Privacy Policy

1. Introduction

Welcome to CVEFinder.io ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

By accessing or using CVEFinder.io, you agree to this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Information You Provide

• Account Information: When you create an account, we collect your email address and password.
• Payment Information: If you subscribe to Pro plan, payment details are processed securely through Razorpay. We do not store your full credit card information.
• Scan Data: URLs you submit for vulnerability scanning and the results of those scans.
• Communications: If you contact us, we may keep records of your correspondence.

2.2 Automatically Collected Information

• Usage Data: IP address, browser type, device information, pages visited, time spent on pages.
• Cookies: We use cookies and similar tracking technologies to enhance user experience.
• Analytics: We use Google Analytics to understand how users interact with our service.

3. How We Use Your Information

We use the collected information for the following purposes:

• Provide Services: To operate CVEFinder.io and deliver vulnerability scanning services
• Account Management: To create and manage your account, process payments, and handle subscriptions
• Communication: To send service updates, security alerts, and respond to inquiries
• Improvement: To analyze usage patterns and improve our services
• Security: To detect, prevent, and address technical issues and fraudulent activities
• Legal Compliance: To comply with legal obligations and protect our rights

4. Data Sharing and Disclosure

We do NOT sell, rent, or trade your personal information. We may share your information only in these circumstances:

4.1 Service Providers

• Payment Processing: Razorpay for processing payments (subject to their privacy policy)
• Analytics: Google Analytics for usage statistics (anonymized data)
• Email Services: Third-party email service providers for transactional emails

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to:

• Comply with legal processes
• Enforce our Terms and Conditions
• Protect our rights, property, or safety
• Prevent fraud or security issues

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.

5. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: HTTPS/TLS encryption for all data transmission
• Password Protection: Passwords are hashed using bcrypt
• Access Controls: Limited access to personal data on a need-to-know basis
• Regular Updates: Security patches and software updates
• Monitoring: Continuous monitoring for security threats

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to provide services and comply with legal obligations:

• Account Data: Retained while your account is active and for 90 days after deletion
• Scan Results: Retained for the duration of your subscription
• Payment Records: Retained for 7 years for tax and accounting purposes
• Logs: Server logs retained for 90 days

7. Your Rights

You have the following rights regarding your personal information:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and associated data
• Export: Download your scan data in machine-readable format
• Opt-Out: Unsubscribe from marketing communications
• Object: Object to processing of your data for certain purposes

To exercise these rights, contact us at [email protected]

8. Cookies and Tracking

We use cookies and similar technologies for:

• Essential Cookies: Required for authentication and basic functionality
• Analytics Cookies: Google Analytics to understand usage patterns
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Disabling cookies may affect functionality.

9. Third-Party Links

Our website may contain links to third-party websites (e.g., CVE databases, vendor websites). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

10. Children's Privacy

CVEFinder.io is not intended for users under 18 years of age. We do not knowingly collect information from children. If you believe a child has provided us with personal information, please contact us immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting the new policy on this page
• Updating the "Last Updated" date
• Sending an email notification for material changes

Your continued use of CVEFinder.io after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

• Email: [email protected]
• Website: https://cvefinder.io

14. GDPR Compliance (For EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under GDPR:

• Legal Basis: We process your data based on consent, contract performance, and legitimate interests
• Data Protection Officer: Contact [email protected] for data protection inquiries
• Right to Complain: You may lodge a complaint with your local data protection authority
• Data Portability: Request your data in a structured, commonly used format