Privacy Policy

The Rust Foundation is a US non-profit organization. This privacy notice explains what we do with personal information.

We commit to upholding the key data protection principles and data subject rights described in the GDPR and local data protection regulations in the countries in which we operate.

Source of Data #

Some of the services we are responsible for were originally hosted by Mozilla Corporation. The services and all corresponding data (including personal data of users) were transferred to the Rust Foundation upon its formation.

For personal data under the Rust Foundation’s control, we rely on the following legal bases to obtain and process personal information:

  • Where users have given us valid consent to use their data in certain ways, we rely on that consent.
  • Where users provide information in order to access our services, we rely on contractual necessity to process that information as necessary to perform those services.
  • In certain cases we may process information where this is necessary to meet legal obligations, such as compliance with law enforcement subpoenas or warrants.
  • In limited cases, for example to ensure the security of our services and the reliability of our data, we may process your information to further our legitimate interests, so long as any such legitimate interests are not overridden by your rights or interests.

Cookies #

Like many websites, the services may use cookies to obtain certain types of information when your web browser accesses our site. Cookies are used most commonly to do things like tracking page views, identifying repeat users and utilizing login tokens for a session.

The services use session cookies to anonymously track a user’s session on the services to deliver a better experience. You can block or delete these cookies through your browser’s settings.

You can set or amend your web browser controls to accept or refuse cookies. If you choose to reject cookies, you may still use our services though your access to some functionality may be restricted. As the means by which you can refuse cookies through your web browser controls vary from browser-to-browser, you should visit your browser’s help menu for more information.

Data Transfers #

Rust Foundation is based in the United States, processes and stores data in the United States, and makes its services available around the world. The United States, Member States of the European Economic Area, and other countries are governed by different laws. When your data is moved from its home country to another country, the laws and rules that protect your personal information in the country to which your information is transferred may be different from those in the country where you reside. For example, the legal requirements for law enforcement to gain access to personal information may vary between countries. If your personal data is in the United States, it may be accessed by government authorities in accordance with United States law.

Use of the services is voluntary and users may choose whether or not they wish to use them. Because we offer our services to people in different countries and use technical infrastructure based in the United States, we may need to transfer your personal information across borders in order to deliver our services.

Information Security #

We maintain administrative, technical, and physical safeguards designed to protect the privacy and security of the information we maintain about you. The connection between your computer and our servers is encrypted using Secure Sockets Layer (SSL) software that encrypts that information. We use a digital certificate and secure pages will be identified by a padlock sign and “https://” in the address bar.

However, no method of transmission or storage is 100% secure. As a result, while we strive to protect your personal information, you acknowledge that: (a) there are security and privacy limitations inherent to the Internet which are beyond our control; and (b) security, integrity, and privacy of any and all information and data exchanged between you and us cannot be guaranteed.

Your Rights #

Upon request, Rust Foundation will provide users with information about whether we hold any of their personal information. In certain cases, subject to relevant legal rights, users have the right to object to the processing of their personal information, to request changes, corrections, or the deletion of their personal information, and to obtain a copy of their personal information in an easily accessible format. In order to do this, users can contact us using the contact information set out at the bottom of this policy. We will respond to every request within a reasonable timeframe and may need to take reasonable steps to confirm identity before proceeding.

You can also withdraw your consent to our processing of your information and the use of our services, and/or delete your user account at any time, by using the contact information below to request that your personal information be deleted. If you are an EU resident and believe that our processing of your personal data is contrary to the EU General Data Protection Regulation, you have the right to lodge a complaint with the appropriate supervisory authority.

If you withdraw your consent to the use or sharing of your personal information for the purposes set out in this policy, we may not be able to provide you with our services. Please note that in certain cases we may continue to process your information after you have withdrawn consent and requested that we delete your information if we have a legal basis/need to do so.

Data Retention #

For personal data under its control, Rust Foundation will retain such data only for as long as is necessary for the purposes set out in this policy, or as needed to provide users with our services.

If a user no longer wishes to use our services then it may request deletion of its data at any time.

Notwithstanding the above, Rust Foundation will retain and use user information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your information to comply with applicable tax/revenue laws), resolve disputes, and enforce our agreements. We may also retain log files for the purpose of internal analysis, for site safety, security and fraud prevention, to improve site functionality, or where we are legally required to retain them for longer time periods.

Children’s Privacy #

The services are not directed to children and we do not knowingly collect personal information from anyone under the age of sixteen. If you are under the age of sixteen, your parent or guardian must provide their consent for you to use the services.

Specific services #

Rust Foundation administration #

If you contact us via email, your email address and message will be accessible to our small team of staff.

We use Google Workspace internally. The data is not owned or controlled by Google; they will not share it with third parties or use it for advertising, and neither will we.

Rust Foundation Community Grants Program #

Grant applicants will be asked to give their consent to our processing and storage of the following personal data:

All applicants:

  • Name
  • Preferred pronouns
  • Email address
  • Location
  • IP address
  • GitHub username
  • Social media usernames

Successful applicants (in addition to the above):

  • Bank account details

Data for all applicants will be retained for three years. Data for successful applicants will be retained for seven years.

We may ask individuals outside of the Rust Foundation to assist with the grant assessment process. The only personal data that will be shared with such individuals will be the applicant’s GitHub username.

rust-lang.org #

rust-lang.org is managed by members of the Core team and the Community team.

When you visit rust-lang.org, we receive your IP address as part of our standard server logs. We store these logs for 1 year.

static.rust-lang.org #

When you (or tooling, such as Rustup) visits static.rust-lang.org or dev-static.rust-lang.org, we receive your IP address, user-agent header, referer header, and request path as part of our standard server logs. We store these logs for 1 year.

crates.io #

Crates.io is managed by members of the Core team and the Crates.io team.

Crates.io requires users to have a GitHub account in order to log in and use the service. When you log in to Crates.io using a GitHub account, we receive your GitHub username and avatar. If you share a display name or public email address in your GitHub public profile, we also receive that information.

You must have a verified email address to publish a crate. We receive any public email address associated with your GitHub account. You can also choose to submit a different address to associate with your Crates.io activity. We will only use your email address to contact you about your account.

When you visit Crates.io, we receive your IP address, user-agent header, and request path as part of our standard server logs. We store these logs for 1 year.

When you (or tooling, such as Cargo) visits static.crates.io, we receive your IP address, user-agent header, referer header, and request path as part of our standard server logs. We store these logs for 1 year.

All crates on Crates.io are public, including the list of crate owners’ user names and the crate upload date. Anyone may view or download a crate’s contents. Because of the public nature of Crates.io, any personal data you might include in a Cargo.toml file uploaded to a crate will be publicly available. For example, if an email address is in the authors field in the Cargo.toml file, that email address will also be public.

Due to its public nature, be aware if you include any private information in a crate, that information may be indexed by search engines or used by third parties. Sensitive information should not be included in a crate file.

Crates.io uses Sentry, an error monitoring service, to help the Rust team discover and fix the performance of the code. When there is an error, Sentry receives basic information about how you interacted with the website and the actions that led to the error. Additionally, your IP address may be disclosed to Sentry as part of the error reporting process but we’ve configured Sentry to delete it as soon as it’s received. Read Sentry’s Privacy Policy here.

docs.rs #

Docs.rs is managed by the members of the Core team and the Dev Tools docs.rs sub-team.

When you visit docs.rs, we receive your IP address and user-agent header as part of our standard server logs. We store these logs for 1 year.

Forums #

The Community team administers the Users Forum and the Internals Forum. Posts on these forums are public. If you sign up to participate in these forums, we collect your email address and name. As administrators of the forum, we have access to usage information regarding your interactions with it, such as posts published and read, and time spent on the site.

Third-party services #

We use Heroku and AWS to host the services, on servers located in the US. AWS’s privacy notice is here. Heroku is part of Salesforce, whose privacy policy is here.

The Users Forum and Internals Forum on rust-lang.org are hosted by Discourse and use its open source discussion platform. Discourse’s privacy policy is available here.

We use Mailgun to send email. Mailgun’s privacy policy is available here.

We use ZenDesk to manage, track, and respond to support requests, including for the Crates.io mailing list. ZenDesk’s privacy policy is available here.

GitHub login is used for authentication in Crates.io and (optionally) in the forums. GitHub’s Privacy Statement can be found here.

Some Rust team members use the Zulip and Discord platforms for community collaboration. Zulip’s privacy notice is available here. Discord’s privacy notice is available here.

Contact #

For data subject access requests, or any questions about this privacy notice, please contact us.