Search visibility toggle icon

Terms and Conditions

Terms and Conditions

Cyber Innovation Center (CIC) & CYBER.ORG Terms and Conditions of Use

The following are the Cyber Innovation Center (CIC) and CYBER.ORG Terms and Conditions of Use (“Terms”) that govern the use of the CIC & CYBER.ORG website, as well as Canvas, CYBER.ORG's Content Management System (Learning Management System [“LMS”]), (hereinafter collectively referred to as "the sites") and all content contained within. By using the CYBER.ORG website and registering for and further using the LMS to gain access to CIC/CYBER.ORG content, you expressly agree to be bound by these Terms and follow all conditions of use governing the sites. If you violate these Terms, the CIC may terminate your use of the sites, bar you from future use, or take an appropriate legal course of action. By enrolling in the curricula offered by CYBER.ORG through Canvas, users agree to receive email communications from CYBER.ORG.

School Authorization

If you are agreeing to these Terms on behalf of a company or other legal entity (including if you are School Personnel entering on behalf of your school), you represent that you have the authority to bind such entity to these Terms, in which case the words "you," "your," or "User" shall refer to such entity. If you do not have such authority, or if you do not agree with these Terms, you may not use the Service.

Permitted Use

CYBER.ORG website: Permitted Users can use content from the CYBER.ORG website to educate K-12 students. However, this content must not be sold or used for any profit-making purposes. The Permitted User agrees and confirms that he/she is a United States (U.S.) citizen, and a K-12 educator, K-12 administrator, or K-12 school district official, and may be granted access to and use of CYBER.ORG’s content and curricula through CYBER.ORG’s learning management system.

CYBER.ORG Learning Management System: Permitted use of all curricula and content is reserved for K-12 educators, K-12 administrators, and K-12 school district officials. Exception to the reserved rights may be made through a written request to the CIC. By creating an account, you (Permitted User) agree that you are only authorized to view, use, retain a copy of materials, and make reproductions for classroom purposes subject to the "Prohibited Use" detailed below.

Prohibited Use

Permitted users acknowledge that the CIC retains all intellectual property rights, including, but not limited to, all information received from CIC, copyrights, patent, and trademark rights in the materials, curricula, and content received from CIC/CYBER.ORG. Reproduction, copying, or redistribution for commercial purposes or any purposes other than the intended “permitted use” stated herein of any information, Propriety Information, materials or design elements of the content on these sites is strictly prohibited without the express written permission of the CIC. Permitted Users shall hold the CIC’s Proprietary Information in strict confidence and shall not disclose it to any third party other than to the intended K-12 students. Permitted Users shall not use the CIC’s Proprietary Information for any purpose other than to perform its obligations herein. 

Additional prohibited uses of CIC/CYBER.ORG’s materials, curricula, and content include, but are not limited to, networking, piracy and counterfeiting, unauthorized digital display, and web use/web posting, all or any of which could be considered direct, contributory, or vicarious copyright infringement. In addition, registered site users shall not share, distribute, or otherwise give away login credentials to other persons. Login credentials are issued based on unique user requests. To access the sites, users must follow all registration procedures.

Proprietary Rights

Permitted Users acknowledge and agree that all curricula, content, and Proprietary Information, available on the CIC, CYBER.ORG, and LMS sites, or received directly, are protected by copyrights, trademarks, service marks, trade secrets, or other proprietary rights and laws and that all right, title, and interest in and to all such curricula, content, and Proprietary Information is owned by the CIC. Some content found in the LMS has been supported by the U.S. Department of Homeland Security under Grant Award Number, 2013-PD-127-000001.

Links to Other Web Sites

The sites may contain links to websites and resources owned by other individuals and entities (hereinafter collectively referred to as "third-party sites"). If you decide to visit the third-party sites, you acknowledge and agree that (1) you do so at your own risk; (2) it is your responsibility to guard against computer programming routines that could alter damage, expropriate, intercept, or interfere with your computer system; (3) the CIC is not endorsing, nor is it responsible for, the information, advertising, or content contained on the third-party sites or the products or services promoted, offered by, or sold on the third-party sites; (4) your access to and use of the third-party sites is subject to the third-party sites’ terms and conditions of use (including their respective privacy polices); and (5) the CIC is not making any representations or warranties regarding the accuracy, appropriateness, availability, completeness, freedom from viruses, performance, quality, security, or timeliness of the third-party sites or their content.

The CYBER.ORG Range Privacy Policy

It is the mission of the Cyber Innovation Center’s academic initiative, “CYBER.ORG” (or “we” or “us”), to ensure that every K-12 student gains foundational and technical cybersecurity knowledge and skills. To achieve this in part, CYBER.ORG has created the CYBER.ORG Range. Hence, it is critical that we create a safe and secure online environment where students can safely practice with cybersecurity tools and resources.

Introduction

This policy (the “Privacy Policy”) governs the use of data collected by the CYBER.ORG Range website: https://apps.cyber.org (“the Range”).

By registering and using the Range, “you” as an individual agree to this Privacy Policy. You can contact us at any time with queries about this Privacy Policy at [email protected].

What is the CYBER.ORG Range?

The CYBER.ORG Range is a set of free, web-based virtual machines for elementary, middle, and high school students to practice cybersecurity tools and techniques. At the time this document is published, students can use the Range on four types of machines: Kali Linux, Ubuntu Linux, Microsoft Windows 7, and Microsoft Server 22. The availability of certain types of machines may change throughout the life of the Range. The Range platform has two different types of users: Teachers and Students. Below is a summary of what each type of user can use the platform for:

  • Teachers - A “Teacher” means the responsible adult that oversees the administration of student accounts and receives and relays all communications regarding the Range from CYBER.ORG to students. A Teacher can be in a classroom setting or serving in the form of a caregiver to one or several students.

    Teachers use the Range to create and access virtual classroom environments. Teachers can assign an environment to students and can access student virtual machines before, during, and after a student works in the Range.
     
  • Students - Students can use the Range to safely practice use of cybersecurity tools and leverage resources in a variety of virtual machines.

Range Registration Page 

The Range houses all registration and Range access activities. Individuals seeking access to the Range must apply at the login page located at https://apps.cyber.org. Access will only be granted to the following: 

  • K-12 Teachers in the United States.  
  • Non-profits working with kids under the age of 18 that have an applicable, active, signed Memorandum of Understanding (MOU) with the Cyber Innovation Center.  

Student Accounts 

iKeepSafe Family Educational Rights & Privacy Act

A student account is manually created by the Teacher or a CYBER.ORG staff member (collectively known as “Admin”). Upon generation, no student personal identifiable information (“PII”) is connected to the student account. The student account uses a randomly generated username that is not affiliated with the identity of the student, a randomly generated password that is not affiliated with the identity of the student, and a randomly generated nickname of the account. An Admin can change the nicknames and passwords for student accounts ensuring Children’s Online Privacy Protection Act (“COPPA”) and Family Educational Rights and Privacy Act (FERPA) compliance. The student cannot alter the nickname or the password. The student account’s username, password, and nickname can only be viewed by Admin and the individual using that student account.

Data, Privacy Certifications, and Compliance with COPPA

Coppa Certification 150

The CYBER.ORG Range participates in the iKeepSafe Safe Harbor program. If you have any questions or need to file a complaint related to our privacy policy and practices, please do not hesitate to contact iKeepSafe Safe Harbor program at [email protected].

The CYBER.ORG Range operates with 100% anonymous data for all school-age students. When users create a Teacher account, they are allowed the option of creating any number of randomized student accounts (permission is required to create more than 40 accounts for any single classroom).  Each created student account is assigned one randomized nickname, one randomized username, and one randomized password. We continuously review and update our practices to ensure compliance with COPPA requirements.

Data Collected by the CYBER.ORG Range

Anonymous usage data will be collected by individuals’ engagement with the CYBER.ORG Range. Additional data for grant reporting purposes is optional and will be aggregated for reporting.

We collect information from all Admin that create an account on the CYBER.ORG Range. We collect log data from all users that engage with the CYBER.ORG Range site. Below is a list of data that we collect from our different users and how we refer to it.

Registration Profile - This includes a Teacher’s PII that we collect during the onboarding registration process. This may include:

  • First name
  • Last name
  • Email
  • US citizenship status
  • Years of teaching experience
  • What grades are being taught
  • School name
  • School type (Public, private, charter, etc.)
  • School’s title I status
  • City, State, Zip, District name
  • How many students per grade band (K-5th, 6th-8th, and 9th-12th) will be directly educated with the Cyber Range for the current academic school year
  • Role of educator

Anonymized Student Data - This does not include any PII. Instead, each student account that is created by a Teacher account holder is assigned:

  • One randomized nickname consisting of various first and last names that are shuffled and assigned with every new account creation
  • One randomized username
  • One randomized password

Log Data - While using the Range, the following activities create log data:

  • Logging in
  • Creating a Virtual Machine (“VM”)
  • Accessing a VM
  • Accessing data

Cookies - The Range uses cookies throughout the browsing experience to keep you logged into the Range site. No external cookies are stored as a result of using the Range.

Why Do We Collect This Data?

We use the collected data only to provide services to students as described in the Privacy Policy. Such services include, but are not limited to:

  • Allowing Teachers to create virtual Range classrooms
  • Creating logins for students to access the CYBER.ORG Range environment and engage with the devices located therein

What is the Data Not Collected For?

  • We do not use or share data for advertising purposes.
  • We do not share data for the purpose of displaying advertisements.
  • We do not sell data to anyone for any purposes.

When Does the CYBER.ORG Range Share Data with Third Parties?

The Range uses third-party services (AWS, aws.cyber.org, and Heroku, heroku.com) to facilitate the infrastructure of the Range and all websites and databases associated with the Range.

Third-Party Analytics

In an effort to streamline existing users' experience, we collect and use the Range aggregate usage pattern data.

Internet Protocol (“IP”) information is collected at user login to gather the geographic location of an IP address during site usage. Third parties only receive the IP address.

Deleting your CYBER.ORG Range Registration Information

You have the right to request that we remove all Teacher information and anonymized student data from our systems. If you would like to delete your registration information or any other information collected by the CYBER.ORG Range, please send an email to [email protected]. We will notify you via email after deleting your information from our database.

Data Protection Practices

We follow the latest industry standards to protect your data. Some measures that are in place include use of highly secure, access-controlled data centers, data encryption in transit, and encryption data at rest.

Change of Control

Over time, the Range may grow and reorganize. We may share your information, including personal information with affiliates such as a parent company, subsidiaries, joint venture partners, or other companies that we control or that are under common control with us, in which case we will require those companies to agree to use your personal information in a way that is consistent with this Privacy Policy.

In the event of a change to our organization such that all or a portion of the Range or its assets are acquired by or merged with a third party, or in any other situation where personal information that we have collected from users would be one of the assets transferred to or acquired by that third party, this Privacy Policy will continue to apply to your information, and any acquirer would only be able to handle your personal information as per this Privacy Policy (unless you give consent to a new policy). We will provide you with notice of an acquisition within 30 days following the completion of such a transaction by posting on our homepage and by email to your email address that you provided to us. If you do not consent to the use of your personal information by such a successor company, subject to applicable law, you may request its deletion from the company.

In the unlikely event that the Cyber Innovation Center goes out of business or files for bankruptcy, we will protect your personal information and will not sell it to any third party.

Privacy Policy Changes 

We may revise our Privacy Policy from time to time. You can see when the last update was made effective by looking at the "Last Updated" date at the top of this page. We will not reduce your rights under this Privacy Policy without your explicit consent. If we make any significant changes, we will provide prominent notice by posting a notice on the Range and notifying you by email (using the email address you provided) at least 30 days before the change takes effect so that you can review and make sure you know about them. 

We encourage you to review this Privacy Policy from time to time to stay informed about our collection, use, and disclosure of personal information through the Range. If you do not agree with any changes to the Privacy Policy, you may terminate your account. By continuing to use the Range after the revised Privacy Policy has become effective, you acknowledge that you accept and agree to the current version of the Privacy Policy. 

Contact Information

If you have any questions about this Privacy Policy, please feel free to contact us at [email protected].

National Cyber Cup by CYBER.ORG Privacy Policy       

It is the mission of CYBER.ORG to ensure that every K-12 student gains foundational and technical cybersecurity knowledge and skills. To achieve this in part, CYBER.ORG has created the National Cyber Cup by CYBER.ORG. It is hence critical that we create a safe and secure online environment where students can safely compete in cybersecurity challenges.

Introduction

This Privacy Policy governs the use of data collected by CYBER.ORG’s websites: https://registration.nationalcybercup.org/ (hereafter, collectively referred to as “the Service”, “NCC”, or, “the NCC Service”).

By registering and participating in NCC, you are agreeing to this Privacy Policy. If you do not agree, please refrain from using NCC. You can contact us at anytime with queries about this Privacy Policy at [email protected].

Definitions

“NCC registration site”

  • The NCC registration site is for parents to register students by creating their profile through Email Plus.
  • Competition coaches (team sponsors) will use this site to roster registered students into competition teams.
  • We DO NOT allow children under 13 to complete registration.

“NCC Competition site”

The NCC competition site is where students will login to answer cybersecurity challenges and earn points. Coaches (also known as team sponsors) can also use this site to check team scores and answer challenges.

“Coach (Team Sponsor)”

An adult that oversees registration activities and receives and relays all communications and messages regarding NCC from CYBER.ORG to students. They may be a teacher, club leader or other adult leader.

“Registration Profile”

This includes personally identifiable that we collect when you register your child for competition. This includes student first name, student last name, student age, student grade level, gender (optional) and race/ethnicity(optional). This also includes parent first name, parent last name and parent email.

“Messages”

This includes the emails sent from the NCC team at CYBER.ORG, to parents during the registration process.

“Student Data”

Any data collected by NCC that can be linked back to an individual student. This contains student name, grade, age, competition log in name and challenge responses.

What is National Cyber Cup by CYBER.ORG?

The National Cyber Cup by CYBER.ORG is a free, jeopardy-style, CTF competition for elementary, middle school and high school students with a focus on cybersecurity themes and challenges. There are two sites associated with NCC: a mobile competition site and a mobile registration site. The NCC platform has 3 different types of users- Coaches (team sponsors), student participants, parents (registration only). Below is a summary of what each type of user can use the platform for:

  • Coaches (team sponsors)- Coaches use the NCC registration site to roster registered students on teams. Coaches can use the NCC competition site to monitor team scores and answer challenges.
  • Students - Students can not complete any actions on the NCC registration site. Students will use the NCC competition site to participate in answering cybersecurity challenges.
  • Parents - Parents will use the NCC registration site to register students and provide information to create the student registration profile. Parents will not have an account for the competition site.

National Cyber Cup by CYBER.ORG and Privacy Certifications

National Cyber Cup by Cyber.org participates in the iKeepSafe Safe Harbor program. If you have any questions or need to file a complaint related to our privacy policy and practices, please do not hesitate to contact iKeepSafe Safe Harbor program at [email protected].

Parental Consent

CYBER.ORG must get verifiable parental consent for using NCC for children below legal age (as specified by the local laws). The legal age of children in the USA is 13 years. In case you come across an instance where CYBER.ORG is collecting information from a student without parental consent, please contact us immediately at [email protected].

CYBER.ORG will use Email Plus for verifiable parental consent. Student’s participating in NCC will have personal information collected but not disclosed. In Email Plus, parents will complete a form requesting their email address. CYBER.ORG will send an email to the parent at that address, requesting consent and student data to complete the registration profile. Parents will receive a confirmation email confirming consent and notice that they may revoke their prior consent if they choose to.

Onboarding process for Students/Children:

The Coach (Team Sponsor) will register the school or organization on our website. The Team Sponsor creates an account with username and password that he/she will use to view roster and organize teams.

After the school/organization has been registered, parents will then register the student on the website by providing the student first and last name, grade level and age (these items are necessary for us to complete registration).

The parent will also have the option to provide gender and ethnicity.

Usernames for the students will be created using this method: first letter of first name, first letter of last name and school initials- example: Brady Cooper from Cyber Elementary school would have this username(BCces). This is the only name visible on the competition site.

We do not contact students directly and it is the Team Sponsors responsibility to inform students of username and password during the competition.

Data Collected from Parents:

The following student information will be collected from the parent during registration to create the student profile:

  • Student participant name:
  • Parent/Guardian full name:
  • Parent/Guardian email:
  • Grade:
  • Age:
  • School/organization (drop down)
  • Team sponsor name (drop down)
  • Optional: Gender and Race

Compliance with COPPA

Coppa Certification 150

National Cyber Cup participates in the iKeepSafe Safe Harbor Program. If you have any questions or need to file a complaint related to our privacy policy and practices, please do not hesitate to contact the iKeepSafe Harbor program at [email protected] 4 NCC operates with parental consent for all underage children. The responsibility of obtaining parental consent rests with the account creator during the onboarding process. Children under 13 must be registered by their parent or guardian before they can be rostered to a team, or given a username to participate. We continuously review and update our practices to ensure compliance with COPPA requirements.

Data collected by NCC

  • Data collection is minimal and only essential data for competing in NCC is collected. Data for grant reporting purposes is optional and will be aggregated for reporting.
  • We collect information from all individuals creating an account on NCC. This includes team sponsors/coaches, parents, and students.
  • We collect log data from team sponsors/coaches and students to our NCC competition site.
  • Below is a list of data that we collect from our different users and how we refer to it.

“Registration Profile”

This includes personally identifiable information that we collect during the onboarding registration process. This may include:

  • Parent: first name, last name, email,
  • Student data provided by parent: first name, last name, grade, age, gender(optional), ethnicity(optional)
  • Team sponsor/coach: first name, last name, email, school name

“Flag submissions”

This includes all of the content students enter as answers for flags. Or submitted questions to the NCC team.

“Student Data”

Any data collected by us that can be linked back to an individual student. This includes name, grade, age, parent name, school name, and log in id

“Log Data”

We collect log data such as your IP address. Additionally, we also use cookies to keep you logged into the competition site.

Why do we collect this data?

  • We use the collected data only to provide services to students as explained in the privacy policy. A few examples that we have for the collected data:
  • Allow team/sponsors to create teams
  • Create a login for students to access the competition questions and provide answers for a live score.

What is the data not collected for?

  • We do not allow advertising or sharing data for advertising for any data collected by NCC.
  • We will never share data for the purpose of displaying ads.
  • We never sell data to anyone for any purposes.

Data Retention

NCC will keep your data no longer than what is required for competition and verifying winners.

When does NCC share data with third parties?

We use two third party service to run the NCC platform: AWS and Heroku. Both of these services are contractually prohibited from using that information for any other purpose other than to provide the NCC service.

AWS - https://aws.amazon.com/privacy/

Heroku - https://www.heroku.com/policy/security

Third Party Analytics

In an effort to streamline existing user experience, we collect and use aggregate data about usage patterns on the NCC competition site.

IP information is collected at the registration site to gather the geographic location of an IP address during account creation. Third party only receives the IP address.

Cookie Policy

We use Cookies and other similar services (such as session storage) to keep you logged into the NCC competition site and understand how you use NCC. You can remove or disable cookies via your browser settings in which case your experience with NCC will not be optimal.

Cookies are not used on the NCC registration site. The user’s browser’s session storage stores an authentication token for the user that will expire in ten minutes. If the browser tab or window is closed, session storage is deleted, and the user is logged out.

Deleting your NCC registration information

You have the right to request we remove all your parent information and student data from our systems. If you would like to delete your registration information or any other information submitted to NCC, please send an email to [email protected]. We will notify you with email before deleting your information from our database.

Data Protection Practices

We follow the latest, industry standards to protect your data. Some measures that are in place include use of highly secure, access-controlled data centers, data encryption in transit, and encryption data at rest.

Contact Information

If you have any questions about this Privacy Policy, please feel free to contact us at 318-759-1600 or email [email protected]. You may also reach us at 6300 East Texas St. Bossier City, LA 71111.