Privacy Policy
Last updated: 21 March 2026
Terminal43 ("we", "us", "our") is committed to protecting your personal data. This policy explains what data we collect, why, and how we handle it in accordance with the EU General Data Protection Regulation (GDPR).
1. Data Controller
The data controller is Terminal43, based in Bucharest, Romania. For any data-related inquiries, contact us at:
- Email: contact@terminal43.ro
- Address: Bucharest, Romania
2. Data We Collect
We collect only the data necessary to provide our services:
| Data Category | Examples | Source |
|---|---|---|
| Account data | Username, email, hashed password | Registration form |
| Newsletter data | Email address, subscription date, IP address | Newsletter form |
| Contact data | Name, email, message content, IP address | Contact form |
| Usage data | Challenge progress, scores, course enrollment | Platform activity |
| Technical data | Session cookies, CSRF tokens, theme preference | Automatic (browser) |
We do not collect sensitive personal data (health, biometric, political opinions, etc.).
3. Legal Basis for Processing
Under GDPR Article 6, we process your data based on:
- Contract performance (Art. 6(1)(b)) -- to provide our educational platforms and services you signed up for.
- Consent (Art. 6(1)(a)) -- for newsletter subscriptions. You can withdraw consent at any time.
- Legitimate interest (Art. 6(1)(f)) -- for platform security, fraud prevention, and service improvement.
- Legal obligation (Art. 6(1)(c)) -- where required by applicable law.
4. How We Use Your Data
- Providing and maintaining our educational platforms (CTF, System, Code)
- Managing your account and tracking learning progress
- Sending newsletter updates (only with your explicit consent)
- Responding to contact inquiries
- Ensuring platform security and preventing abuse
- Generating anonymized, aggregated statistics
5. Data Storage and Transfers
Your personal data is stored on servers operated by Hetzner Online GmbH, located in Germany and Finland. Both countries are within the European Economic Area (EEA), so no cross-border transfer outside the EEA occurs.
We do not share, sell, or transfer your personal data to any third parties outside the EEA.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until you delete your account, or 2 years after last login |
| Newsletter subscriptions | Until you unsubscribe |
| Contact form messages | 12 months after resolution |
| Session/technical data | Duration of session (max 12 hours) |
| Usage/progress data | Retained with your account; deleted when account is deleted |
7. Your Rights Under GDPR
As an EU/EEA resident, you have the following rights:
- Right of access (Art. 15) -- request a copy of your personal data.
- Right to rectification (Art. 16) -- correct inaccurate data.
- Right to erasure (Art. 17) -- request deletion of your data ("right to be forgotten").
- Right to restrict processing (Art. 18) -- limit how we use your data.
- Right to data portability (Art. 20) -- receive your data in a structured, machine-readable format.
- Right to object (Art. 21) -- object to processing based on legitimate interest.
- Right to withdraw consent (Art. 7(3)) -- withdraw consent at any time (e.g., unsubscribe from newsletter).
To exercise any of these rights, email contact@terminal43.ro. We will respond within 30 days.
8. Cookies
We use only essential and preference cookies. We do not use third-party tracking or advertising cookies. For full details, see our Cookie Policy.
9. Children's Privacy
Our platforms are intended for users aged 16 and older. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child under 16, please contact us immediately at contact@terminal43.ro.
10. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- Passwords stored using bcrypt hashing (never in plaintext)
- HTTPS encryption for all data in transit
- CSRF protection on all forms
- Rate limiting to prevent abuse
- Isolated database networks with restricted access
- Regular security audits of our platforms
11. Third-Party Services
We use the following third-party services:
| Service | Purpose | Data Shared | Location |
|---|---|---|---|
| Hetzner | Server hosting | All data (stored on their servers) | Germany, Finland (EEA) |
| Google Fonts | Typography | IP address (via font loading) | Global (Google LLC) |
We do not use analytics, advertising, or social media tracking services.
12. Changes to This Policy
We may update this policy from time to time. Changes will be posted on this page with an updated date. For significant changes, we will notify registered users by email.
13. Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Romanian data protection authority:
ANSPDCP (Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal)
B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest, Romania
Website: www.dataprotection.ro
Email: anspdcp@dataprotection.ro
14. Contact
For any privacy-related questions or requests:
- Email: contact@terminal43.ro
- General contact: Contact form