Privacy Policy

The data controller for the HWS Frontier website and the Rust game servers it operates is André Nielsen Digital, based in Odense, Denmark. The full legal address and the email used for all privacy enquiries are published in our imprint.

For any matter relating to your personal data - access, deletion, objection, or anything else covered by this policy - write to [email protected].

This policy applies to the HWS Frontier website (HWS Frontier) and to the Rust game servers we operate under that name. Some of our game servers are physically located in North America to serve players in that region - where that is the case, the server name will say so clearly. Regardless of where a game server is hosted, the personal data we collect is administered from, and stored in, the European Union.

HWS Frontier is part of the wider HWS community, but it is operated by André Nielsen Digital. The HWS Empyrion server and the HWS brand are operated by W3DG. Because the communities share a Discord and cooperate closely, limited data may be shared between André Nielsen Digital and W3DG where it is genuinely needed to run shared community features, grant cross-game rewards, handle support, or protect players from cheating, abuse, or ban evasion.

We only collect what we actually need to run the service. In practice, that means:

• Platform identity. Your Steam ID, plus the public display name and avatar your platform makes available, so we can recognise you across the website and the game server.
• Account & session data. A session cookie issued after you sign in, the timestamp of your last sign-in, and preferences you have set on the site.
• Linked Discord identity. If you choose to link Discord on your profile page, we store the Discord user ID, display name, and avatar URL returned by Discord. Discord linking is optional and is used for community features such as role sync, clan/community tools, and support context.
• In-game progression. Your balances and history in the Elemental Bank, your Orbital Cargo Drone (OCD) inventory, and other persistent in-game state we maintain so that your progress survives wipes and reconnects.
• Game-server activity. Connection logs, chat and command logs, anti-cheat signals, and moderation notes, used to keep the server fair and to investigate reports.
• Server standing data. We maintain an internal standing signal based on limited gameplay, chat, moderation, and community-safety events. It helps staff understand behaviour over time and helps our tools apply moderation consistently.
• Payment records. If you buy a supporter package, we keep the order ID, the tier you purchased, the amount, the date, and the platform identity it was tied to. Payments themselves are processed by Polar.sh - we never see your full card or bank details.
• Technical metadata. IP address, user-agent, and basic request information, written to short-lived server logs for security, abuse prevention, and debugging.
• Pseudonymous traffic counters. So we can see how many people visit the site and which wiki pages are actually read, we keep two simple counters: a daily total of unique site visitors, and a per-page view count for the wiki. Each visit is identified only by an irreversible salted hash of your IP address and user-agent - we never store the raw IP or user-agent against these counters, the hash itself is used purely to deduplicate refreshes within a 30-minute window, and the dedup row is automatically deleted once that window has passed. We also keep first-party support checkout funnel counters for signed-in users - product kind, catalogue id, result, and timestamp - so we can see whether checkout is working during launch. There is no cross-site tracking, and no third-party analytics service involved.
• Support correspondence. The contents of any ticket or email you send us, kept while your case is open and for a reasonable period afterwards.
• Cross-server community records. Where a shared HWS feature or safety issue requires it, we may process limited data received from or shared with W3DG, such as platform IDs, Discord IDs, entitlement status, moderation status, and concise notes needed to understand the relevant support or safety issue.

Each category of data is processed for a specific purpose, and only on the legal bases listed in Article 6(1) of the GDPR:

• To provide the service you signed up for - authenticating you, running banking, OCD, supporter perks, and generally letting you play. Legal basis: performance of a contract (Art. 6(1)(b)).
• To process supporter purchases - confirming payment, granting the tier, and keeping records. Legal basis: performance of a contract (Art. 6(1)(b)) and legal obligation (Art. 6(1)(c)) for accounting and tax records.
• To keep the service secure and fair - preventing cheating, exploitation, harassment, fraud, and abuse; investigating incidents; and coordinating serious safety or moderation issues with the wider HWS community where necessary. This includes automated chat moderation, anti-cheat and anti-abuse signals, staff alerts, and internal server standing data. Legal basis: legitimate interests (Art. 6(1)(f)) in protecting our service and our players.
• To provide optional Discord and Cross Game Rewards - linking your Discord account, assigning Discord roles, confirming subscriber status where you ask us to do so, and granting HWS benefits that span both the Rust and Empyrion communities. Legal basis: consent (Art. 6(1)(a)) where you voluntarily link Discord or request the optional benefit, andperformance of a contract (Art. 6(1)(b)) where the benefit is part of a supporter package you purchased.
• To understand how the site is used in aggregate - only via the pseudonymous traffic counters described above (total unique daily visitors and per-page wiki view counts). We use these to size capacity, decide which guides need rewriting, and gauge launch-day load. Legal basis: legitimate interests (Art. 6(1)(f)) in operating and improving the service, with no profiling and no tracking of individual users.
• To respond to support requests - handling tickets, refund-related questions, and reports. Legal basis: performance of a contract and legitimate interests.
• To comply with the law - for example, retaining invoices for the period required by Danish bookkeeping rules. Legal basis: legal obligation.

We do not sell your personal data, we do not run behavioural advertising, and we do not embed third-party advertising or analytics trackers on this website. We do not share data with W3DG or Discord for their advertising or profiling purposes.

To run the service we rely on a small number of carefully chosen providers, all of which act as processors on our behalf or as independent controllers for clearly defined purposes:

• Valve / Steam - verifies your identity when you sign in with Steam, via the Steam OpenID and Web API.
• Polar.sh - processes supporter purchases as merchant of record. Polar handles the checkout, the payment, the invoice, and any VAT. We receive only the information needed to grant your tier.
• W3DG / HWS Empyrion - operates the HWS Empyrion game server and the HWS brand. Where needed for shared HWS community features, cross-game rewards, support, or serious moderation and anti-cheat matters, W3DG and André Nielsen Digital may exchange limited account, entitlement, and moderation data. Each company remains responsible for the services it operates.
• Hosting provider (Hetzner, EU) - provides the servers and database that power this website. Game-server hosting for HWS Frontier servers is provided by infrastructure partners in the EU and, for clearly labelled NA servers, in North America.
• Discord - used as our primary support channel and for optional account linking. If you contact us through Discord, your message and Discord handle are processed by Discord on its own terms. If you voluntarily link Discord on your profile page, we receive your Discord identity via Discord OAuth and may share the minimum necessary supporter-status data with Discord so roles or other subscription benefits can be applied in the HWS Discord. We recommend using email if you prefer not to involve Discord.

We do not share your data with anyone else for their own marketing or profiling purposes.

Under the GDPR, and subject to the conditions set out there, you have the right to:

• access the personal data we hold about you (Art. 15);
• have inaccurate data corrected (Art. 16);
• have your data erased (Art. 17);
• restrict our processing of your data in specific situations (Art. 18);
• receive your data in a portable, machine-readable format (Art. 20);
• object to processing based on our legitimate interests (Art. 21);
• withdraw any consent you have given us, without affecting the lawfulness of processing carried out before withdrawal (Art. 7).

To exercise any of these rights, email us at [email protected]. We may need to confirm your identity (typically by linking the request to a verifiable platform account) before we can act.

You also have the right to lodge a complaint with a supervisory authority. In Denmark that is the Danish Data Protection Agency (Datatilsynet, Carl Jacobsens Vej 35, 2500 Valby, datatilsynet.dk).

We use automated tools to help keep the servers playable. Chat moderation tools may automatically warn, mute, or block chat where they detect rule-breaking behaviour. Anti-cheat and anti-abuse tools may record suspicious activity and alert staff so they can investigate with the relevant context.

We also use an internal server standing system. It combines limited positive and negative behaviour signals so staff can see relevant history when reviewing reports, appeals, or sanctions. Automated moderation may use this standing to apply rules more consistently, for example when deciding how quickly to warn or mute a player for repeated chat violations.

We do not publish the detailed detection rules, scoring weights, thresholds, or alert logic used by these systems, because doing so would make cheating, harassment, and ban evasion easier. We do not use server standing for advertising, and we do not sell it. If you believe an automated moderation action was wrong, you can ask staff to review it through our support channels. We do not rely on solely automated processing for decisions that produce legal or similarly significant effects within the meaning of Article 22 of the GDPR.