LearningNuggets Code of Conduct
Version: 1.0
Last Updated: March 22, 2026
Effective Date: March 22, 2026
1. Our Commitment
LearningNuggets is dedicated to providing a safe, inclusive, and respectful learning environment for everyone -- regardless of age, gender identity, sexual orientation, disability, ethnicity, nationality, religion, or experience level.
Cybersecurity education requires trust. Students must feel safe to make mistakes, ask questions, and explore unfamiliar concepts. Educators and professionals must be able to teach and learn without harassment or disruption. This Code of Conduct exists to protect that trust.
2. Expected Behavior
All users of LearningNuggets are expected to:
- Treat others with respect. This includes fellow students (in classroom and community settings), teachers, support staff, and the AI tutor.
- Engage honestly. Represent your own work, knowledge level, and identity accurately.
- Learn constructively. Approach challenges with curiosity. It is acceptable to struggle, ask for help, or be wrong -- that is how learning works.
- Protect shared resources. Use platform features (especially lab environments) responsibly and within their intended purpose.
- Respect privacy. Do not share others' personal information, account details, or private communications.
- Follow the law. Comply with all applicable local, state, national, and international laws while using the platform.
- Report problems. If you encounter a bug, security vulnerability, or conduct violation, report it through the appropriate channels described in Section 7.
3. Unacceptable Behavior
The following behaviors are prohibited on LearningNuggets:
3.1 Harassment and Discrimination
- Harassment, bullying, intimidation, or threats directed at any person.
- Discriminatory language or behavior based on protected characteristics (race, gender, sexual orientation, disability, religion, age, ethnicity, or national origin).
- Unwelcome sexual content, advances, or commentary.
- Deliberate misgendering or use of rejected names.
- Publishing or threatening to publish others' private information ("doxxing").
3.2 Academic Dishonesty
- Sharing solutions, flag values, or exercise answers with other students (unless explicitly permitted by a teacher in a classroom setting).
- Using automated tools, scripts, or bots to complete exercises or bypass the learning process.
- Misrepresenting AI-generated work as your own in external contexts (school assignments, professional certifications, etc.).
- Submitting another person's work as your own.
3.3 Platform Abuse
- Creating multiple accounts to circumvent bans, usage limits, or tier restrictions.
- Sharing account credentials with others.
- Attempting to access other users' data, sessions, or accounts.
- Deliberately disrupting the Service for other users.
- Exploiting bugs or vulnerabilities for personal advantage instead of reporting them.
3.4 Harmful Content
- Submitting content that promotes violence, self-harm, or illegal activity.
- Submitting real malware, exploit code targeting production systems, or other dangerous material.
- Using the platform to plan or coordinate illegal activities.
- Sharing real stolen credentials, data dumps, or other materials obtained through unauthorized access.
4. Lab Environment Rules
Docker lab environments provide real Linux machines with cybersecurity tools for hands-on learning. The following rules are strictly enforced.
4.1 Labs Are for Learning Only
- Lab environments exist exclusively for completing educational exercises and practicing cybersecurity skills as directed by the platform.
- Do not use labs to attack, scan, probe, or access any real system, network, or service -- whether internal to LearningNuggets infrastructure or external on the internet.
- The presence of offensive security tools (nmap, tcpdump, etc.) in lab environments is for educational purposes. Their availability does not constitute authorization to use them against any target outside your lab.
4.2 Security Controls Are Not Challenges
- Do not attempt to bypass, circumvent, or disable security controls -- including network restrictions, seccomp profiles, resource limits, or monitoring systems.
- Lab security controls are safety measures, not CTF challenges. Attempting to defeat them is a violation of this Code of Conduct and the Terms of Service.
- Do not attempt container escape, privilege escalation beyond the lab scope, or access to host infrastructure.
4.3 Data in Labs
- Do not store personal data or real credentials in lab environments. Labs are ephemeral and monitored.
- Do not store real passwords, API keys, access tokens, or sensitive files.
- Do not use labs to process, transmit, or store data belonging to third parties.
4.4 Network Rules
- Do not attempt to use labs as proxies, VPNs, or relay points. Outbound network access is blocked by design.
- Do not attempt to tunnel traffic through lab environments.
- Do not attempt to communicate with external systems from within labs.
4.5 Responsible Disclosure
If you discover a security vulnerability in the lab environment, the platform, or its infrastructure:
- Do not exploit it. Stop testing as soon as you confirm the vulnerability exists.
- Report it immediately to security@learningnuggets.com with a description of the issue.
- Do not disclose the vulnerability publicly until we have had a reasonable opportunity to address it.
- We appreciate responsible disclosure and will acknowledge reporters who follow this process.
5. Academic Integrity
5.1 The Spirit of Learning
LearningNuggets is built around Socratic learning -- the AI tutor guides you to discover answers through questioning and exploration, not by handing you solutions. Bypassing this process undermines your own education.
5.2 What Constitutes a Violation
- Sharing exercise solutions with other students outside of teacher-approved collaboration.
- Copying solutions from external sources and presenting them as your own work to the AI tutor.
- Using automated completion tools to solve exercises without engaging with the material.
- Sharing simulation flag values or exercise completion criteria with others.
5.3 Collaboration vs. Cheating
Healthy collaboration is encouraged:
- Acceptable: Discussing concepts, strategies, and general approaches. Asking "have you tried looking at the log timestamps?" is fine.
- Unacceptable: Sharing specific commands, flag values, or step-by-step solutions. Saying "the flag is CTF{abc123}, just type it in" is a violation.
6. Communication Standards
6.1 Interacting with the AI Tutor
The AI tutor (Nugget) is designed to be patient, supportive, and to match your energy. However:
- Expressing frustration is normal and acceptable -- the tutor can handle it.
- Hostile, abusive, or threatening language directed at the tutor is not acceptable. The tutor will issue one warning and may end the session if hostility continues.
- Attempting to manipulate the tutor into providing harmful information, bypassing safety guidelines, or acting outside its educational role is prohibited.
6.2 Community Interactions
If community features are introduced (forums, chat, peer review):
- Be constructive in feedback and discussion.
- Assume good intent from other learners.
- Disagree respectfully -- focus on ideas, not individuals.
- Keep discussions relevant to cybersecurity education.
6.3 Communication with Staff
- Treat support staff, teachers, and administrators with respect.
- Submit constructive feedback through the designated channels.
- Threats or harassment directed at LearningNuggets staff will result in immediate account action.
7. Reporting Violations
7.1 How to Report
If you witness or experience a violation of this Code of Conduct:
- In-platform feedback: Use the feedback widget (if available) to submit a report with context.
- Email: Send a report to support@learningnuggets.com with:
- When and where it occurred (page, session, lab)
- Any supporting evidence (screenshots, session IDs)
- Security issues: Report security vulnerabilities to security@learningnuggets.com.
7.2 Confidentiality
Reports will be treated confidentially. We will not disclose the identity of the reporter to the accused party except where required by law or necessary to resolve the issue.
7.3 No Retaliation
Retaliation against anyone who reports a violation in good faith is itself a violation of this Code of Conduct and will be treated accordingly.
8. Enforcement
Violations of this Code of Conduct are addressed through a graduated enforcement process, with severity matching the infraction.
8.1 Enforcement Actions
| Level | Action | Typical Triggers |
|---|---|---|
| 1. Warning | Written notice explaining the violation and expected behavior change. | First minor violation (e.g., inappropriate language, minor academic dishonesty). |
| 2. Temporary Suspension | Account access suspended for a defined period (7-30 days). Active subscriptions are paused during suspension. | Repeated minor violations after warning, moderate violations (e.g., sharing solutions, platform abuse). |
| 3. Permanent Termination | Account permanently closed. No refund for remaining subscription period. | Severe violations (e.g., attempting to attack external systems from labs, harassment, illegal activity), or continued violations after suspension. |
8.2 Immediate Termination
The following violations may result in immediate account termination without prior warning:
- Attempting to attack external systems from lab environments.
- Attempting to escape lab sandboxes or access host infrastructure.
- Distributing real malware or exploit code targeting production systems.
- Threats of violence or harm.
- Any activity that violates criminal law.
8.3 School Accounts
For users on School tier accounts, enforcement actions will be communicated to the institutional administrator (teacher or school admin) in addition to the user. Schools may have their own disciplinary processes that supplement ours.
8.4 Reporting to Authorities
LearningNuggets reserves the right to report suspected illegal activity to appropriate law enforcement authorities, particularly in cases involving attempted unauthorized access to external systems, distribution of malware, or threats of harm.
9. Appeals
9.1 Right to Appeal
If you believe an enforcement action was made in error, you have the right to appeal.
9.2 Appeal Process
- Submit your appeal in writing to legal@learningnuggets.com within 14 days of the enforcement action.
- Include:
- The enforcement action you are appealing
- Your explanation of why the action was unwarranted or disproportionate
- Any supporting evidence
- Appeals will be reviewed by a person who was not involved in the original enforcement decision.
- You will receive a written response within 14 business days.
9.3 Appeal Decisions
Appeal decisions are final. If your appeal is successful:
- The enforcement action will be reversed or reduced.
- If your account was suspended, any subscription time lost during suspension will be credited.
10. Acknowledgment
By creating an account and using LearningNuggets, you acknowledge that you have read, understood, and agree to abide by this Code of Conduct.
For users under 18, a parent or legal guardian must also acknowledge this Code of Conduct.
11. Changes to This Code of Conduct
LearningNuggets may update this Code of Conduct as the platform evolves. When changes are made:
- The "Last Updated" date at the top of this document will be revised.
- Users will be notified of material changes via email or in-platform notification.
- Continued use of the Service after changes take effect constitutes acceptance of the revised Code of Conduct.
12. Contact
- Report a violation: support@learningnuggets.com
- Report a security vulnerability: security@learningnuggets.com
- Appeal an enforcement action: legal@learningnuggets.com
- General questions: support@learningnuggets.com
[learningnuggets.com]
This Code of Conduct is effective as of March 22, 2026.
