Privacy Policy

Last updated: November 19, 2025

1. Introduction

Welcome to CyberCTF. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cybersecurity learning platform.

2. Information We Collect

2.1 Personal Information

We collect the following personal information when you register and use our platform:

  • Username and email address
  • Password (encrypted and securely stored)
  • Profile information (optional: avatar, bio, social links)
  • Authentication tokens and session data

2.2 Usage Data

We automatically collect certain information when you use our platform:

  • Lab completions and challenge submissions
  • Progress tracking and achievement data
  • Leaderboard rankings and statistics
  • IP addresses and browser information
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide and maintain our services
  • To authenticate users and manage accounts
  • To track your learning progress and achievements
  • To display leaderboards and statistics
  • To improve our platform and user experience
  • To communicate with you about updates and features
  • To detect and prevent security threats
  • To comply with legal obligations

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • Public Information: Your username, profile information, and leaderboard rankings are publicly visible to other users
  • Service Providers: We may share data with third-party service providers who help us operate our platform (e.g., hosting, analytics)
  • Legal Requirements: We may disclose information if required by law or to protect our rights and safety

5. Data Security

We implement appropriate technical and organizational security measures to protect your personal information:

  • Passwords are hashed using industry-standard algorithms
  • Data transmission is encrypted using HTTPS/TLS
  • Authentication tokens are securely managed
  • Regular security audits and updates

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Maintain your session and keep you logged in
  • Remember your preferences and settings
  • Analyze platform usage and performance
  • Improve user experience

You can control cookies through your browser settings, but disabling cookies may affect the functionality of our platform.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access: Request access to your personal data
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data
  • Data Portability: Request a copy of your data in a portable format
  • Objection: Object to certain processing of your data
  • Withdrawal: Withdraw consent for data processing

To exercise these rights, please contact us using the information provided below.

8. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy. When you delete your account, we will delete or anonymize your personal information, except where we are required to retain it for legal purposes.

9. Third-Party Services

Our platform may integrate with third-party services (e.g., OAuth providers, analytics tools). These services have their own privacy policies, and we encourage you to review them. We are not responsible for the privacy practices of third-party services.

10. Children's Privacy

Our platform is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

11. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your country. By using our platform, you consent to the transfer of your information to countries that may have different data protection laws than your jurisdiction.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

  • Email: privacy@cyberctf.com
  • Website: https://cyberctf.com

GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • The right to be informed about data collection and use
  • The right to access your personal data
  • The right to rectification of inaccurate data
  • The right to erasure ("right to be forgotten")
  • The right to restrict processing
  • The right to data portability
  • The right to object to processing
  • Rights related to automated decision-making and profiling

We process your data based on the following legal bases: consent, contract performance, legal obligations, and legitimate interests.

CCPA Compliance (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information is collected
  • The right to know whether personal information is sold or disclosed
  • The right to say no to the sale of personal information
  • The right to access your personal information
  • The right to equal service and price
  • The right to delete personal information

Note: We do not sell your personal information to third parties.