The Rust Foundation is a US non-profit organization. This privacy notice explains what we do with personal information.
We commit to upholding the key data protection principles and data subject rights described in the GDPR and local data protection regulations in the countries in which we operate.
Source of Data #
Some of the services we are responsible for were originally hosted by Mozilla Corporation. The services and all corresponding data (including personal data of users) were transferred to the Rust Foundation upon its formation.
Legal Basis for Processing #
For personal data under the Rust Foundation’s control, we rely on the following legal bases to obtain and process personal information:
- Where users have given us valid consent to use their data in certain ways, we rely on that consent.
- Where users provide information in order to access our services, we rely on contractual necessity to process that information as necessary to perform those services.
- In certain cases we may process information where this is necessary to meet legal obligations, such as compliance with law enforcement subpoenas or warrants.
- In limited cases, for example to ensure the security of our services and the reliability of our data, we may process your information to further our legitimate interests, so long as any such legitimate interests are not overridden by your rights or interests.
The services use session cookies to anonymously track a user’s session on the services to deliver a better experience. You can block or delete these cookies through your browser’s settings.
Data Transfers #
Rust Foundation is based in the United States, processes and stores data in the United States, and makes its services available around the world. The United States, Member States of the European Economic Area, and other countries are governed by different laws. When your data is moved from its home country to another country, the laws and rules that protect your personal information in the country to which your information is transferred may be different from those in the country where you reside. For example, the legal requirements for law enforcement to gain access to personal information may vary between countries. If your personal data is in the United States, it may be accessed by government authorities in accordance with United States law.
Use of the services is voluntary and users may choose whether or not they wish to use them. Because we offer our services to people in different countries and use technical infrastructure based in the United States, we may need to transfer your personal information across borders in order to deliver our services.
Information Security #
We maintain administrative, technical, and physical safeguards designed to protect the privacy and security of the information we maintain about you. The connection between your computer and our servers is encrypted using Secure Sockets Layer (SSL) software that encrypts that information. We use a digital certificate and secure pages will be identified by a padlock sign and “https://” in the address bar.
However, no method of transmission or storage is 100% secure. As a result, while we strive to protect your personal information, you acknowledge that: (a) there are security and privacy limitations inherent to the Internet which are beyond our control; and (b) security, integrity, and privacy of any and all information and data exchanged between you and us cannot be guaranteed.
Your Rights #
Upon request, Rust Foundation will provide users with information about whether we hold any of their personal information. In certain cases, subject to relevant legal rights, users have the right to object to the processing of their personal information, to request changes, corrections, or the deletion of their personal information, and to obtain a copy of their personal information in an easily accessible format. In order to do this, users can contact us using the contact information set out at the bottom of this policy. We will respond to every request within a reasonable timeframe and may need to take reasonable steps to confirm identity before proceeding.
You can also withdraw your consent to our processing of your information and the use of our services, and/or delete your user account at any time, by using the contact information below to request that your personal information be deleted. If you are an EU resident and believe that our processing of your personal data is contrary to the EU General Data Protection Regulation, you have the right to lodge a complaint with the appropriate supervisory authority.
If you withdraw your consent to the use or sharing of your personal information for the purposes set out in this policy, we may not be able to provide you with our services. Please note that in certain cases we may continue to process your information after you have withdrawn consent and requested that we delete your information if we have a legal basis/need to do so.
Data Retention #
For personal data under its control, Rust Foundation will retain such data only for as long as is necessary for the purposes set out in this policy, or as needed to provide users with our services.
If a user no longer wishes to use our services then it may request deletion of its data at any time.
Notwithstanding the above, Rust Foundation will retain and use user information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your information to comply with applicable tax/revenue laws), resolve disputes, and enforce our agreements. We may also retain log files for the purpose of internal analysis, for site safety, security and fraud prevention, to improve site functionality, or where we are legally required to retain them for longer time periods.
Children’s Privacy #
The services are not directed to children and we do not knowingly collect personal information from anyone under the age of sixteen. If you are under the age of sixteen, your parent or guardian must provide their consent for you to use the services.
Specific services #
Rust Foundation administration #
If you contact us via email, your email address and message will be accessible to our small team of staff.
We use Google Workspace internally. The data is not owned or controlled by Google; they will not share it with third parties or use it for advertising, and neither will we.
Rust Foundation Community Grants Program #
Grant applicants will be asked to give their consent to our processing and storage of the following personal data:
- Preferred pronouns
- Email address
- IP address
- GitHub username
- Social media usernames
Successful applicants (in addition to the above):
- Bank account details
Data for all applicants will be retained for three years. Data for successful applicants will be retained for seven years.
We may ask individuals outside of the Rust Foundation to assist with the grant assessment process. The only personal data that will be shared with such individuals will be the applicant’s GitHub username.
When you visit rust-lang.org, we receive your IP address as part of our standard server logs. We store these logs for 1 year.
When you (or tooling, such as Rustup) visits static.rust-lang.org or dev-static.rust-lang.org, we receive your IP address, user-agent header, referer header, and request path as part of our standard server logs. We store these logs for 1 year.
Crates.io requires users to have a GitHub account in order to log in and use the service. When you log in to Crates.io using a GitHub account, we receive your GitHub username and avatar. If you share a display name or public email address in your GitHub public profile, we also receive that information.
You must have a verified email address to publish a crate. We receive any public email address associated with your GitHub account. You can also choose to submit a different address to associate with your Crates.io activity. We will only use your email address to contact you about your account.
When you visit Crates.io, we receive your IP address, user-agent header, and request path as part of our standard server logs. We store these logs for 1 year.
When you (or tooling, such as Cargo) visits static.crates.io, we receive your IP address, user-agent header, referer header, and request path as part of our standard server logs. We store these logs for 1 year.
All crates on Crates.io are public, including the list of crate owners’ user names and the crate upload date. Anyone may view or download a crate’s contents. Because of the public nature of Crates.io, any personal data you might include in a Cargo.toml file uploaded to a crate will be publicly available. For example, if an email address is in the
authors field in the Cargo.toml file, that email address will also be public.
Due to its public nature, be aware if you include any private information in a crate, that information may be indexed by search engines or used by third parties. Sensitive information should not be included in a crate file.
When you visit docs.rs, we receive your IP address and user-agent header as part of our standard server logs. We store these logs for 1 year.
The Community team administers the Users Forum and the Internals Forum. Posts on these forums are public. If you sign up to participate in these forums, we collect your email address and name. As administrators of the forum, we have access to usage information regarding your interactions with it, such as posts published and read, and time spent on the site.
Third-party services #
For data subject access requests, or any questions about this privacy notice, please contact us.