ExploitGrid

Privacy Policy

ExploitGrid is committed to protecting your privacy and ensuring the security of your personal information. This policy explains how we collect, use, and safeguard your data.

Last updated: 9/11/2025

Information We Collect

Personal Information

  • Account Information: Handle, email address, password (encrypted)
  • Profile Data: Optional profile information you provide
  • Payment Information: Billing details for subscriptions (processed securely via Paddle)
  • Contact Information: When you contact us for support or inquiries

Technical Information

  • Usage Data: Platform interactions, feature usage, performance metrics
  • Device Information: Browser type, operating system, device identifiers
  • Network Data: IP addresses, VPN connection logs, network performance
  • Security Logs: Authentication attempts, security events, audit trails

Activity Information

  • Learning Progress: Challenges completed, skills developed, achievements
  • Communication: Messages sent through our platform (encrypted)
  • Social Features: Leaderboard participation, public achievements

How We Use Your Information

Service Provision

  • • Provide and maintain the ExploitGrid platform
  • • Authenticate users and manage accounts
  • • Process payments and manage subscriptions
  • • Deliver personalized cybersecurity training content
  • • Enable communication features and collaboration

Platform Improvement

  • • Analyze usage patterns to improve user experience
  • • Develop new features and enhance existing ones
  • • Monitor platform performance and security
  • • Conduct research and analytics for platform optimization

Communication

  • • Send important account and security notifications
  • • Provide customer support and respond to inquiries
  • • Share platform updates and new features
  • • Send marketing communications (with consent)

Data Security and Protection

Security Measures

  • Encryption: AES-256-CBC encryption for all sensitive data at rest
  • Transport Security: TLS 1.3 for all data in transit
  • Access Controls: Role-based access with principle of least privilege
  • Authentication: Multi-factor authentication for admin accounts
  • Monitoring: 24/7 security monitoring and threat detection

Data Retention

  • • Account data is retained while your account is active
  • • Logs and security data are retained for up to 2 years
  • • Payment information is retained as required by law
  • • You can request data deletion at any time

Incident Response

In the event of a data breach, we will notify affected users within 72 hours and take immediate action to secure systems and prevent further unauthorized access.

Data Sharing and Third Parties

Third-Party Services

Payment Processing

We use Paddle for secure payment processing. Paddle handles all payment card data in compliance with PCI DSS standards.

Analytics and Monitoring

We use analytics tools to improve our platform. These tools may collect anonymized usage data.

Infrastructure Providers

Our platform is hosted on secure cloud infrastructure with appropriate data processing agreements in place.

Legal Disclosure

We may disclose personal information if required by law, court order, or government request, or to protect our rights, property, or safety, or that of others.

Your Rights and Choices

Data Rights

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data
  • Portability: Export your data in a structured format
  • Restriction: Limit how we process your data
  • Objection: Object to certain types of processing

Communication Preferences

  • • Opt out of marketing communications at any time
  • • Manage notification preferences in your account settings
  • • Unsubscribe links are provided in all marketing emails

Account Management

  • • Update your profile information at any time
  • • Download your data from your account settings
  • • Delete your account and associated data

Cookies and Tracking

Cookie Usage

Essential Cookies

Required for authentication, security, and basic platform functionality. These cannot be disabled.

Performance Cookies

Help us understand how users interact with our platform to improve performance.

Preference Cookies

Remember your settings and preferences for a better user experience.

Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect platform functionality.

International Data Transfers

ExploitGrid operates globally, and your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for all international data transfers, including:

  • • Standard contractual clauses approved by relevant authorities
  • • Adequacy decisions by data protection authorities
  • • Appropriate technical and organizational measures
  • • Regular compliance reviews and audits

Children's Privacy

ExploitGrid is designed for users 13 years of age and older. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify users of any material changes through:

  • • Email notification to registered users
  • • Prominent notice on our platform
  • • Updated "Last Modified" date on this policy

Your continued use of ExploitGrid after any changes indicates your acceptance of the updated Privacy Policy.

Privacy Questions?

If you have questions about this Privacy Policy or our data practices, please contact us:

[email protected]Contact Form