Privacy Policy
This policy describes how LearnIT (“we”, “us”) collects, uses, and shares personal data when you use our website and CTF platform at learn-it.org.
1) Quick summary
- We collect account info, usage data, and content you submit (e.g., flags, challenge solves).
- We use data to run LearnIT, improve features, secure the platform, and communicate with you.
- We share data with trusted service providers only as needed to operate LearnIT or as required by law.
- You can access, correct, delete, or export your data, and object to certain processing.
2) Data controller
LearnIT (learn-it.org) is the controller for your personal data. Contact: contact@learn-it.org.
3) Scope
This policy applies to your use of the LearnIT website, accounts, challenges, events, and communications. It does not cover third-party sites that link to/from LearnIT.
4) Data we collect
Account & profile
- Username, email, password (hashed), display settings (theme, language).
- Team affiliation, profile bio, avatar (if you upload one).
Platform activity
- Challenge solves, submissions, write-ups, first bloods, scoreboard position.
- IP and timestamp logs for security and abuse prevention.
Usage & device
- Pages viewed, referrers, approximate location from IP (no precise GPS), device & browser info.
- Diagnostic events (crashes, performance).
Communications
- Support messages, email preferences, notifications you subscribe to.
5) How we use data & legal bases
- Provide the service — create/manage accounts, run challenges, track scoring. Legal basis: contract.
- Security & integrity — detect fraud/abuse, ensure fair play, protect infrastructure. Legal basis: legitimate interests and legal obligations.
- Improve LearnIT — analytics, debugging, A/B testing. Legal basis: legitimate interests or consent (for non-essential cookies).
- Communicate — transactional emails (e.g., account notices) and optional updates. Legal basis: contract/legitimate interests; consent where required.
- Compliance — fulfill legal requests and enforce our Terms. Legal basis: legal obligation.
6) When we share data
- Service providers that host, store, analyze, or send communications on our behalf, bound by confidentiality and data processing terms.
- Challenge partners only when necessary for event participation and scoring.
- Legal/Protection when required by law or to protect rights, users, or the platform.
- Business transfers if we undergo a merger, acquisition, or asset sale.
We do not sell personal information.
7) Data retention
We keep personal data only as long as necessary: account data for the life of the account; security logs typically up to 12 months; analytics data per vendor default (often 13 months); backups for a limited rolling window. We’ll delete or anonymize data when it’s no longer needed.
8) Security
We use industry-standard measures (encryption in transit, hashing, least-privilege access, monitoring). No method of transmission or storage is 100% secure.
9) Your privacy rights
- Access your data and get a copy.
- Rectify inaccurate or incomplete data.
- Erase your data (“right to be forgotten”).
- Restrict or object to certain processing.
- Portability — receive data in a machine-readable format.
- Withdraw consent where processing is based on consent.
- Complain to your local supervisory authority if you believe your rights were infringed.
To exercise rights, email contact@learn-it.org. We may verify your identity before acting on your request.
10) International transfers
If we transfer data outside your jurisdiction, we’ll use appropriate safeguards (e.g., standard contractual clauses) where required by law.
11) Children
LearnIT is not directed to children under the age where parental consent is required in your country (e.g., 13–16). Do not use LearnIT if you are below that age.
12) Changes to this policy
We may update this policy. If changes are material, we’ll provide additional notice (e.g., banner or email).
13) Contact us
Email contact@learn-it.org for privacy questions or requests.