookies are flagged
HttpOnly and Secure so they cannot be read by client-side scripts or sent
over an unencrypted connection. The user database is not exposed to the public network, and
administrative access to the server is restricted to the operator using strong authentication.
11. Changes to this policy
We may update this policy when the site or its data handling changes. The "Last updated" date at the top of this page reflects the most recent revision.