Privacy Policy


This policy outlines the type and nature of information collected when you visit the “SecDojo” platforms. It also details how this information is used and disclosed.
In the context of data protection laws, SecDojo is the entity responsible for managing your personal data. You can reach SecDojo at

It's important to understand that using our web pages and services implies your acceptance of this Privacy Policy. Please thoroughly review the contents of this page before using our Website's services. If you disagree with any part of this policy, you should not use this website or its services and content.

1) Definitions
“we,” “us,” “our,” “SecDojo” refer to SecDojo.
“Website” encompasses all websites within the domain
“User” denotes any individual utilizing our services. To access the services offered on the Website, registration of an account is mandatory.
“Controller” is defined as in Data Protection Legislation, referring to an entity that determines the purposes and means of processing personal data.
“Data Protection Legislation” includes, as relevant: (a) the General Data Protection Regulation 2016/679 (“GDPR”); (b) any applicable national laws, regulations, and guidelines issued by competent data protection authorities; and (c) any successor or equivalent national data protection laws.
“Data Subject” refers to an individual whose personal data is processed, as defined in Data Protection Legislation.
“Personal Data” is any information that can identify a user, either directly or indirectly. This may include, but is not limited to, a person's name, date of birth, email address, occupation, or other demographic details.
“Processor” is a term from Data Protection Legislation, referring to a party that processes personal data on behalf of a controller.
“Process” or “Processing” refers to any operation or set of operations performed on personal data, as defined in the Data Protection Legislation.
“Special Category Data” includes personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. It also covers the processing of genetic data, biometric data for uniquely identifying a person, health-related data, and data concerning a person’s sex life or sexual orientation.

2) Changes
SecDojo may update this Privacy Policy periodically. The latest version is indicated by the date at the bottom of the policy. Any changes become effective immediately upon notification, which may be provided through various means such as posting an updated policy on the Website or other forms of announcement.
It is recommended that users frequently review the Privacy Policy to stay informed about any modifications. Continued use of the Website implies ongoing agreement to the current Privacy Policy.
The versions of this Privacy Policy that are electronically stored or properly archived will be regarded as the accurate, complete, valid, authentic, and enforceable versions, corresponding to each visit to the Website.

3) Privacy Policy Contact - Questions & Concerns
For inquiries, updates, deletions, or changes to your Personal Data, or any privacy concerns, you can reach out to SecDojo via email at:
Access to your Personal Data is confidential and personal. To proceed with your request, you may need to provide proof of identity, such as a written statement confirming that you are the rightful owner of the Personal Data in question.

4) Age Limit
SecDojo does not knowingly collect or solicit Personal Data from anyone under the age of 16. If you are under 16, please do not attempt to register for the Services or send any Personal Data about yourself to us. If we learn that we have collected Personal Data from a child under age 16, we will delete that information as quickly as possible.
If you believe that a child under 16 may have provided us Personal Data, please contact us at

5) Third-Party Websites
The Website may contain links to third-party websites. These websites have their own privacy policies, which you should review before using them. We do not accept any responsibility or liability for their policies or actions.

6) Data We Collect
When signing up for and using the Services, interacting with our customer service, emailing, posting on our discord server, or communicating with us in any way, you voluntarily provide information that we collect. This may include your account name, email address, IP address, as well as your location and other demographic data. By providing this information, you consent to its collection, use, and storage as outlined in this Privacy Policy.
SecDojo does not store any payment information. All payments are processed by third-party payment processors. These processors have their own privacy policies, which you should review before using them. We do not accept any responsibility or liability for their policies or actions.
We may also collect information about your device, including your hardware model, operating system, browser type, unique device identifiers, and mobile network information. We may also collect information about the way you use our Services, such as the frequency and duration of your use.
We do not collect any Special Category Data.

7) Processing Data
Your personal data will be processed in compliance with the law. This typically includes processing necessary to fulfill a contract, for our legitimate interests or those of a third party, or to adhere to legal or regulatory obligations.
We may process your Personal Data To send emails and other communications regarding service, technical, and administrative aspects. This includes communications about your account, customer support, responding to your inquiries, and informing you about changes in our Services, new features, promotional content, and important notices like security updates.
To enforce compliance with our Terms of Service, legal processes, or regulations. This includes developing tools and algorithms to prevent violations and ensure adherence to laws and regulations.
To protect the rights and safety of our Users, third parties, and ourselves. We engage in activities to investigate and prevent security issues and abuse.
To provide information to representatives and advisors, such as attorneys and accountants, to help us comply with legal, accounting, or security requirements.
To meet legal requirements, including responding to court orders, subpoenas, and other legal processes. This also involves prosecuting and defending in legal proceedings and complying with national security or law enforcement requirements.
To perform a contract, authenticate users, and provide the Services.

8) Safe Guarding Data
SecDojo takes the security of your Personal Data very seriously. We use commercially reasonable physical, technical, and administrative safeguards to secure your Personal Data from unauthorized access, use, and disclosure. We also require that our third-party service providers and partners implement and maintain reasonable security measures.
All web traffic (file transfer) between this site and your browser is encrypted and transferred via the HTTPS protocol using Secure Sockets Layer (SSL).

9) Notice of Data Breach
In the event of a data breach, we will notify you and the appropriate authorities within 72 hours of becoming aware of the breach.

10) Your Rights
You have the right to request access to your personal data, allowing you to obtain a copy of the personal data we hold about you and verify our lawful processing of it.
You have the right to request correction of your personal data that we hold. This enables you to correct any incomplete or inaccurate data, subject to our verification of the new data you provide.
You have the right to request the erasure of your personal data. This is applicable when there is no valid reason for continued processing, if you have objected to processing, if your data was unlawfully processed, or if erasure is required by law.
You have the right to object to the processing of your personal data, particularly if we rely on a legitimate interest that impacts your fundamental rights and freedoms. This also applies to objections to processing for direct marketing. We may override this right if we have compelling legitimate grounds for processing.
You have the right to request restriction of processing of your personal data. This applies in situations such as disputing data accuracy, unlawful data use, the need to retain data for legal claims, or pending an objection verification regarding our use of your data.
You have the right to request the transfer of your personal data either to yourself or a third party. We will provide your data in a structured, commonly used, machine-readable format.
You have the right to withdraw consent at any time for data processing based on consent. Withdrawal does not affect the lawfulness of prior processing and may impact our ability to provide certain services.
You may exercise these rights by contacting We aim to respond within a month and will not charge for these requests. We may ask for additional information to confirm your identity.