Cyfotok Labs logo
Cyfotok Labs
DashboardPathsLabsLeaderboardPricingFor Colleges
LoginSignup
arrow_backBack to home

Cyfotok Labs

Privacy Policy

Last updated: April 11, 2026

1. Introduction

This Privacy Policy explains how Cyfotok Labs (“we,” “us,” or “our”) collects, uses, stores, and protects your personal information when you use our cybersecurity training platform (“Service”). We are committed to protecting your privacy and handling your data with transparency.

2. Information We Collect

2.1 Information You Provide

  • Account information: name, email address, and profile details when you register.
  • Payment information: billing details processed through Razorpay. We do not store your credit/debit card numbers on our servers.
  • Educational institution data: college name and student identifiers if you register through a college account.
  • Feedback and ratings: lab ratings, difficulty assessments, and written feedback you submit.
  • Support communications: messages you send to our support team.

2.2 Information Collected Automatically

  • Usage data: pages visited, labs started, steps completed, flags submitted, time spent, and feature interactions.
  • Device information: browser type, operating system, screen resolution, and device identifiers.
  • Log data: IP address, access times, referring URLs, and server logs.
  • Lab environment activity: commands executed, tools used, and interactions within lab environments for security monitoring and educational analytics.
  • Cookies: session cookies for authentication and preferences. See Section 8 for details.

3. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve the Service.
  • Track your learning progress, issue certifications, and award badges.
  • Process payments and manage subscriptions.
  • Generate leaderboards, analytics dashboards, and progress reports.
  • Monitor lab environments for security threats and policy violations.
  • Send transactional emails (account verification, password resets, subscription confirmations).
  • Send educational updates and new lab announcements (you can opt out at any time).
  • Send marketing updates, including promotional offers, feature launches, and newsletters, to the email address you provided (you can unsubscribe at any time using the link in any marketing email).
  • Provide instructor and admin dashboards for college accounts.
  • Improve content quality based on aggregate usage patterns and feedback.
  • Detect and prevent fraud, abuse, and security incidents.

4. Data Sharing and Disclosure

We do NOT sell your personal information. We may share data with:

  • Payment processors: Razorpay, for processing subscription payments. They operate under their own privacy policies.
  • Authentication providers: Supabase Auth, for managing user accounts and sessions.
  • College administrators: if you are part of a college account, your progress data and completion status may be visible to your institution's administrators.
  • Legal authorities: when required by law, court order, or government request, or to protect our rights, property, or safety.
  • Business transfers: in the event of a merger, acquisition, or sale of assets, user data may be transferred to the new entity.

5. Data Storage and Security

  • Your data is stored on secure cloud infrastructure provided by Supabase (PostgreSQL) with row-level security policies.
  • All data in transit is encrypted using TLS/SSL. Sensitive data at rest is encrypted.
  • Payment card data is handled entirely by Razorpay and never touches our servers.
  • We implement access controls, audit logging, and regular security reviews to protect your data.
  • While we take reasonable measures to protect your data, no method of electronic storage or transmission is 100% secure.

6. Data Retention

  • Account data is retained as long as your account is active.
  • If you delete your account, your personal data will be removed within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention).
  • Anonymized and aggregated data (e.g., lab completion statistics) may be retained indefinitely for analytics and platform improvement.
  • Lab activity logs are retained for up to 12 months for security monitoring purposes.

7. Your Rights

You have the right to:

  • Access: request a copy of the personal data we hold about you.
  • Correction: update or correct inaccurate personal data.
  • Deletion: request deletion of your account and associated personal data.
  • Portability: request your data in a machine-readable format.
  • Opt-out: unsubscribe from marketing communications at any time.
  • Restrict processing: request that we limit the processing of your data in certain circumstances.

To exercise any of these rights, contact us at privacy@cyfotok.com.

8. Cookies

  • Essential cookies: required for authentication, session management, and security. These cannot be disabled.
  • Preference cookies: store your settings and preferences (e.g., theme, language).
  • Analytics cookies: help us understand how users interact with the platform. These are anonymized and can be disabled.

You can manage cookie preferences through your browser settings or our cookie consent banner.

9. Children's Privacy

The Service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected data from a child under 16, we will delete it promptly. If you believe a child under 16 has provided us with personal data, please contact us at privacy@cyfotok.com.

10. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

11. International Data Transfers

Your data may be processed and stored in servers located outside your country of residence. By using the Service, you consent to the transfer of your data to these locations. We ensure appropriate safeguards are in place to protect your data regardless of where it is processed.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy on this page and updating the “Last updated” date. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Cyfotok Labs

Email: privacy@cyfotok.com