LOADING
πŸ”₯ BUNDLE SALE 40% OFF β€” "Inside the Mind of a Penetration Tester" + "Bug Bounty Guide" β†’

Privacy Policy

Last updated: February 18, 2026

1. Data Controller

Name: PΓ©ter Sass (NoSec)
Website: https://nosecpwn.eu
Email: contacts@nosecpwn.eu

2. Purpose of the Website

nosecpwn.eu is a cybersecurity portfolio and educational website featuring HackTheBox writeups, CTF challenges, learning resources, and tool reviews. The website also provides community features including user accounts, comments, and a leaderboard.

3. Personal Data Collected

Data Purpose Legal Basis
Username Account identification, profile display Performance of contract (GDPR Art. 6(1)(b))
Email address Registration, account management Performance of contract (GDPR Art. 6(1)(b))
Password (hashed) Authentication (bcrypt hash, non-reversible) Performance of contract
Profile data Voluntary display (display name, bio, links) Consent (GDPR Art. 6(1)(a))
Avatar image Visual identification (EXIF data stripped) Consent
IP address (hashed) Online visitor counting (not permanently stored) Legitimate interest (GDPR Art. 6(1)(f))
Comments Community interaction under writeups Consent

4. Data Retention

  • Account data: until account deletion or user request
  • IP hash: max. 90 seconds (in-memory only, no persistent storage)
  • Comments: until account deletion or moderation decision
  • Server logs: max. 30 days

5. Cookies

Cookie Purpose Expiry
access_token Login session (JWT, httpOnly) 24 hours
lang Language preference (hu/en) 1 year

Third-party cookies: the website may use Google Analytics for anonymous traffic statistics. You can disable this through your browser settings or by using an ad blocker.

6. Data Security

  • Passwords: stored using bcrypt hash algorithm (non-reversible)
  • Communication: HTTPS (TLS 1.2+) encryption
  • Cookies: httpOnly, Secure, SameSite=Lax flags
  • Avatars: EXIF metadata automatically stripped, files validated
  • Rate limiting: brute-force protection on all sensitive endpoints
  • Security headers: CSP, HSTS, X-Frame-Options, X-Content-Type-Options

7. Your Rights (GDPR)

You can exercise the following rights by emailing contacts@nosecpwn.eu:

  • Right of access: what data we store about you
  • Right to rectification: correction of inaccurate data
  • Right to erasure ("right to be forgotten"): permanent deletion of account and all data
  • Right to data portability: your data in machine-readable format
  • Right to object: object to data processing
  • Withdrawal of consent: at any time, without affecting prior processing

For complaints, you may contact the Hungarian National Authority for Data Protection and Freedom of Information (NAIH):
https://naih.hu

8. Third-Party Sharing

We do not sell, rent, or share your personal data with third parties, except in the following cases:

  • Google Analytics (if enabled): anonymized usage statistics
  • Hosting provider: to the extent necessary for server operation
  • Compliance with legal obligations

9. Changes

We reserve the right to modify this policy. Changes take effect upon publication on this website. For significant changes, we will provide a notice on the website.