Privacy Policy

Last Updated: September 18, 2025

Sign in to manage your analytics preference.

Analytics (cookieless)

We run product analytics in a cookieless mode via PostHog on their EU infrastructure (eu.i.posthog.com) — no analytics cookies, no local storage, no cookie banner. Only strictly-necessary cookies (your sign-in session and security tokens) are used. We rely on legitimate interest (Art. 6(1)(f) GDPR) and you can object at any time with the toggle above.

A. Applicability

This Privacy Policy is in effect as of the date above. By using or accessing the Site, User agrees to be bound by the Terms. Users are not under any legal obligation to submit personal data; if User chooses not to, certain Services might not be available. Pillar may change this Privacy Policy from time to time and will post any changes on the Site.

B. Personal Data Collected by Pillar

For this CTF, Pillar collects: the email address and name shared by your sign-in provider (OAuth); the public display name you choose (shown on the leaderboard); your gameplay and progress events and any easter eggs you discover; the prompts, messages, and inputs you submit to the in-CTF agents; and limited technical metadata (browser, approximate region, IP) and the cookieless analytics events described above.

C. Pillar's Use of Personal Data

Pillar processes personal data to operate, provide, and improve the Site — including communicating with you about the Site, providing support, fulfilling your requests, meeting legal obligations, protecting security (e.g. preventing and detecting fraud), and internal analysis, testing and statistics. Except as provided herein, Pillar does not use personal data without your prior consent.

AI security research and model training. Because this is a security-research CTF, Pillar may use the data it collects — including gameplay events and the prompts, messages, and inputs you submit to the in-CTF agents — in de-identified and/or aggregated form to conduct AI security research and to train, evaluate, and improve AI models and defenses. Pillar does not sell your personal data or use it for advertising.

D. Sharing Personal Data

Pillar may retain or disclose personal data to provide the Services, where you consent, to comply with applicable law or legal process, to respond to lawful government requests, to engage third-party service providers (e.g. our analytics processor under a data-processing agreement), in connection with a merger or business transfer, or to protect the rights, property, or security of Pillar, users, or others.

E. Security

Pillar has taken appropriate technical and organizational measures to protect the information it collects from loss, misuse, unauthorized access, disclosure, alteration, and destruction. No measures can guarantee 100% security.

F. Users in the European Economic Area (EEA)

Pillar processes Personal Data (as defined under the GDPR) only where it has a legal basis: contractual necessity, legitimate interest, legal obligation, or consent. Subject to applicable law, you may access, correct, delete, export, or restrict processing of your Personal Data, and object to processing or withdraw consent at any time.

G. International Storage

Personal data Pillar collects may be transferred to, processed, and stored outside your jurisdiction, including in Israel, the EU, the UK, and the US, with appropriate safeguards. By using the Site you consent to this transfer, processing, and storage.

H. Retention

Pillar retains Personal Data for a period consistent with the purpose of collection, based on the amount, nature, and sensitivity of the data, the risk of harm, and applicable legal requirements, after which it is deleted.

I. Users in California, USA

To the extent the CCPA applies, Pillar processes personal information only as set out in this Privacy Policy, does not sell Personal Data, and maintains appropriate technical and organizational safeguards.

J. Children's Privacy

Pillar does not knowingly collect information from anyone under the age of 18, and the Site is not directed at children under 18. If you believe a child under 18 has provided information, contact privacy@pillar.security.

K. Questions

Questions about this Privacy Policy or Pillar's data practices: privacy@pillar.security · +972-3-310-9330 · Menakhem Begin Rd 80, Tel Aviv-Yafo, 6713827.