Skip to main content
Legal

Privacy Policy

Your privacy matters to us. This policy explains how CyberTask collects, uses, stores, and protects your personal data when you use our platform.

Last updated: May 2, 2026

1. Introduction

CyberTask ("we," "our," or "the Platform") is a cloud-based cyber range and cybersecurity training platform. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you access or use our services.

By creating an account or using the Platform, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Platform.

2. Information We Collect

We collect the following categories of information:

2.1 Account Information

  • Full name, email address, and profile information you provide during registration
  • Job title, organization, and branch affiliation (if applicable)
  • Profile photo (if uploaded)
  • Social links and bio (if provided in your profile settings)
  • Password (stored securely using one-way hashing — we never store or have access to your plaintext password)

2.2 Authentication & Security Data

  • Login timestamps, IP addresses, and session identifiers
  • Browser type, operating system, and device information
  • Failed login attempts and account lockout events
  • Two-factor authentication (2FA) enrollment status (we do not store your authenticator app codes)

2.3 Lab & Training Activity

  • Lab enrollment, progress, scores, and completion status
  • Task submissions, answers, and attempt history
  • Hints revealed and penalties incurred
  • Certificates earned and leaderboard rankings
  • Lab ratings and feedback you provide
  • Team membership and collaborative activity

2.4 Virtual Environment Data

  • Virtual machine provisioning, start/stop events, and resource usage
  • Network configurations created within your lab environments
  • Activity logs within lab environments for security monitoring purposes

2.5 Communication Data

  • Lab chat messages exchanged during collaborative lab sessions
  • Support tickets and issue reports submitted through the Platform
  • Email notifications sent by the Platform

2.6 Files & Uploads

  • Profile photos, lab avatars, and attachments uploaded to support tickets
  • Files uploaded to lab environments or the Platform's file management system

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Platform Operation: Authenticate your identity, manage your account, and provide access to labs and training environments
  • Educational Tracking: Record your progress, calculate scores, generate certificates, and display leaderboard rankings
  • Security: Detect and prevent unauthorized access, monitor for suspicious activity, enforce rate limits, and maintain the integrity of lab environments
  • Communication: Send essential notifications including email verification, password resets, lab invitations, and support responses
  • Resource Management: Monitor and enforce resource quotas (virtual machines, CPU, RAM, storage) to ensure fair access for all users
  • Platform Improvement: Analyze usage patterns to improve features, fix bugs, and enhance the user experience
  • Organizational Reporting: Provide administrators and branch managers with aggregated performance data for users within their organization

We do not use your data for advertising, behavioral profiling, or selling to third-party marketing services.

4. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your data only in the following circumstances:

  • Organizational Administrators: If you are part of an institutional account, your organization's administrators and branch managers may view your profile, lab progress, scores, and activity within the Platform
  • Lab Instructors: Instructors of labs you are enrolled in can view your submissions, scores, and performance data for that specific lab
  • Public Profile: Information you choose to make public (name, bio, achievements, leaderboard rank) may be visible to other users, subject to your privacy settings
  • Infrastructure Providers: We use enterprise-grade cloud hosting providers for infrastructure and storage. Your data is processed in compliance with industry security and privacy standards
  • Legal Requirements: We may disclose your information if required by law, court order, or governmental request, or to protect the rights, safety, or property of CyberTask, our users, or the public

5. Data Storage & Security

We take the security of your data seriously and implement industry-standard measures to protect it:

  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS/HTTPS
  • Encryption at Rest: Database connections use SSL encryption. Files are stored on secure cloud storage with encryption at rest
  • Password Security: Passwords are hashed using industry-standard one-way hashing algorithms. We never store plaintext passwords
  • Two-Factor Authentication: 2FA is available for all users and mandatory for elevated roles (instructors, administrators). 2FA secrets are encrypted in the database
  • Session Management: Sessions are stored in encrypted database records with configurable timeouts. HTTP-only and secure cookies prevent client-side tampering
  • Access Controls: Role-based access control (RBAC) ensures users can only access data and features appropriate to their role
  • Infrastructure: The Platform is hosted on enterprise-grade cloud infrastructure with managed SSL termination, automated backups, and certified physical security

While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

6. Cookies & Session Data

We use cookies and similar technologies for the following purposes:

  • Essential Cookies: Required for authentication, session management, and CSRF protection. The Platform cannot function without these
  • Preference Cookies: Store your UI preferences such as sidebar state and theme settings
  • Security Cookies: Used for rate limiting, bot detection (reCAPTCHA), and preventing abuse

We do not use third-party advertising cookies, tracking pixels, or analytics cookies that share data with advertising networks.

7. Data Retention

We retain your data for the following periods:

  • Account Data: Retained for as long as your account is active. If your account is archived or deleted, personal data is removed or anonymized within 90 days, unless retention is required by law or institutional agreement
  • Lab Activity & Scores: Retained for the duration of your account to support certificates, leaderboards, and organizational reporting
  • Login History: Authentication logs are retained for up to 12 months for security auditing purposes
  • Chat Messages: Lab chat messages are automatically deleted after 5 days
  • Virtual Machine Data: Data within virtual machines is temporary and may be deleted when resources are reclaimed, labs are reset, or environments expire
  • Support Tickets: Issue reports and communications are retained for up to 24 months for quality assurance and dispute resolution

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Update or correct inaccurate personal data through your profile settings
  • Deletion: Request deletion of your account and associated personal data, subject to legal retention requirements and active institutional agreements
  • Data Portability: Request an export of your data in a structured, machine-readable format
  • Objection: Object to specific data processing activities where applicable
  • Privacy Controls: Manage the visibility of your profile information (about, email, location, social links, stats, activity, badges, certificates) through your privacy settings

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days.

9. Children's Privacy

The Platform is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected data from a child under 18 without parental consent, we will take steps to delete that information. If you believe a child has provided us with personal data, please contact us immediately.

10. International Data Transfers

Your data may be processed and stored on servers located outside your country of residence. By using the Platform, you consent to the transfer of your data to our infrastructure providers' data centers, which may be in different jurisdictions. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy, regardless of where it is processed.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page and may notify you via email or through the Platform. We encourage you to review this policy periodically. Your continued use of the Platform after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: