Privacy Policy

Last updated: April 7, 2026

1. Who We Are

ASM is operated by Talus Cyber LLC, incorporated in 2026. When we say "we," "us," or "our," we mean Talus Cyber LLC.

2. Information We Collect

We collect information you provide directly and information generated through your use of the platform.

Account information:

  • Email address (required for account creation and login)
  • Username and display name
  • Password (stored as a bcrypt hash — we never store plaintext passwords)
  • Two-factor authentication secrets (encrypted)

Organization information:

  • Organization name
  • Member list and roles
  • Billing information (processed by Stripe — we do not store card numbers)

Game server data:

  • Server configuration (IP addresses, ports, file paths)
  • Player session data (player names, Steam IDs, BattlEye GUIDs, IP addresses, country codes)
  • Chat messages captured via RCON
  • Server performance telemetry (CPU, RAM, FPS, player counts)
  • Server logs (RPT files)
  • Ban records (player IDs, reasons, durations)
  • Player notes created by administrators

Usage data:

  • Audit logs of administrative actions
  • IP addresses used to access the platform
  • Browser user agent strings (stored with sessions)

3. How We Use Your Information

  • To provide and maintain the ASM platform and its features
  • To authenticate your identity and manage your account
  • To process billing and subscription management via Stripe
  • To send transactional emails (verification, password resets, invitations)
  • To enforce player management rules you configure (bans, filters)
  • To provide server monitoring, metrics, and alerting
  • To maintain audit trails for security and accountability
  • To detect and prevent abuse of the platform

4. Data Sharing

We do not sell your personal information. We share data only in these circumstances:

  • Stripe — Payment processing. Stripe's privacy policy governs payment data.
  • Cloudflare — Network traffic passes through Cloudflare's infrastructure for tunnel connectivity.
  • ip-api.com — Player IP addresses are sent to ip-api.com for VPN detection and geographic location lookup, if this feature is enabled by your organization.
  • Steam Web API — Steam IDs are sent to Valve's API for profile lookups, VAC ban checks, and Workshop mod information.
  • Legal requirements — If required by law, subpoena, or legal process.

5. Data Retention

  • Account data is retained for the lifetime of your account
  • Server telemetry is retained for 30 days
  • Chat logs are retained based on your configured retention period (default 7 days)
  • Audit logs are retained indefinitely
  • Player session history is retained indefinitely
  • When an organization is deleted, all associated data is permanently removed

6. Data Security

We implement security measures including:

  • Encrypted connections (TLS) for all web traffic
  • Passwords hashed with bcrypt (cost factor 12)
  • Two-factor authentication (TOTP)
  • JWT-based sessions with 24-hour expiry
  • Role-based access control with 30+ granular permissions
  • Multi-tenant data isolation at the organization level
  • Input sanitization to prevent injection attacks
  • Rate limiting on authentication endpoints

7. Your Rights

You may:

  • Access your account data through the platform settings
  • Update your email, display name, and password at any time
  • Delete your account by contacting support
  • Export your data by contacting support
  • Leave an organization at any time

8. Children

ASM is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from individuals under 18.

9. Changes to This Policy

We may update this policy from time to time. We will notify registered users of material changes via email or platform notification.

10. Contact

For privacy-related questions or requests, contact us by submitting a ticket through the platform or emailing support at Talus Cyber LLC.