Terms and Conditions
Cyber Innovation Center (CIC) & CYBER.ORG Terms and Conditions of Use
The following are the Cyber Innovation Center (CIC) & CYBER.ORG Terms and Conditions of Use (terms) that govern the use of the Cyber Innovation Center (CIC) & CYBER.ORG website, as well as Canvas, CYBER.ORG's Content Management System (Learning Management System (LMS)), (hereinafter collectively referred to as "the sites") and all content contained within. By using the CYBER.ORG website and registering for and further using the LMS to gain access to CIC/CYBER.ORG content, you expressly agree to be bound by these terms and follow all conditions of use governing the sites. If you violate these terms, the CIC may terminate your use of the sites, bar you from future use, or take an appropriate legal course of action. By enrolling in the curricula offered by CYBER.ORG through Canvas, users agree to receive email communications from CYBER.ORG.
CYBER.ORG website: Permitted Users are granted access to use content housed on the CYBER.ORG website in any capacity for the education of K-12 students. The Permitted User agrees and confirms that he/she is a United States (U.S. citizen), and a K-12 educator, K-12 administrator, or K-12 school district official, and may be granted access to and use of CYBER.ORG’s content and curricula through CYBER.ORG’s learning management system.
CYBER.ORG Learning Management System: Permitted use of all curricula and content is reserved for K-12 educators, K-12 administrators, and K-12 school district officials. Exception to the reserved rights may be made through a written request to the Cyber Innovation Center. By creating an account, you (Permitted User) agree that you are only authorized to view, use, retain a copy of materials, and make reproductions for classroom purposes subject to the "Prohibited Use" detailed below.
Permitted users acknowledge that Cyber Innovation Center retains all intellectual property rights, including, but not limited to, all information received from CIC, copyrights, patent, and trademark rights in the materials, curricula, and content received from CIC/CYBER.ORG. Reproduction, copying, or redistribution for commercial purposes or any purposes other than the intended “permitted use” stated herein of any information, Propriety Information, materials or design elements of the content on these sites is strictly prohibited without the express written permission of the Cyber Innovation Center. Permitted Users shall hold the CIC’s Proprietary Information in strict confidence and shall not disclose it to any third party other than to the intended K-12 students. Permitted Users shall not use the CIC’s Proprietary Information for any purpose other than to perform its obligations herein.
Additional prohibited uses of CIC/CYBER.ORG’s materials, curricula, and content include, but are not limited to, networking, piracy and counterfeiting, unauthorized digital display, and web use/web posting, all or any of which could be considered direct, contributory, or vicarious copyright infringement. In addition, registered site users shall not share, distribute, or otherwise give away login credentials to other persons. Login credentials are issued based on unique user requests. To access the sites, users must follow all registration procedures.
Permitted Users acknowledge and agree that all curricula, content, and Proprietary Information, available on the CIC, CYBER.ORG, and LMS sites, or received directly, are protected by copyrights, trademarks, service marks, trade secrets, or other proprietary rights and laws and that all right, title, and interest in and to all such curricula, content, and Proprietary Information is owned by the Cyber Innovation Center. Some content found in the LMS has been supported by the U.S. Department of Homeland Security under Grant Award Number, 2013-PD-127-000001.
Links to Other Web Sites
The sites may contain links to websites and resources owned by other individuals and entities (hereinafter collectively referred to as "third party sites"). If you decide to visit the third party sites, you acknowledge and agree that (1) you do so at your own risk; (2) it is your responsibility to guard against computer programming routines that could alter damage, expropriate, intercept, or interfere with your computer system; (3) the CIC is not endorsing, nor are we responsible for, the information, advertising, or content contained on the third party sites or the products or services promoted, offered by, or sold on the third party sites; (4) your access to and use of the third party sites is subject to the third party sites’ terms and conditions of use (including their respective privacy polices); and (5) the CIC is not making any representations or warranties regarding the accuracy, appropriateness, availability, completeness, freedom from viruses, performance, quality, security, or timeliness of the third party sites or their content.
It is the mission of CYBER.ORG to ensure that every K-12 student gains foundational and technical cybersecurity knowledge and skills. To achieve this in part, CYBER.ORG has created the National Cyber Cup by CYBER.ORG. It is hence critical that we create a safe and secure online environment where students can safely compete in cybersecurity challenges.
“NCC registration site”
- The NCC registration site is for parents to register students by creating their profile through Email Plus.
- Competition coaches (team sponsors) will use this site to roster registered students into competition teams.
- We DO NOT allow children under 13 to complete registration.
“NCC Competition site”
The NCC competition site is where students will login to answer cybersecurity challenges and earn points. Coaches (also known as team sponsors) can also use this site to check team scores and answer challenges.
“Coach (Team Sponsor)”
An adult that oversees registration activities and receives and relays all communications and messages regarding NCC from CYBER.ORG to students. They may be a teacher, club leader or other adult leader.
This includes personally identifiable that we collect when you register your child for competition. This includes student first name, student last name, student age, student grade level, gender (optional) and race/ethnicity(optional). This also includes parent first name, parent last name and parent email.
This includes the emails sent from the NCC team at CYBER.ORG, to parents during the registration process.
Any data collected by NCC that can be linked back to an individual student. This contains student name, grade, age, competition log in name and challenge responses.
What is National Cyber Cup by CYBER.ORG?
The National Cyber Cup by CYBER.ORG is a free, jeopardy-style, CTF competition for elementary, middle school and high school students with a focus on cybersecurity themes and challenges. There are two sites associated with NCC: a mobile competition site and a mobile registration site. The NCC platform has 3 different types of users- Coaches (team sponsors), student participants, parents (registration only). Below is a summary of what each type of user can use the platform for:
Coaches (team sponsors)- Coaches use the NCC registration site to roster registered students on teams. Coaches can use the NCC competition site to monitor team scores and answer challenges.
Students- Students can not complete any actions on the NCC registration site. Students will use the NCC competition site to participate in answering cybersecurity challenges.
Parents- Parents will use the NCC registration site to register students and provide information to create the student registration profile. Parents will not have an account for the competition site.
National Cyber Cup by CYBER.ORG and Privacy Certifications
CYBER.ORG must get verifiable parental consent for using NCC for children below legal age (as specified by the local laws). The legal age of children in the USA is 13 years. In case you come across an instance where CYBER.ORG is collecting information from a student without parental consent, please contact us immediately at firstname.lastname@example.org.
CYBER.ORG will use Email Plus for verifiable parental consent. Student’s participating in NCC will have personal information collected but not disclosed. In Email Plus, parents will complete a form requesting their email address. CYBER.ORG will send an email to the parent at that address, requesting consent and student data to complete the registration profile. Parents will receive a confirmation email confirming consent and notice that they may revoke their prior consent if they choose to.
Onboarding process for Students/Children:
The Coach (Team Sponsor) will register the school or organization on our website. The Team Sponsor creates an account with username and password that he/she will use to view roster and organize teams.
After the school/organization has been registered, parents will then register the student on the website by providing the student first and last name, grade level and age (these items are necessary for us to complete registration).
The parent will also have the option to provide gender and ethnicity.
Usernames for the students will be created using this method: first letter of first name, first letter of last name and school initials- example: Brady Cooper from Cyber Elementary school would have this username(BCces). This is the only name visible on the competition site.
We do not contact students directly and it is the Team Sponsors responsibility to inform students of username and password during the competition.
Data Collected from Parents:
The following student information will be collected from the parent during registration to create the student profile:
- Student participant name:
- Parent/Guardian full name:
- Parent/Guardian email:
- School/organization (drop down)
- Team sponsor name (drop down)
- Optional: Gender and Race
Compliance with COPPA
Data collected by NCC
Data collection is minimal and only essential data for competing in NCC is collected. Data for grant reporting purposes is optional and will be aggregated for reporting.
We collect information from all individuals creating an account on NCC. This includes team sponsors/coaches, parents, and students.
We collect log data from team sponsors/coaches and students to our NCC competition site.
Below is a list of data that we collect from our different users and how we refer to it.
“Registration Profile”- This includes personally identifiable information that we collect during the onboarding registration process. This may include:
- Parent: first name, last name, email,
- Student data provided by parent: first name, last name, grade, age, gender(optional), ethnicity(optional)
- Team sponsor/coach: first name, last name, email, school name
“Flag submissions”- This includes all of the content students enter as answers for flags. Or submitted questions to the NCC team.
“Student Data”- Any data collected by us that can be linked back to an individual student. This includes name, grade, age, parent name, school name, and log in id
Why do we collect this data?
- Allow team/sponsors to create teams
- Create a login for students to access the competition questions and provide answers for a live score.
What is the data not collected for?
- We do not allow advertising or sharing data for advertising for any data collected by NCC.
- We will never share data for the purpose of displaying ads.
- We never sell data to anyone for any purposes.
NCC will keep your data no longer than what is required for competition and verifying winners.
When does NCC share data with third parties?
We use two third party service to run the NCC platform: AWS and Heroku. Both of these services are contractually prohibited from using that information for any other purpose other than to provide the NCC service.
Third Party Analytics
In an effort to streamline existing user experience, we collect and use aggregate data about usage patterns on the NCC competition site.
IP information is collected at the registration site to gather the geographic location of an IP address during account creation. Third party only receives the IP address.
Cookies are not used on the NCC registration site. The user’s browser’s session storage stores an authentication token for the user that will expire in ten minutes. If the browser tab or window is closed, session storage is deleted, and the user is logged out.
Deleting your NCC registration information
You have the right to request we remove all your parent information and student data from our systems. If you would like to delete your registration information or any other information submitted to NCC, please send an email to email@example.com. We will notify you with email before deleting your information from our database.
Data Protection Practices
We follow the latest, industry standards to protect your data. Some measures that are in place include use of highly secure, access-controlled data centers, data encryption in transit, and encryption data at rest.