Last updated: January 1, 2025

Information We Collect

We collect information through OAuth authentication and platform usage:

• OAuth Data: Username, email address, and profile picture from GitHub or Discord
• User Preferences: Country selection for competition purposes
• Platform Activity: Challenge submissions, scores, and progress tracking
• Team Data: Team membership, collaboration, and communication within teams
• Security Information: Login timestamps, IP addresses, and session data for security
• Technical Data: Browser information and device fingerprints for fraud prevention

OAuth Authentication

We use OAuth 2.0 authentication exclusively through GitHub and Discord. We do not store passwords or authentication credentials - these are managed by your chosen OAuth provider.

How We Use Your Information

We use the information we collect to:

• Provide and maintain our CTF platform services
• Process your challenge submissions and track scores
• Enable team collaboration and competition features
• Prevent fraud and ensure platform security
• Communicate with you about platform updates and events

Information Sharing

We do not sell, trade, or otherwise transfer your personal information to third parties except:

• Public leaderboards showing usernames, countries, and scores
• When required by law or to protect our rights
• With your explicit consent for specific purposes

Data Security

We implement comprehensive security measures to protect your information:

• OAuth Security: Authentication is handled by trusted providers (GitHub/Discord) using industry-standard OAuth 2.0
• No Password Storage: We never store or have access to your passwords
• Encrypted Connections: All data transmission uses HTTPS encryption
• Session Management: Secure session handling with automatic timeout
• Access Controls: Role-based access control and admin privilege management
• Security Monitoring: Continuous monitoring for suspicious activities and security events

Data Retention and Account Management

Our data retention practices:

• Active Accounts: Data retained while your account remains active
• Account Deletion: Users can delete accounts through platform settings
• Immediate Deletion: Account deletion is immediate and permanent
• Data Removal: Personal data removed upon account deletion
• Anonymized Statistics: Competition scores may be retained in anonymized form for platform statistics
• OAuth Provider Dependency: Account access tied to OAuth provider account status

Cookies and Tracking

We use essential cookies for authentication and platform functionality. We do not use third-party tracking or advertising cookies.

Your Rights

You have the right to:

• Access and update your personal information
• Request deletion of your account and data
• Opt out of non-essential communications
• Request a copy of your data

Contact Us

If you have questions about this Privacy Policy, please contact us through our Discord server or social media channels.