We are cybersecurity professionals, and we understand that any data we store is a liability. For this reason, we collect only the minimum amount of information necessary to provide you with a great experience, and we remove it as soon as we no longer need it.
We also provide the least access necessary for anyone to perform their job. That means we restrict what most of our own staff can see.
This means we have forgotten everything but email addresses six (6) months after an event, and we have forgotten everything one (1) year after an event.
What we collect
Our registration system typically collects:
- Your name
- Your email address
- Name you’d like on your badge and on the chat server
- What type of work you do
- Your employer’s business sector and name
- A record of whether you came to the registration desk to get a badge (at some events)
- A record of whether you were present when we take attendance (at some events)
- Your ticket ID
Our chat server collects:
- Any messages you send to any user or chat channel
Our puzzle server collects:
- Your team identifier
- Your team name
- Time when you submitted a right or wrong answer
- Time when you opened a puzzle
Some events have barcodes on badges. This barcode is a long number, which identifies your entry in the registration system.
In order to look up a participant using the number in your barcode, someone must have access to the registration system. We provide this access only to key staff, and never to Cyber Fire vendors.
If you are not comfortable with the barcode, we will provide you with a sticker to cover it up. If your barcode cannot be scanned, staff will need to ask your name in order to record your attendance.
What we do with this information
Your ticket ID
Your ticket ID is a random string, generated when you register for the event. We use this as a participant identifier throughout the event:
- In the participant portal, to display personalized event information
- On the chat server, along with your email address, to log you in
- On the puzzle server, during class days, to log you in, and track your progress
We display your name on your participant portal page, so you know you’re logged in correctly. We also use this name to send you emails.
We ask for a “name as you’d like it to appear on your badge” to print badges and to create your chat server account. This is the only name staff and other participants will see.
We use your email address to send you emails before, during, and after the event.
We may also add you to an email list to let you know about future events.
We use aggregate data about employer sector to make charts that help us understand how well we are marketing our event, and who is interested.
Puzzle Server Information
We use data collected on the puzzle server to determine ranking during the event, and to display the scoreboard.
We also archive this data for later analysis.
What we don’t do with this information
Cyber Fire data is never sold or traded to any third party.
Our Commercial Vendors
Some Cyber Fire events include vendors. These companies help us provide a better participant experience, helping us with coffee and/or snacks, and sometimes contributing puzzles.
We do not provide individual participant information to vendors. We may provide a participant count, and information about how much coffee and/or snacks were consumed.
Vendors do not have access to the registration system, and cannot look up information about participants, even if they are able to scan a barcode on your badge.
How long we keep information
Information we keep forever:
- Puzzle server data
- Your Team ID: a random string shared with everyone on your team
- A record of most interactions your team has with the server
- Aggregate data on employer sector
- Aggregate data on attendance
Information we keep for up to one (1) year:
- Your email address
Information we keep for up to six (6) months:
- All other information