FERPA Compliance & Privacy Statement
CSCD 240 CTF Management Platform - Eastern Washington University
What This System Stores
- CTF challenge descriptions, flags, and point values
- Concept tags (skills tested by each challenge)
- Approval records (who approved, when)
- Automated audit results (screenshots of challenge content)
- Faculty/TA user accounts (GitHub username, name, role)
What This System Does NOT Store
- No student names, emails, or identifiers
- No grades, scores, or academic records
- No student submissions or answers
- No enrollment or registration data
- No educational records of any kind
Where Student Data Lives
| System | Data | Access |
|---|
| Canvas LMS | Grades, enrollment, submissions | EWU institutional login |
| CTFd | CTF submissions, scores, leaderboard | Student accounts (separate) |
| GitHub Classroom | Lab code, commits | Student GitHub accounts |
This management platform has no connection to any of these systems.
It manages challenge content only.
AI Usage Disclosure
The following AI-assisted processes were used in challenge creation:
- Challenge generation: Initial challenge descriptions and flags were AI-generated
based on the CSCD 240 lecture curriculum. All challenges require human review and approval.
- Concept tagging: Challenges were automatically tagged with relevant concepts
using keyword matching. Tags should be verified by a human reviewer.
- Automated auditing: A Playwright-based agent visited each challenge page,
submitted flags, and took screenshots. These audits operate on challenge content only,
not student data.
No AI system in this platform processes, stores, or has access to any student data.
AI operations are limited to challenge content management and quality assurance.
Access Control
Access is restricted to approved faculty and TAs via GitHub OAuth.
New accounts require manual administrator approval. Students and the
general public cannot access this system.