Controller and contact
The controller is Security Bez Tabu Wojciech Ciemski, Gorzelnicza 8, 04-212 Warsaw, Poland, NIP 9522112211, REGON 368630032. Privacy requests and security reports can be sent to kontakt@securitybeztabu.pl.
SBT VulnLab
Security Bez Tabu
Data and security
A concise description of data used by SBT VulnLab.
The controller is Security Bez Tabu Wojciech Ciemski, Gorzelnicza 8, 04-212 Warsaw, Poland, NIP 9522112211, REGON 368630032. Privacy requests and security reports can be sent to kontakt@securitybeztabu.pl.
The platform stores the name, username, email address, password hash, challenge progress, certificate records, essential session data, and security events such as IP address and browser user agent. It does not store plaintext passwords or submitted flags.
Data is used to verify email addresses, activate and protect accounts, preserve progress, issue and verify certificates, prevent abuse, investigate security events, and maintain the service. The public certificate verifier shows only credential data required to confirm completion.
The email address is provided to the operator's hosting and mail service provider solely to deliver account-confirmation and essential service messages. Confirmation tokens are random, stored by the platform only as cryptographic hashes, expire after 24 hours, and are single-use.
The session cookie is essential for sign-in and security. Language preference is stored in a cookie and browser local storage. The platform does not include third-party advertising or analytics trackers.
The platform does not send newsletters or marketing email. The technical account-confirmation message is not marketing. Registration data is not used for marketing mailing and is not exported to a newsletter provider.
Account, progress, and certificate data is retained while the account is active or until a valid deletion request is completed. Used or expired confirmation-token records are removed after 7 days, failed-login counters after 1 day, and security events after 90 days. Contact the operator to request access, correction, or deletion where applicable.