Back to Home

Privacy Policy

Last updated: January 15, 2025

1. Introduction

CTF-HUB ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cybersecurity training platform.

By using CTF-HUB, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this privacy policy, please do not access the site or use our services.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us, including:

  • Account Information: Username, email address, password (encrypted), organization name, and role
  • Profile Information: Name, bio, avatar, professional background, and skills
  • Billing Information: Company name, billing address, payment method details (processed securely through our payment provider)
  • Event Data: Challenge solutions, scores, team affiliations, and competition performance
  • Communications: Support tickets, feedback, and correspondence with our team
  • Content: Challenges, write-ups, and other content you create on the platform

2.2 Information We Collect Automatically

When you use CTF-HUB, we automatically collect certain information, including:

  • Usage Data: Pages visited, features used, actions taken, and time spent on the platform
  • Device Information: IP address, browser type, operating system, device identifiers
  • Log Data: Access times, referring URLs, error logs, and system performance data
  • Cookies and Tracking: Session cookies, authentication tokens, and preference settings

2.3 Information from Third Parties

We may receive information about you from:

  • Your organization administrator when they add you to their CTF-HUB account
  • Third-party authentication providers (if you use SSO on Enterprise plans)
  • Payment processors for transaction verification

3. How We Use Your Information

We use the collected information for various purposes:

3.1 Service Delivery

  • Create and manage your account
  • Provide access to CTF events and challenges
  • Track progress and maintain scoreboards
  • Process transactions and manage subscriptions
  • Send event notifications and important updates

3.2 Service Improvement

  • Analyze usage patterns to improve features
  • Develop new functionalities based on user needs
  • Optimize platform performance and reliability
  • Conduct research on cybersecurity education effectiveness

3.3 Communication

  • Respond to support requests and inquiries
  • Send service updates and security alerts
  • Provide training resources and tips (with consent)
  • Notify about subscription changes or billing

3.4 Security and Compliance

  • Detect and prevent fraud or abuse
  • Monitor for security threats
  • Comply with legal obligations
  • Enforce our Terms of Service

4. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information in the following circumstances:

4.1 Within Your Organization

  • Organization administrators can view usage data and performance metrics for their users
  • Team members can see each other's scores and progress in team events
  • Event organizers can access participant data for events they manage

4.2 Service Providers

We work with trusted third-party services:

  • Cloud Infrastructure: AWS for hosting and data storage
  • Payment Processing: Stripe for secure payment handling
  • Analytics: Internal analytics tools (no third-party tracking)
  • Email Services: For transactional emails and notifications

4.3 Legal Requirements

We may disclose information if required by law or if we believe such action is necessary to:

  • Comply with legal obligations or court orders
  • Protect our rights, property, or safety
  • Prevent fraud or security issues
  • Protect against legal liability

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

5. Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes outlined in this policy:

Data Type Retention Period
Account Information Duration of account + 30 days after deletion
Event Data Based on subscription plan (30-365 days)
Billing Records 7 years for tax compliance
Support Communications 2 years after resolution
Security Logs 90 days
Challenge Content Indefinitely (unless deleted by creator)

6. Data Security

We implement industry-standard security measures to protect your information:

6.1 Technical Measures

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Secure password hashing (bcrypt with salt rounds)
  • Regular security audits and vulnerability assessments
  • Web Application Firewall (WAF) protection
  • DDoS protection and rate limiting

6.2 Organizational Measures

  • Access controls and principle of least privilege
  • Employee security training and background checks
  • Incident response procedures
  • Regular backups and disaster recovery planning

6.3 Your Responsibilities

  • Use strong, unique passwords
  • Enable two-factor authentication (available for admin/organizer roles)
  • Keep your account credentials confidential
  • Report security concerns promptly

7. Your Rights and Choices

7.1 Access and Portability

You can request a copy of your personal data in a structured, machine-readable format.

7.2 Correction

You can update your account information at any time through your profile settings.

7.3 Deletion

You can request deletion of your account and associated data. Some information may be retained as required by law or for legitimate business purposes.

7.4 Opt-Out

  • Marketing Communications: Unsubscribe via link in emails or account settings
  • Cookies: Adjust browser settings (may impact functionality)
  • Analytics: Contact support to opt-out of usage analytics

7.5 Data Processing Objection

You may object to certain data processing activities. Contact privacy@ctf-hub.com with your specific request.

8. International Data Transfers

CTF-HUB is based in the United States. If you access our services from outside the US:

  • Your information will be transferred to and processed in the US
  • We use standard contractual clauses for international transfers
  • We comply with applicable data protection laws
  • By using our services, you consent to this transfer

9. Children's Privacy

CTF-HUB is not intended for users under 16 years of age. We do not knowingly collect information from children under 16. If we discover we have collected information from a child under 16, we will delete it promptly.

Educational institutions using CTF-HUB with students should ensure appropriate consent and comply with applicable laws like COPPA or GDPR.

10. Cookies and Tracking

10.1 Essential Cookies

We use essential cookies for:

  • Session management and authentication
  • Security features and fraud prevention
  • Load balancing and performance

10.2 Functional Cookies

With your consent, we use functional cookies for:

  • Remembering preferences and settings
  • Language and theme selection
  • Enhanced features and personalization

10.3 Analytics

We use first-party analytics (no Google Analytics or similar third-party trackers) to understand usage patterns and improve our service.

11. California Privacy Rights

California residents have additional rights under the CCPA:

  • Right to know what personal information we collect
  • Right to delete personal information
  • Right to opt-out of sale (we do not sell personal information)
  • Right to non-discrimination for exercising privacy rights

To exercise these rights, contact privacy@ctf-hub.com or call +972 524 525454.

12. European Privacy Rights

If you are in the European Economic Area (EEA), you have rights under GDPR:

  • Legal basis for processing is contract performance and legitimate interests
  • Right to lodge a complaint with supervisory authorities
  • Right to withdraw consent where processing is based on consent
  • Right to data portability

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

  • Updating the "Last updated" date
  • Sending email notification to organization administrators
  • Displaying a prominent notice in the platform

Continued use after changes constitutes acceptance of the updated policy.

14. Contact Us

For privacy-related questions or to exercise your rights, contact us at:

CTF-HUB Privacy Team
Email: privacy@ctf-hub.com
Phone: +972 524 525454
Address: CTF-HUB, Inc.
Tzvi Tadmor 3, Holon, Israel
Attn: Privacy Officer

We aim to respond to all privacy requests within 30 days.