Data Governance

Moderation data has to be useful, protected, and limited.

TIRust uses operational data to protect fair play and community safety. That data should be minimized, secured, retained only as needed, and separated from unnecessary personal exposure.

Privacy

Minimum necessary data

Collect data because it supports server operations, safety, appeals, fraud prevention, abuse review, or security—not because it is easy to collect.

Evidence

Moderation retention

Reports, logs, staff notes, player IDs, and anti-cheat context should be retained long enough to support appeals and abuse prevention, then reviewed for deletion or archival.

Access

Least privilege

Restrict access to admin panels, RCON, Discord moderation data, player reports, and provider accounts. Staff should only see what they need for their role.

Providers

Cloud processing constraints

Cloud providers may collect account, billing, support, usage, network, and diagnostic data. TIRust should document which providers host which workloads.

Security

Backups and encryption

Operational data needs backups, access logging, credential rotation, and encryption where appropriate. Do not place unencrypted regulated data in systems that are not designed for it.

Rights

Data requests

Player-facing data request paths belong on tirust.fun. Organization-level policies should explain the operating principles behind those workflows.

Controller and processor thinking

TIRust should distinguish data it controls directly from data processed by vendors or infrastructure providers. That distinction matters for privacy notices, security responsibilities, support requests, and incident response.

Related pages

See Moderation Systems for report handling, Anti-Cheat Intelligence for risk-signal policy, and Infrastructure for provider and backup posture.