Privacy Policy

1. Information We Collect

1.1 Personal Information

When you register for an account or participate in our services, we may collect the following personal information:

• Identity Information: Full name, username, email address, phone number
• Educational/Professional Information: Institution name, academic level, profession, area of expertise
• Profile Information: Profile picture, bio, social media links, team affiliations
• Verification Information: Government-issued ID, student ID, institutional email verification

1.2 Technical Information

• Device Information: IP address, browser type and version, operating system, device identifiers
• Usage Data: Pages visited, time spent on platform, click patterns, feature usage
• Performance Data: Challenge completion times, submission attempts, scoring metrics
• Log Data: Server logs, error reports, security events, access timestamps

1.3 Competition Data

• Submission Data: Code submissions, writeups, solution approaches, flags submitted
• Communication Data: Forum posts, team communications, support tickets
• Achievement Data: Rankings, badges, certificates, competition history

2. How We Collect Information

2.1 Information You Provide

• Account registration and profile setup
• Competition registration and participation
• Communication with our support team
• Feedback and survey responses
• Voluntary information sharing in forums or profiles

2.2 Information We Collect Automatically

• Cookies and similar tracking technologies
• Web server logs and analytics tools
• Platform usage monitoring and performance tracking
• Security monitoring and fraud detection systems

2.3 Information from Third Parties

• Social media authentication (Google, GitHub, LinkedIn)
• Educational institution verification services
• Payment processing partners (for premium features)
• Security and fraud prevention services

3. How We Use Your Information

3.1 Service Provision

• Create and manage user accounts
• Provide access to CTF challenges and competitions
• Process and evaluate submissions
• Generate leaderboards and rankings
• Issue certificates and badges
• Facilitate team formation and collaboration

3.2 Communication

• Send account-related notifications
• Provide competition updates and announcements
• Respond to support requests and inquiries
• Send newsletters and educational content (with consent)
• Notify about platform updates and new features

3.3 Platform Improvement

• Analyze usage patterns to improve user experience
• Develop new features and challenges
• Optimize platform performance and reliability
• Conduct research on cybersecurity education

3.4 Security and Legal Compliance

• Detect and prevent fraud, abuse, and security threats
• Enforce our Terms of Service and competition rules
• Comply with legal obligations and regulatory requirements
• Protect intellectual property rights

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Contractual Necessity: To provide services as outlined in our Terms of Service
• Legitimate Interest: For platform security, fraud prevention, and service improvement
• Consent: For marketing communications and optional data processing
• Legal Obligation: To comply with applicable laws and regulations

5. Information Sharing and Disclosure

5.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their commercial purposes.

5.2 Service Providers

We may share information with trusted third-party service providers who assist us in:

• Cloud hosting and infrastructure services
• Email delivery and communication platforms
• Analytics and performance monitoring
• Payment processing (for premium features)
• Customer support tools

5.3 Competition Partners

• Sponsored competition organizers (with explicit consent)
• Educational institutions (for student verification)
• Industry partners (for recruitment opportunities, with consent)

5.4 Legal Requirements

We may disclose information when required by law or to:

• Comply with legal processes, court orders, or government requests
• Protect our rights, property, or safety
• Investigate fraud, security breaches, or policy violations
• Protect the rights and safety of our users and the public

5.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of that transaction, subject to equivalent privacy protections.

6. Cookies and Tracking Technologies

6.1 Types of Cookies We Use

• Essential Cookies: Required for platform functionality and security
• Performance Cookies: Help us analyze platform usage and performance
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Provide insights into user behavior and platform improvements

6.2 Cookie Management

You can control cookies through:

• Browser settings and preferences
• Our cookie consent banner
• Third-party opt-out tools for analytics services

6.3 Third-Party Analytics

We use analytics services such as Google Analytics to understand platform usage. These services may use cookies and similar technologies to collect information about your interactions with our platform.

7. Data Security

7.1 Security Measures

• Industry-standard encryption for data in transit and at rest
• Multi-factor authentication for administrative accounts
• Regular security audits and penetration testing
• Secure coding practices and vulnerability assessments
• Access controls and principle of least privilege
• Regular staff security training and awareness programs

7.2 Data Breach Response

In the event of a data breach, we will:

• Investigate and contain the breach immediately
• Notify affected users within 72 hours of discovery
• Report to relevant authorities as required by law
• Provide regular updates on the investigation and remediation

7.3 User Responsibilities

• Keep your account credentials secure and confidential
• Use strong, unique passwords
• Report suspicious activities immediately
• Keep your contact information updated

8. Data Retention

8.1 Retention Periods

• Account Data: Retained while your account is active and for 2 years after account closure
• Competition Data: Retained for 5 years for historical records and research purposes
• Communication Data: Retained for 3 years for support and legal compliance
• Technical Logs: Retained for 1 year for security and performance monitoring

8.2 Data Deletion

We will delete or anonymize personal data when:

• The retention period expires
• You request deletion (subject to legal requirements)
• The data is no longer necessary for the original purpose
• Required by applicable law

9. Your Rights and Choices

9.1 Access and Control

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete information
• Deletion: Request deletion of your personal data
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Limit how we process your data
• Objection: Object to certain types of data processing

9.2 Communication Preferences

• Opt out of marketing communications
• Customize notification preferences
• Manage email subscription settings

9.3 Account Management

• Update your profile information
• Change privacy settings
• Deactivate or delete your account

9.4 Exercising Your Rights

To exercise any of these rights, contact us at privacy@csemctf.com. We will respond within 30 days and may require identity verification.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure adequate protection through:

• EU Standard Contractual Clauses for GDPR compliance
• Privacy Shield certification (where applicable)
• Adequacy decisions by relevant authorities
• Binding corporate rules and internal policies

11. Children's Privacy

Our platform is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover we have collected such information, we will delete it immediately.

For users between 13-18 years of age, we require parental consent for certain activities and provide additional privacy protections.

12. Regional Compliance

12.1 GDPR (European Union)

For EU residents, we comply with the General Data Protection Regulation, including all rights outlined in Section 9.

12.2 CCPA (California)

California residents have additional rights under the California Consumer Privacy Act, including the right to know about personal information collection and sale.

12.3 Other Jurisdictions

We comply with applicable privacy laws in all jurisdictions where we operate, including but not limited to India's Personal Data Protection Bill and other regional regulations.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect:

• Changes in our data practices
• New legal requirements
• Platform updates and new features
• User feedback and best practices

We will notify you of significant changes through:

• Email notification to registered users
• Prominent notice on our platform
• Updated "Last Modified" date at the top of this policy

14. Contact Information