Cookie Policy
Effective Date: March 2026
This Cookie Policy explains how Terminal43CTF ("we", "us", "our") uses cookies and similar technologies when you visit our platform. We are committed to transparency and to protecting your privacy.
1. What Are Cookies
Cookies are small text files that are stored on your device (computer, tablet, or mobile) when you visit a website. They are widely used to make websites work efficiently, provide a better user experience, and give information to site owners.
Similar technologies include localStorage, which allows websites to store data directly in your browser. Unlike cookies, localStorage data is not sent to the server with every request -- it stays entirely in your browser.
We use a minimal set of cookies and localStorage entries that are strictly necessary for the platform to function, plus a single optional first-party analytics cookie that you control. We do not use any third-party tracking, advertising, or social-media cookies.
2. Cookies We Use
The following table lists every cookie and localStorage entry used by Terminal43CTF:
| Cookie | Name | Purpose | Type | Duration |
|---|---|---|---|---|
| Session |
ctf_session
|
Authentication and session management. Keeps you logged in as you navigate the platform. | Strictly Necessary | 24 hours |
| Challenge Auth |
chal_token
|
Authentication for challenge containers on the separate challenge domain. Ensures only authorized users can access their spawned challenge environments. | Strictly Necessary | 4 hours |
| Cookie Consent |
cookie_consent
(localStorage)
|
Remembers whether you have dismissed the cookie information banner so it is not shown again on every page load. | Strictly Necessary | Persistent |
| Theme Preference |
theme
(localStorage)
|
Remembers your dark/light mode preference so the platform displays your chosen theme on return visits. | Functionality | Persistent |
| Consent Choice |
t43_consent
|
Records the choice you made on the cookie banner ("accepted" or "essentials"). Read by the server to know whether to enable optional analytics. | Strictly Necessary | 1 year |
| Anonymous Visitor ID |
t43_anon
|
Random opaque ID (no personal data) used to attribute visits to a marketing source β for example, knowing that you arrived from a Google search or a partner link. Set only when you click "Accept all". | Analytics (Opt-in) | 90 days |
3. Strictly Necessary Cookies
Strictly necessary cookies are essential for the platform to function correctly. Without them, core features such as logging in, maintaining your session, and accessing challenge containers would not work. These cookies cannot be disabled.
Our strictly necessary cookies are used exclusively for:
- Login sessions -- keeping you authenticated as you navigate between pages
- CSRF protection -- preventing cross-site request forgery attacks on form submissions
- Challenge container authentication -- verifying your identity when you connect to spawned challenge environments on the challenge domain
These cookies contain no personally identifiable information. They store only cryptographically signed session identifiers and authentication tokens.
4. Analytics & Attribution (Opt-in)
When you click "Accept all" on the cookie banner, we set a single first-party cookie (t43_anon) so we can measure which marketing channels actually bring people to the platform. This is sometimes called "UTM attribution" β when a link includes parameters like ?utm_source=google we record where the click came from.
What we capture if you accept:
- the UTM parameters present on the link you used (source, medium, campaign, term, content)
- the referring URL and the landing page on our site
- a salted HMAC of your User-Agent string (so we can group similar browsers without storing the raw string)
- a random 32-character anonymous ID stored in the
t43_anoncookie
What we explicitly do not capture:
- your IP address (we never store it; we do not even derive a hash from it for these rows)
- your raw User-Agent (only a salted hash is stored)
- your name, email, or any other personal identifier β until you sign up, in which case the row is linked to your account so you can request deletion
- any data shared with third parties, ad networks, or social platforms β everything stays on Terminal43CTF servers
No third-party trackers. No ads. Ever.
We do not use Google Analytics, Facebook Pixel, advertising networks, fingerprinting, or any third-party cookies. The opt-in cookie is set by us, stays on our servers, and is dropped after 90 days.
We honour the Do-Not-Track (DNT) and Global Privacy Control (Sec-GPC) browser signals automatically β if your browser sends either header, we capture nothing regardless of the consent cookie.
To withdraw consent: clear the t43_consent cookie in your browser settings, or contact us. The next request will not capture analytics.
5. Local Storage
We use your browser's localStorage to store two small pieces of data:
theme— your preferred color scheme (dark or light mode)cookie_consent— whether you have dismissed the cookie information banner
This data never leaves your browser. It is not transmitted to our servers, not shared with any third party, and is only read by the Terminal43CTF frontend code running in your browser. You can clear localStorage at any time through your browser's developer tools or settings without affecting your account.
6. Managing Cookies
You can view, manage, and delete cookies through your browser settings. Please note that clearing your session cookies will log you out of Terminal43CTF, and you will need to sign in again.
For instructions on managing cookies in your browser, see:
7. Cookie Consent
Under the General Data Protection Regulation (GDPR) and the ePrivacy Directive, strictly necessary cookies do not require user consent. Our session, CSRF, and consent-choice cookies fall into this category and are set without prompting.
Our single optional analytics cookie (t43_anon) requires your active consent. We only set it after you click "Accept all" on the cookie banner. If you click "Essentials only" β or if your browser sends a Do-Not-Track or Global Privacy Control signal β no analytics cookie is set and no marketing data is recorded.
Your choice is stored in two places: a cookie_consent entry in your browser's localStorage (so we don't show the banner again) and a t43_consent cookie that the server reads on every request to decide whether to capture marketing data.
You can withdraw consent at any time by clearing the t43_consent cookie in your browser settings. New analytics rows will stop being recorded immediately. Existing rows linked to your account can be deleted on request β see our Privacy Policy for the procedure.
8. Changes to This Policy
We may update this Cookie Policy from time to time to reflect changes in our practices or for operational, legal, or regulatory reasons. Any changes will be posted on this page with an updated effective date. We encourage you to review this page periodically.
If we make material changes that affect how we use cookies (for example, introducing non-essential cookies), we will notify you through a prominent notice on the platform before the changes take effect.
9. Contact
If you have any questions about our use of cookies or this Cookie Policy, you can contact us at:
Email: contact@terminal43.ro