Privacy Policy

This Privacy Policy explains how NexaCTF collects, uses, stores, and protects your data while you use this platform.

1. Information We Collect

We collect the following data to operate the CTF platform:

• Account data: username, email address, password hash, role, and account creation time.
• Challenge activity: submitted flags, correctness status, timestamps, solves, hint unlocks, and team participation.
• Platform activity logs: audit logs and security logs (including IP-related request metadata) for abuse prevention and incident response.
• Notification data: in-platform notifications sent to your account and read/unread status.

2. How We Use Your Data

• To authenticate users and secure accounts.
• To run scoring, rankings, first-blood tracking, and event-based challenge progress.
• To moderate abuse, investigate suspicious activity, and protect platform integrity.
• To send service updates and competition announcements through in-platform notifications.

3. Data Sharing

We do not sell your personal data. Your profile and ranking data may be visible on leaderboards as part of the competition experience.

4. Data Retention

We keep data for as long as needed to operate events, enforce security, resolve disputes, and maintain historical competition records. Administrators may remove or archive data when appropriate.

5. Security

We use access controls, password hashing, CSRF protections, and security event logging to protect user accounts and platform data. No system is completely risk-free, so please use a unique password and protect your account credentials.

6. Your Rights and Choices

• You may request account updates through the platform administrators.
• You may request account deletion, subject to legal and competition integrity requirements.
• You can review your own profile, team state, and visible event activity directly in the platform.

7. Contact

For privacy questions or requests, contact the platform administrators.