- Modifications of Terms
- Use of Third Party Providers and Services
- Rights Associated with the Services
- Account Registration and Responsibility; Teacher Batch Registrations for Students
- Use/Availability of the Services
- Prohibited Uses/Activities
- Termination of Your Account by CMU.
- Termination of Your Account by You
- License to User Content
- Disclaimer of Warranties
- LIMITATION OF LIABILITY; LIMITATION ON DAMAGES
- Hold Harmless and Indemnity
- Digital Millennium Copyright Act
- Disclaimer of Endorsement
Terms of Service
Thank you for your interest in the picoCTF platform of Carnegie Mellon University (“CMU”), currently available at https://picoctf.org or https://picoctf.com
Through the picoCTF platform, CMU expects to make available certain educational materials, resources and activities related to computer security, which are targeted to middle and high school students age 13 or older. The available items and resources may change from time to time, but are currently expected to include:
picoPrimer, a textbook-style manual regarding cyber security concepts;
Education guides, consisting of learning resources in text format;
picoGym, where users can replay challenges from past picoCTF competitions;
picoMini competitions, consisting of pop-up style educational competitions that give users an opportunity to test their skills; and
picoCTF competitions, involving a time-limited competition (currently expected to occur about once a year) in which teams may be eligible to compete for prizes.
IF YOU ARE A PARENT OR GUARDIAN AND YOU PROVIDE CONSENT FOR YOUR MINOR CHILD TO USE AND/OR PARTICIPATE IN ANY OF THE SERVICES, YOU AGREE TO BE BOUND BY THESE TOU ON BEHALF OF YOUR CHILD.
By using and/or participating in the Services, you are agreeing to fully comply with these TOU, without modification by you. If you do not agree with these terms and conditions as stated, your only recourse is to discontinue using and participating in the Services. In addition, as a condition of participating in any picoCTF competitions, you shall be subject to any and all applicable competition rules which may be posted from time to time. All such competition rules are hereby incorporated by reference into these TOU. Unless explicitly stated otherwise, any new features that augment or enhance the current Services shall be subject to the TOU.
These TOU, in combination with any such posted competition rules and the picoCTF Privacy Statement, sets forth the entire agreement between you and CMU with respect to the Services. The picoCTF Privacy Statement is incorporated by reference into these TOU.
The picoCTF platform is operated by Carnegie Mellon University in the United States and is currently marketed toward a U.S.-based audience. These TOU, the Services, and all related documentation are in English. In the event this site or any of these materials are translated into another language (by you, computer software or otherwise), please be aware that CMU’s English language version will control.
THESE TOU ARE A LEGALLY BINDING AGREEMENT WITH CMU WITH RESPECT TO THE SERVICES. IF THESE TOU ARE NOT ACCEPTABLE TO YOU (AND TO YOUR SCHOOL, IF APPLICABLE), YOU MUST NOT PROCEED WITH REGISTRATION, AND YOU MAY NOT ACCESS OR USE THE SERVICES (NOR, IF APPLICBLE, MAY YOUR SCHOOL AND/OR ANY STUDENT USERS TO WHOM YOU WANTED TO FACILITATE ACCESS).
Modifications of Terms
CMU shall have the right to modify the terms of this TOU at any time, which modification shall be effective immediately upon posting. Accordingly, we suggest that you check review our TOU when you use the Services to stay informed. If you disagree with the changes to this TOU, you should discontinue your use of the Services. To make your periodic review more convenient, we will post a date at the top of this page.
Use of Third Party Providers and Services
CMU may use certain third party service providers (“Third Party Providers”) to support portions of the Services (including but not limited to registration support and hosting services). Such Third Party Providers may include, but are not necessarily limited to, Amazon Web Services, SendGrid and Tableau.
Rights Associated with the Services
The Services involve making available computer security games targeted at middle and high school students aged 13 or older. From time to time as part of the Services, CMU may also run various competitions related to these games. CMU and/or its content providers own and retain all intellectual property rights to the Services, including but not limited to game content. However, Third Party Providers retain any rights they have in their own respective services, even though they may be used to support and/or interact with the Services.
Account Registration and Responsibility; Teacher Batch Registrations for Students
Please read the picoCTF Privacy Statement for information as to CMU’s collection and handling of personal information collected through the Services.
When you register to use the Services, you must provide true, accurate and complete registration information. Should CMU suspect that your information is not accurate and complete, your account may be subject to suspension or termination.
In order to create a picoCTF platform account, you will need to provide certain information to register. Except for students who are being registered by teachers using the teacher batch registration process described below, the information needed to create a picoCTF platform account includes but is not limited to a username, an email address, your country of residence and your status (e.g., middle/high school student, teacher, etc), and information about your school (if applicable). In addition, you may choose to provide certain optional information (including but not limited to your gender identity and/or your racial/ethnic identity).
YOU AGREE THAT YOU WILL NOT USE YOUR NAME OR INCLUDE ANY OTHER PERSONALLY IDENTIFIABLE INFORMATION IN YOUR USERNAME.
To comply with the Children's Online Privacy Protection Act, at this time the Services are available only to users who are at least 13 years old. If you are under 13, you may not register to use the Services. If you are at least 13 but under 18, a parent or legal guardian must provide their email address as part of your account registration to indicate their consent to your account registration (except in the case of student registrations being done through a teacher batch registration as described below).
You, not CMU, will be responsible for all activities occurring under your username and for keeping your password secure. CMU retains the right to revoke and/or terminate any user's registration and all privileges associated with such registration at any time, including for any violation of this TOU. If you believe that your account (or an account you have created on behalf of your child or a student) has been or may be compromised, you must notify CMU by contacting firstname.lastname@example.org as soon as possible.
Teacher Batch Registration
If you are a teacher, you may create accounts for your students using the teacher batch registration feature instead of the students individually signing up for accounts with personal email addresses. Through the teacher batch registration feature, you may set user names and create accounts for students without providing names, email addresses or other personally identifiable information for those students. We may request the grade level and gender of the students for whom the teacher is creating the accounts. However, CMU will not know the identity of the students for whom those accounts have been created. The identity of which student has which user name and account is controlled by the teacher.
AS A REMINDER, IF YOU ARE USING THIS TEACHER BATCH REGISTRATION FEATURE, YOU AGREE THAT YOU WILL NOT INCLUDE ANY PERSONALLY IDENTIFIABLE INFORMATION OF THE STUDENTS IN ANY OF THE USERNAMES YOU CREATE FOR THE STUDENT ACCOUNTS.
"Content," as used herein, is all information, data, text, software, music, sound, photographs, graphics, video, messages, tags, or other materials, whether publicly posted or privately transmitted through the Services. "User Content" is any Content provided by and/or originating from a user. As used herein, "Content" refers to both User Content and Content unless expressly stated otherwise.
You understand that all User Content is the sole responsibility of the person from whom such User Content originated. This means that you, and not CMU, are entirely responsible for any and all User Content that you upload, post, email, transmit or otherwise make available via the Services. CMU does not guarantee the accuracy, integrity or quality of Content. You acknowledge that by using the Service, you may be exposed to Content that may be obsolete, incorrect, or objectionable. Under no circumstances will CMU be liable in any way for any Content, including, but not limited to, any errors or omissions in any Content, or any loss or damage of any kind incurred as a result of the use of any Content posted, emailed, transmitted or otherwise made available via the Services. Should User Content be found or reported in violation of these TOU, it will be CMU’s sole discretion as to what action should be taken, including suspension and/or termination of the applicable account.
Use/Availability of the Services
You may only use and display the Content of the Services for your own personal use (i.e., non-commercial use) and may not otherwise copy, reproduce, alter, modify, create derivative works, or publicly display any Content of the Services for other purposes. CMU shall have the right in its sole discretion to suspend or terminate the Services or your access to it.
You agree you will NOT do any of the following with respect to the Services: (a) transmit any Content or take any action in violation of applicable laws or regulations, or encourage others to do so; (b) transmit any Content or take any action that is harmful, threatening, abusive, harassing, torturous, defamatory, vulgar, obscene, libelous, invasive of another's privacy, hateful, discriminatory or racially, ethnically or otherwise objectionable, or encourage others to do so; (c) provide any Content or take any action that infringes any patent, trademark, trade secret, copyright or other proprietary rights and/or that you do not otherwise have a right to make available under any law or under contractual or fiduciary relationships (including but not limited to personally identifiable information and/or confidential or proprietary information learned or disclosed as part of employment relationships); (d) interfere with, remove or modify any terms and conditions or other Content on the Services and/or any part of the Services used for the operation and/or security of the Services; (e) collect and/or attempt to collect information about other users or third parties without their consent, including but not limited to soliciting or collecting passwords or personal identifying information from other users without their prior consent; (f) send unsolicited mail, advertisements, or other similar promotional material; (g) impersonate any person or entity, including, but not limited to, any CMU personnel, or falsely state or otherwise misrepresent your affiliation with a person or entity; (h) upload, post, email, transmit or otherwise make available any Content that contains software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer software or hardware or telecommunications equipment; (i) interfere with or disrupt the Services or servers or networks connected to the Services, or disobey any requirements, procedures, policies or regulations of networks connected to the Services (including but not limited to those of Third Party Providers); (j) use the Services to sell a product or service and/or to increase traffic to other websites for commercial reasons, such as advertising sales; (k) take Content from the Services and reformat and display it, or mirror any portion of picoCTF platform on any other site; and/or (l) exceed the scope of your authority with respect to your use of the Services, for example, accessing and using features that you do not have a right to use, or deleting, adding to, or otherwise changing other people's entries or other Content when you have not been granted the privileges to do so.
Without limiting the general nature of the prohibitions listed above, with respect to any challenges, you also may not interfere with the progress of other users, nor with the operation of the Services’ infrastructure. More specifically, attacking the scoring server, other users working on the challenges, or machines not explicitly designated as targets is cheating. This includes both breaking into such machines, and denying others access to them or the ability to solve problems (for example, by altering a key or ping-flooding). Sharing keys or providing overly-revealing hints with other users (except for authorized members of your designated team, as applicable) is cheating, as is being directly assisted by outside personnel (except for authorized members of your designated team, as applicable). Using tools from the internet is OK; asking people on the internet to help solve the problem is not. We encourage users to solve challenges in novel and creative ways using all available resources, but we do require that users solve the problems themselves.
You acknowledge and understand that CMU may or may not pre-screen Content, but that CMU and its designees shall have the right (but not the obligation) in their sole discretion to pre-screen, refuse, or move any Content for any reason, including for example, content that is available via the Service. Without limiting the foregoing, CMU and its designees shall have the right to remove any Content that violates this TOU or is otherwise objectionable to CMU. You agree that you must evaluate, and bear all risks associated with the use of any Content, including any reliance on the accuracy, completeness, or usefulness of such Content.
You acknowledge, consent and agree that, to the maximum extent permitted under applicable law, CMU has the right to access, preserve and disclose your account information and Content if required to do so by law or in a good faith belief that such access preservation or disclosure is reasonably necessary to: (a) comply with legal process; (b) enforce these TOU; (c) respond to claims that any Content violates the rights of third parties; (d) respond to your requests for assistance; or (e) protect the rights, property or personal safety of CMU, its users and/or the public. Further, CMU reserves the right to cooperate with legitimate law enforcement requests for information at its sole discretion. Please read the picoCTF Privacy Statement for more information as to CMU’s collection and handling of personal information collected through the Services.
You understand that the technical processing and transmission of the Services, including your Content, may involve (a) transmissions over various networks and (b) changes to conform and adapt to technical requirements of connecting networks or devices.
You understand that the Service and software embodied within the Services may include security components that permit digital materials to be protected, and that use of these materials is subject to usage rules set by CMU and/or Content providers who provide Content to the Services. You may not attempt to override or circumvent any of the usage rules embedded into the Services. Any unauthorized reproduction, publication, further distribution or public exhibition of the materials provided on the Services, in whole or in part, is strictly prohibited. You acknowledge that your account may be subject to features and practices, such as automatically logging you off after a certain period of inactivity.
Termination of Your Account by CMU.
You agree that CMU, under certain circumstances and without prior notice, may immediately terminate your account (or student accounts created by you using the teacher batch registration feature, if applicable) and access to the Services. Cause for such termination shall include, but not be limited to, (a) breaches or violations of the TOU or other incorporated agreements or guidelines, (b) requests by law enforcement or other government agencies, (c) a request by you (self-initiated account deletions), (d) discontinuance or material modification to the Services (or any part thereof), (e) unexpected technical or security issues or problems, (f) extended periods of inactivity, and/or (g) engagement by you in fraudulent or illegal activities. Termination of your account (or student accounts created by you) includes (a) removal of access to all offerings within the Services, (b) deletion of your password and all related information, files and content associated with or inside your account (or any part thereof), and (c) barring of further use of the Services. Further, you agree that all terminations for cause shall be made in CMU’s sole discretion and that CMU shall not be liable to you or any third party for any termination of your account or access to the Services.
Termination of Your Account by You
You may elect to terminate your account (or any student account created by you using the teacher batch registration feature) by providing notice to email@example.com . Following receipt of your notice, CMU will initiate termination of your account (typically within two business days). In addition to your right to terminate, CMU may terminate accounts as described in these TOU.
License to User Content
CMU does not claim ownership of User Content that you submit to and/or make available for inclusion on the Services. However, with respect to User Content that you submit to the Services or make available for inclusion on the Services, you hereby grant CMU a worldwide, royalty-free, non-exclusive perpetual, irrevocable and fully sub-licensable license to use, distribute, reproduce, modify, adapt, publish, translate, publicly perform and publicly display such User Content (in whole or in part) and to incorporate such User Content into other works in any format or medium now known or later developed. You agree never to sue CMU for use of said User Content.
Disclaimer of Warranties
THE SERVICES, AND ALL MATERIALS, INFORMATION, PRODUCTS AND SERVICES INCLUDED IN THE SERVICES ARE PROVIDED "AS IS," WITH NO WARRANTIES WHATSOEVER. CMU, ITS DIRECTORS, OFFICERS, EMPLOYEES, AGENTS, REPRESENTATIVES, AFFILIATES, LICENSORS, CONTENT PROVIDERS, CONTRACTORS (INCLUDING THIRD PARTY PROVIDERS) AND SPONSORS (COLLECTIVELY THE “PICOCTF PARTIES”) EXPRESSLY DISCLAIM TO THE FULLEST EXTENT PERMITTED BY LAW ALL EXPRESS, IMPLIED, AND STATUTORY WARRANTIES, INCLUDING, WITHOUT LIMITATION: THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT; ANY WARRANTIES REGARDING THE SECURITY, RELIABILITY, TIMELINESS, AND PERFORMANCE OF THE SERVICES; ANY WARRANTIES FOR ANY GOODS, INFORMATION OR ADVICE OBTAINED THROUGH THE SERVICES REGARDLESS OF SOURCE (INCLUDING BUT NOT LIMITED TO ANY GOODS OR INFORMATION OR ADVICE RECEIVED THROUGH ANY LINKS PROVIDED IN THE SERVICES).
YOU UNDERSTAND AND AGREE THAT YOU DOWNLOAD OR OTHERWISE OBTAIN MATERIAL OR DATA THROUGH THE USE OF THE SERVICES AT YOUR OWN DISCRETION AND RISK AND THAT YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGES TO YOUR COMPUTER SYSTEM OR LOSS OF DATA THAT RESULTS FROM THE DOWNLOAD OF SUCH MATERIAL OR DATA. SOME STATES OR OTHER JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSIONS MAY NOT APPLY TO YOU. YOU MAY ALSO HAVE OTHER RIGHTS THAT VARY FROM STATE TO STATE AND JURISDICTION TO JURISDICTION.
LIMITATION OF LIABILITY; LIMITATION ON DAMAGES
UNDER NO CIRCUMSTANCES SHALL CMU OR ANY PICOCTF PARTIES BE LIABLE TO ANY USER ON ACCOUNT OF THAT USER'S USE OR MISUSE OF OR RELIANCE ON THE SERVICES ARISING FROM ANY CLAIM RELATING TO THESE TOU OR THE SUBJECT MATTER HEREOF. SUCH LIMITATION OF LIABILITY SHALL APPLY TO PREVENT RECOVERY OF INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, EXEMPLARY, AND PUNITIVE DAMAGES WHETHER SUCH CLAIM IS BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE (EVEN IF CMU AND/OR THE PICOCTF PARTIES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES). IN ADDITION, IN NO EVENT SHALL CMU OR ANY PICOCTF PARTIES BE LIABLE FOR DIRECT DAMAGES RELATING TO THESE TOU OR THE SUBJECT MATTER HEREOF IN AN AMOUNT MORE THAN ONE HUNDRED U.S. DOLLARS ($100.00) IN THE AGGREGATE. SUCH LIMITATIONS OF LIABILITY AND DAMAGES SHALL APPLY WHETHER THE LIABILITY AND DAMAGES ARISE FROM USE OR MISUSE OF AND RELIANCE ON THE SERVICES, FROM INABILITY TO USE THE SERVICES, OR FROM THE INTERRUPTION, SUSPENSION, OR TERMINATION OF THE SERVICES (INCLUDING SUCH DAMAGES INCURRED BY THIRD PARTIES). THESE LIMITATIONS ON LIABILITY AND DAMAGES SHALL ALSO APPLY WITH RESPECT TO DAMAGES INCURRED BY REASON OF OTHER SERVICES OR GOODS, INFORMATION OR ADVICE RECEIVED THROUGH OR REFERENCED ON THE SERVICE, OR RECEIVED THROUGH ANY LINKS PROVIDED IN THE SERVICES. THESE LIMITATIONS ON LIABILITY AND DAMAGES SHALL ALSO APPLY, WITHOUT LIMITATION, TO THE COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, LOST PROFITS, OR LOST DATA. SUCH LIMITATION SHALL FURTHER APPLY WITH RESPECT TO THE PERFORMANCE OR NON-PERFORMANCE OF THE SERVICES OR ANY INFORMATION OR MERCHANDISE THAT APPEARS ON, OR IS LINKED OR RELATED IN ANY WAY TO, THE SERVICES. SUCH LIMITATIONS ON LIABILITY AND DAMAGES SHALL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY AND TO THE FULLEST EXTENT PERMITTED BY LAW. SOME STATES OR OTHER JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CERTAIN DAMAGES, SO THE ABOVE LIMITATIONS AND EXCLUSIONS MAY NOT APPLY TO YOU. Without limiting the foregoing, under no circumstances shall CMU or any PicoCTF Parties be liable for any delay or failure in performance resulting directly or indirectly from acts of nature, forces, or causes beyond its reasonable control, including, without limitation, Internet failures, computer equipment failures, telecommunication equipment failures, other equipment failures, electrical power failures, strikes, labor disputes, riots, insurrections, civil disturbances, shortages of labor or materials, fires, floods, storms, explosions, acts of God, war, governmental actions, orders of domestic or foreign courts or tribunals, non-performance of third parties, or loss of or fluctuations in heat, light, or air conditioning.
Hold Harmless and Indemnity
You agree to hold harmless and indemnify CMU and the PicoCTF Parties from and against any claim arising from or in any way related to your use of the Services, including without limitation any claim or demand, including reasonable attorneys' fees, made by any third party due to or arising out of Content you submit, post, transmit or otherwise make available through the Services, your use of the Services, your connection to the Services, your violation of this TOU, or your violation of any rights of another. The foregoing includes, without limitation, indemnity for any liability or expense arising from all claims, losses, damages (actual and consequential), suits, judgments, litigation costs and attorneys' fees, of every kind and nature. In such a case, CMU will provide you with written notice of such claim, suit or action.
Digital Millennium Copyright Act
CMU respects the intellectual property rights of others and endeavors to comply with all applicable US laws regarding intellectual property. Accordingly, it is our policy to respond to notices of alleged infringement that comply with the Digital Millennium Copyright Act (“DMCA”). To file a notice of infringement with us, please provide a written communication that meets the required criteria of the DMCA to CMU's Registered Copyright Agent via regular mail or email:
Carnegie Mellon University Information Security Office Computing Services 5000 Forbes Ave Pittsburgh, PA 15213 Phone: 412-268-2044 Email: dmca\@andrew.cmu.edu
If any provision of these TOU is held to be invalid or unenforceable, such provision shall be deemed superseded by a valid enforceable provision that most closely matches the intent of the original provision and the remaining provisions shall be enforced. CMU’s failure to act with respect to a breach by you or others does not waive CMU’s right to act with respect to subsequent or similar breaches. The failure of CMU to exercise or enforce any right or provision of these TOU shall not constitute a waiver of such right or provision. The section headings and subheadings contained in these TOU are included for convenience only, and shall not limit or otherwise affect the terms of these TOU. These TOU shall be interpreted in accordance with the laws of the Commonwealth of Pennsylvania without regard to its conflicts of laws provisions. All claims and/or controversies of every kind and nature arising out of or relating to these TOU, including any questions concerning its existence, negotiation, validity, meaning, performance, non-performance, breach, continuance or termination shall be settled (1) at CMU’s election, by binding arbitration administered by the American Arbitration Association ("AAA") in accordance with its Commercial Arbitration Rules and, in such case (a) the arbitration proceedings shall be conducted before a panel of three arbitrators, with each party selecting one disinterested arbitrator from a list submitted by the AAA and the two disinterested arbitrators selecting a third arbitrator from the list, (b) each party shall bear its own costs of arbitration, (c) all arbitration hearings shall be conducted in the English language in Allegheny County, Pennsylvania, and (d) the provisions hereof shall be a complete defense to any suit, action or proceeding instituted in any Federal, state or local court or before any administrative tribunal with respect to any claim or controversy arising out of or relating to this TOU and which is arbitrable as provided in this TOU, provided that either party may seek injunctive relief in a court of law or equity to assert, protect or enforce its rights hereunder, or (2) in the event that CMU does not elect binding arbitration as permitted in point (1) above, exclusively in the United States District Court for the Western District of Pennsylvania (or, if such Court does not have jurisdiction, in any court of general jurisdiction in Allegheny County, Pennsylvania) and each party consents to the exclusive jurisdiction of any such courts and waives any objection which such party may have to the laying of venue in any such courts.
Notwithstanding any provision hereof, for all purposes of these TOU each party shall be and act as an independent contractor and not as partner, joint venture, agent, employee or employer of the other and shall not bind nor attempt to bind the other to any contract. You agree that, except as otherwise expressly provided in these TOU, there shall be no third-party beneficiaries to these TOU.
Disclaimer of Endorsement
References in these TOU and/or in the Services to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, do not necessarily constitute or imply its endorsement, recommendation, or favoring by CMU.
Effective Date: September 11, 2020