Privacy Policy

How we collect, use, and protect your information on the Parrot CTFs Events platform.

Effective date: March 7, 2026

1. Introduction

Parrot CTFs Events, operated by Lorikeet Security ("we," "us," or "our"), respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use the Parrot CTFs Events platform at lorikeetsecurity.com/parrot-ctfs.

By using the Platform, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Information You Provide

We collect information that you voluntarily provide, including:

  • Username, email address, and profile information when you register an account
  • Organization name and contact details for organization accounts
  • Payment information when you purchase a subscription (processed securely by Stripe)
  • Challenge submissions, writeups, comments, and other content you create
  • Communications you send to us via email or support channels

Information Collected Automatically

When you use the Platform, we may automatically collect:

  • IP address and approximate geographic location
  • Browser type and version, operating system
  • Pages visited, features used, and time spent on the Platform
  • Lab usage data including machine interactions, VPN connection logs, and challenge completion data
  • Device identifiers and session information

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide and maintain your account and access to Platform features
  • To process subscriptions and payments
  • To track your progress, scores, and certifications
  • To display leaderboards and public profiles
  • To send account-related notifications (login links, account alerts, subscription updates)
  • To improve the Platform, develop new content, and fix bugs
  • To detect and prevent cheating, abuse, and unauthorized access
  • To comply with legal obligations

4. Cookies and Tracking Technologies

Essential Cookies

We use essential cookies for authentication, session management, and core Platform functionality. These are required for the Platform to operate and cannot be disabled.

Analytics

We may use analytics tools to understand how users interact with the Platform, helping us improve content and features. Analytics data is collected in aggregate and anonymized where possible.

Managing Cookies

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using the Platform.

5. How We Share Your Information

We do not sell, trade, or rent your personal information. We may share your data only in these limited circumstances:

  • Public profile data - Your username, score, rank, badges, and completion stats are displayed publicly on leaderboards and your profile page
  • Organization administrators - If you are part of an organization account, your administrator may view your progress and activity within the Platform
  • Service providers - Third-party vendors that help us operate the Platform (e.g., Stripe for payments, Mailgun for email, AWS for infrastructure). These providers are contractually obligated to protect your data.
  • Legal requirements - When required by law, regulation, or enforceable governmental request
  • Business transfers - In connection with a merger, acquisition, or sale of assets

6. Data Security

As a cybersecurity company, we take data protection seriously. We implement industry-standard security measures including:

  • Encryption of data in transit (TLS/HTTPS)
  • Secure password-less authentication via magic links and OAuth
  • Isolated lab environments that are separate from production systems
  • Access controls and regular security assessments

No method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. If you delete your account, we will remove your personal data within 90 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention).

VPN connection logs and lab activity data are retained for a maximum of 30 days for security monitoring purposes.

8. Your Rights

Depending on your location, you may have the following rights:

  • Access - Request a copy of the personal data we hold about you
  • Correction - Request correction of inaccurate or incomplete data
  • Deletion - Request deletion of your personal data and account
  • Objection - Object to our processing of your personal data
  • Portability - Request your data in a structured, machine-readable format
  • Withdraw consent - Withdraw consent for data processing where consent was the legal basis

To exercise any of these rights, please contact us at [email protected]. You can also delete your account directly from your account settings.

9. Third-Party Links

The Platform may contain links to third-party websites or services. We have no control over and assume no responsibility for the content or privacy practices of third-party sites. We encourage you to review the privacy policy of every site you visit.

10. Children's Privacy

The Platform is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. We encourage you to review this page periodically.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: