Privacy Policy

1. Information We Collect

BadgerCTF is typically deployed on customer-controlled infrastructure (on-premises or private cloud). For the marketing site and managed deployments, we may collect:

• Account data — name, email, school/organization, role (provided when you contact us or request a demo).
• Lab telemetry — for managed deployments only: terminal events, lab session timestamps, and progress data tied to a student's authenticated identity.
• Operational logs — HTTP access logs, error traces. No request bodies or terminal contents are persisted in the marketing site.

2. How We Use Information

• Respond to inquiries and schedule demos.
• Operate, monitor, and improve managed BadgerCTF deployments.
• Provide instructors with student progress reports and telemetry exports.

We do not sell personal data, and we do not use student telemetry to train third-party AI models.

3. Data Storage

For self-hosted deployments, all data stays inside your network perimeter — we never receive a copy. For managed deployments, application data is stored in PostgreSQL within infrastructure under our or your control, encrypted in transit (TLS 1.2+).

4. Authentication

BadgerCTF authenticates against your LDAP / Active Directory. We do not persist user passwords; only LDAP uid values are stored to bind students to their lab instances.

5. Cookies

The marketing site uses no tracking cookies. The application uses session cookies for authentication only.

6. Your Rights

For managed deployments, you (or your school's data controller) can request export or deletion of any personally identifiable data by emailing privacy@badgerctf.com.

7. Contact

Questions about this policy: privacy@badgerctf.com