Privacy Policy

Last updated: April 2026

1. Who we are

ScriptForge is a cybersecurity training platform that teaches security engineers to build their own tools. This policy explains what personal data we collect, why we collect it, and how we handle it.

2. What we collect

We collect the following categories of data:

  • Account information — your email address, username, and hashed password when you register.
  • Progress data — which challenges you have completed, your XP total, your team selection, and your daily login streak.
  • Payment information — if you subscribe, payment is processed by Stripe. We store only your Stripe customer ID — we never see or store your full card number.
  • Usage data — standard server logs including IP address, browser type, and pages visited, retained for up to 90 days.
  • Code submissions — code you submit to the grading engine is sent to a third-party execution sandbox (Judge0) and is not stored by ScriptForge after grading completes.

3. How we use your data

  • To operate your account and track your learning progress.
  • To process subscription payments through Stripe.
  • To send transactional emails (account confirmation, password reset).
  • To improve the platform based on aggregate usage patterns.
  • To maintain security and prevent abuse.

We do not sell your personal data. We do not use your data for advertising.

4. Third-party services

We use the following third-party services:

  • Stripe — payment processing. Stripe's privacy policy is available at stripe.com/privacy.
  • Judge0 — sandboxed code execution for challenge grading. Code submissions are processed transiently and not stored.
  • MongoDB Atlas — database hosting. Data is stored in encrypted form at rest.

5. Data retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or financial compliance purposes.

6. Your rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and associated data.
  • Export your progress data in a readable format.

To exercise any of these rights, email us at privacy@scriptforge.net.

7. Cookies

We use a single session cookie to keep you logged in. We do not use tracking cookies or advertising cookies. No third-party analytics scripts are loaded on ScriptForge.

8. Security

Passwords are hashed using bcrypt and never stored in plain text. All data is transmitted over HTTPS. Payment data is handled entirely by Stripe and never passes through our servers.

9. Changes to this policy

If we make material changes to this policy we will notify you by email and update the date at the top of this page. Continued use of ScriptForge after changes are posted constitutes acceptance of the updated policy.

10. Contact

Questions about this policy can be directed to privacy@scriptforge.net.

← Back to ScriptForge