1.0 Introduction and Scope
1.1 Purpose
At Level 1 Labs ("we," "us," "our"), we take your privacy as seriously as we take cybersecurity. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our online cybersecurity education platform and related services (collectively, the "Platform").
1.2 Commitment
We are committed to processing your data lawfully, transparently, and securely, implementing industry-standard technical and organizational security measures.
1.3 Applicability
This policy applies to all learners, developers, visitors, and other users of the Platform. By using the Platform, you consent to this policy.
2.0 Information We Collect
2.1 Information You Provide
- Account & Profile Data: Name, email, username, country, professional background, identification, and profile picture
- Educational & Assessment Data: Enrollments, progress, scores, lab submissions, projects, code, reports, and feedback
- Identity Verification Data: Government-issued ID and/or biometric data for exams and certificates
- Payment Data: Billing address and payment details (processed via PCI-compliant providers)
- Communication Data: Messages with support, developers, instructors, or users
2.2 Information Collected Automatically
- Technical Data: IP address, browser, OS, device identifiers
- Usage Data: Pages viewed, time spent, lab commands, files accessed, and performance data
- Cookies: Essential, functional, and analytics cookies
2.3 Information from Third Parties
- Corporate sponsors or partners
- Social media platforms (if linked)
- Identity verification and proctoring providers
3.0 How We Use Your Information
| Purpose | Legal Basis (GDPR) |
|---|---|
| Account creation and platform access | Contract Performance |
| Training delivery, assessments, certifications | Contract Performance, Legitimate Interests |
| Identity verification and academic integrity | Legitimate Interests, Consent |
| Payment processing | Contract Performance |
| Platform communications and updates | Legitimate Interests, Consent |
| Platform improvement and analytics | Legitimate Interests |
| Security, fraud prevention, and compliance | Legal Obligation, Legitimate Interests |
Promotional communications are sent only with consent where required by law.
4.0 How We Share Information
- With Consent: When you explicitly authorize sharing
- Service Providers: Hosting, payments, analytics, email, proctoring
- Instructors: Educational performance and submissions
- Corporate Clients: Progress reports for sponsored learners
- Legal & Safety: Compliance with laws or protection of rights
- Business Transfers: Mergers, acquisitions, or asset sales
5.0 Data Security
5.1 Our Measures
- Encryption in transit and at rest
- Least-privilege access controls
- Regular vulnerability testing
- Secure development lifecycle practices
- Data anonymization where possible
5.2 Your Responsibility
You are responsible for protecting your credentials and reporting unauthorized access.
6.0 Data Retention
- Account Data: Retained while active and shortly after
- Educational Records: Minimum of 5 years
- Financial Records: 5+ years as required by law
- Identity Verification Data: Typically no more than 90 days
7.0 Your Data Protection Rights
- Correction of inaccurate data
- Deletion under certain circumstances
- Restriction or objection to processing
- Withdrawal of consent
- Marketing opt-out
Requests are handled within one month after identity verification.
8.0 International Data Transfers
We use appropriate safeguards, including Standard Contractual Clauses, for international transfers.
9.0 Children’s Privacy
The Platform is not intended for individuals under 16 years of age.
10.0 Third-Party Links
We are not responsible for the privacy practices of external websites.
11.0 Changes to This Policy
Updates will be posted with a revised "Last Updated" date.
12.0 Contact Information
Level 1 LabsAttn: Data Protection Officer
Email: support@hackmefirst.com
You may also lodge a complaint with your local supervisory authority.