Privacy Policy

The Pointer Overflow CTF (“POCTF”, “the contest”) is operated by the Center for Cybersecurity Studies & Advanced Research at the University of Wisconsin–Stevens Point. This Privacy Statement explains how participant information is collected, used, stored, and safeguarded.

Participation constitutes acceptance of this policy.

We collect only the information needed to run the contest fairly, securely, and effectively.

Registration Information

• Name or preferred alias
• Email address
• Team name
• Institution (for Academic bracket)
• Optional region/country

Platform and Usage Data

• IP address, browser info, and device metadata
• Login timestamps
• Flag submissions and scoring events
• Error logs and security events

Discord & External Communication

• Visible username and messages in official channels
• Private organizer communication, retained for dispute resolution

Challenge Interaction Data

• Attempt timestamps
• Solve times
• First Blood records
• Bracket-specific scoring data

• Contest registration and account management
• Scoring, ranking, and challenge operation
• Security monitoring and rule enforcement
• Infrastructure improvement and debugging
• Prize eligibility, notifications, and delivery
• Anonymized academic/educational reporting
• Ensuring fairness and challenge integrity

We do not sell or license participant data.

Internal University Use

• Contest organizers and admins
• UWSP faculty/staff supporting the event
• University IT personnel when necessary

Prize Fulfillment

Email or name may be shared with UWSP offices for prize processing.

Legal or Security-Related Situations

• If required by law
• To investigate cheating or misuse
• To maintain the integrity of contest systems

We never share information with advertisers or external marketers.

POCTF welcomes participants worldwide. All official challenge materials, rules, hints, and announcements are provided in English to maintain fairness and consistency.

Organizers may rephrase or clarify wording when asked, but all participants receive the same information under the same conditions.

The contest website may use:

• Session cookies for login state
• Local storage for UI preferences
• CSRF tokens for security

We do not use advertising cookies or third-party tracking analytics.

• Registration & scoring data: retained for contest history
• Flag submissions & logs: retained for audit and challenge improvement
• Discord correspondence: retained only as needed
• Prize distribution data: retained per UWSP financial policy

You may request deletion of non-essential personal data after the contest concludes.

We implement reasonable administrative, technical, and physical safeguards, including:

• Encrypted communication
• Access controls based on role
• Logging and monitoring for anomalies
• Hardened infrastructure and sanitization practices

No system is entirely risk-free, but we take security seriously and maintain best-effort protections.

• Request correction of inaccurate information
• Request deletion of non-essential personal data after the event
• Ask how their data is used, stored, or protected

Requests may be made via email or Discord.

If you have questions about this privacy policy:

• Email: cjohnson@uwsp.edu
• Discord: message @CTF-Admin

This Privacy Statement may be updated prior to the start of POCTF 2026. Any significant changes will be announced on the contest website and via Discord. Participants should review this policy before the contest begins to ensure they are familiar with the current version.

This Privacy Statement may be updated prior to the start of POCTF 2026. Any significant changes will be announced on the contest website and via Discord. Participants should review this policy before the contest begins to ensure they are familiar with the current version.