Minimum necessary data
Collect data because it supports server operations, safety, appeals, fraud prevention, abuse review, or security—not because it is easy to collect.
TIRust uses operational data to protect fair play and community safety. That data should be minimized, secured, retained only as needed, and separated from unnecessary personal exposure.
Collect data because it supports server operations, safety, appeals, fraud prevention, abuse review, or security—not because it is easy to collect.
Reports, logs, staff notes, player IDs, and anti-cheat context should be retained long enough to support appeals and abuse prevention, then reviewed for deletion or archival.
Restrict access to admin panels, RCON, Discord moderation data, player reports, and provider accounts. Staff should only see what they need for their role.
Cloud providers may collect account, billing, support, usage, network, and diagnostic data. TIRust should document which providers host which workloads.
Operational data needs backups, access logging, credential rotation, and encryption where appropriate. Do not place unencrypted regulated data in systems that are not designed for it.
Player-facing data request paths belong on tirust.fun. Organization-level policies should explain the operating principles behind those workflows.
TIRust should distinguish data it controls directly from data processed by vendors or infrastructure providers. That distinction matters for privacy notices, security responsibilities, support requests, and incident response.
See Moderation Systems for report handling, Anti-Cheat Intelligence for risk-signal policy, and Infrastructure for provider and backup posture.