Privacy Policy

Our Approach to Privacy

VSComp is a small, community-driven academic project focused on advancing formal software verification. We do not operate as a commercial entity, and our data practices reflect this. We collect the minimum amount of data necessary to operate this website, we do not sell or share personal information with third parties, and we do not employ third-party analytics or tracking services.

This privacy policy applies to the website at vscomp.org and covers all pages within the site, including the problem catalogue, solutions archive, publications listing, and all other sections. If you have questions about anything described here, please visit the contact page for information on how to reach us.

What Information We Collect

Our data collection is minimal by design. We do not require user accounts, and browsing the site does not require you to provide any personal information. The data we do process falls into two categories.

Server Logs

Like virtually all web servers, ours automatically records certain information when you visit a page. This includes your IP address, the date and time of the request, the page you requested, the HTTP status code of the response, the size of the response, and the referring URL and user-agent string sent by your browser. These logs are generated by standard web server software and are retained for a limited period for the sole purposes of maintaining site reliability, diagnosing technical issues, and understanding aggregate usage patterns.

Server logs are not used to identify individual visitors, build browsing profiles, or track behaviour across sessions. We do not attempt to correlate IP addresses with personal identities. Log data is stored securely and is accessible only to the site administrators. Logs are routinely purged and are not retained indefinitely.

Voluntarily Provided Information

If you contact the organising committee via email or through any communication channel referenced on the contact page, you may provide personal information such as your name and email address. This information is used solely to respond to your inquiry. We do not add contact information to mailing lists without explicit consent, and we do not share it with anyone outside the organising committee.

Competition participants who submit solutions during an active edition may provide additional information as part of their submission, such as their name, institutional affiliation, and the verification artifacts they produce. The handling of submission data is governed by the specific procedures of each edition and is communicated to participants at the time of submission. Published results (such as those appearing on the competition year pages or in academic publications) are part of the scholarly record and are retained as such.

Cookie Practices

Cookies are small text files that a website may store on your device. Our use of cookies is limited to those that are strictly necessary for the site to function correctly. We do not use cookies for advertising, behavioural tracking, or user profiling.

Essential cookies, where used, may include session identifiers or preferences necessary for the correct rendering of pages. These cookies do not contain personal information and are not used to identify you across visits or across different websites. They expire at the end of your browsing session or within a short, defined period.

We do not use third-party cookies. No advertising networks, social media widgets, or external analytics platforms set cookies through this site. If your browser is configured to block or delete cookies, the site will continue to function normally for all core functionality.

Third-Party Analytics and Tracking

We do not use Google Analytics, Facebook Pixel, or any other third-party analytics or tracking service. We do not embed third-party scripts that collect data about your browsing behaviour. We do not participate in advertising networks or real-time bidding systems.

The site may load resources such as web fonts from external content-delivery networks. These requests are subject to the privacy policies of those networks, but we have selected providers that do not use font requests for tracking purposes. No personal data is transmitted to these services beyond the standard HTTP request headers that your browser sends automatically.

Data Protection Rights

We recognise the data-protection rights afforded to individuals under applicable regulations, including the General Data Protection Regulation (GDPR) for individuals in the European Economic Area and the United Kingdom. Depending on your jurisdiction, you may have the right to:

• Access: Request a copy of any personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete personal data.
• Erasure: Request deletion of your personal data, subject to any overriding legal obligations or legitimate research interests.
• Restriction: Request that we limit the processing of your personal data in certain circumstances.
• Objection: Object to our processing of your personal data where we rely on legitimate interests as our legal basis.
• Portability: Request that we provide your personal data in a structured, commonly used, machine-readable format.

Given the minimal amount of data we collect, most of these rights will be straightforward to exercise. In practice, server logs are the primary category of data that might be relevant, and these are purged on a routine schedule. If you wish to exercise any of these rights, please reach out to us through the contact page.

Legal Basis for Processing

Under the GDPR, every processing activity requires a legal basis. For the limited data processing described in this policy, we rely on the following bases:

• Legitimate interests: Server logs are processed on the basis of our legitimate interest in maintaining site security, diagnosing technical issues, and understanding aggregate usage patterns. We have assessed that this processing does not override your rights and freedoms given the non-identifying nature of the data and the limited retention period.
• Consent: Where you voluntarily provide personal information (for example, by emailing the organising committee), your provision of that information constitutes consent to its processing for the stated purpose.
• Performance of a task in the public interest: The publication of competition results and associated scholarly materials falls within the scope of academic research in the public interest.

How We Protect Your Data

We take reasonable technical and organisational measures to protect the data we hold. The site is served over HTTPS, encrypting all data in transit between your browser and our servers. Access to server infrastructure and logs is restricted to authorised members of the organising committee. We do not store sensitive personal data, and the minimal nature of our data collection inherently limits the risk associated with any potential data breach.

No system can guarantee absolute security. However, the limited scope of the data we collect and retain means that even in the unlikely event of unauthorised access, the potential impact on individuals is low. We do not store passwords, financial information, or other categories of data that would pose a significant risk if exposed.

Information Regarding Minors

This website is not directed at children under the age of 16. We do not knowingly collect personal data from minors. The content of this site is academic in nature and is primarily intended for researchers, students, and practitioners in the field of formal methods and software verification. If you believe that a child has provided personal information to us, please contact the organising committee through the contact page so that we can take appropriate steps.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or in applicable law. Any substantive changes will be noted on the changelog. We encourage you to review this page periodically. The date at the bottom of this page indicates when the policy was last revised.

How to Contact Us

If you have any questions or concerns about this privacy policy, our data practices, or if you wish to exercise any of your data-protection rights, please visit the contact page for details on how to reach the organising committee. We will endeavour to respond to all legitimate requests within a reasonable timeframe and in any event within any period required by applicable law.

For information about the competition itself, including its structure, history, and published results, please see the about page, history page, and competition years index.

This privacy policy was last updated in January 2026.