Terms and Conditions

1. Agreement to Terms

By accessing or using CVEFinder.io ("Service," "we," "us," or "our"), you agree to be bound by these Terms and Conditions ("Terms"). If you disagree with any part of these Terms, you may not access the Service.

These Terms apply to all visitors, users, and others who access or use the Service.

2. Description of Service

CVEFinder.io provides:

• Web vulnerability scanning to identify technologies and known CVEs
• CVE database search and browsing
• Product and vendor security information
• Email monitoring and alerts for Pro subscribers
• Security intelligence and analytics

The Service is provided "as is" and we reserve the right to modify, suspend, or discontinue any part of the Service at any time.

3. User Accounts

3.1 Account Creation

• You must provide accurate and complete information when creating an account
• You are responsible for maintaining the confidentiality of your account credentials
• You must be at least 18 years old to create an account
• One person or entity may not maintain more than one account

3.2 Account Responsibility

You are responsible for:

• All activities that occur under your account
• Maintaining the security of your password
• Notifying us immediately of any unauthorized use
• Ensuring compliance with these Terms

3.3 Account Termination

We may terminate or suspend your account immediately, without prior notice, if you:

• Breach these Terms
• Engage in fraudulent or illegal activities
• Abuse the Service or harm other users
• Violate any applicable laws or regulations

4. Acceptable Use Policy

4.1 Permitted Use

You may use CVEFinder.io to:

• Scan websites you own or have explicit permission to scan
• Research publicly disclosed CVE vulnerabilities
• Assess security posture of your own infrastructure
• Conduct authorized security testing and research

4.2 Prohibited Activities

You must NOT:

• Unauthorized Scanning: Scan websites without explicit permission from the owner
• Malicious Use: Use scan results to exploit vulnerabilities or harm others
• System Abuse: Overload our infrastructure, attempt DoS attacks, or bypass rate limits
• Data Scraping: Scrape, crawl, or harvest data from the Service without permission
• Reverse Engineering: Reverse engineer, decompile, or disassemble any part of the Service
• Reselling: Resell or redistribute the Service without authorization
• Impersonation: Impersonate another person or entity
• Illegal Activities: Use the Service for any unlawful purpose
• Security Violations: Attempt to gain unauthorized access to our systems

4.3 Rate Limits

• Free Plan: 5 scans per day
• Pro Plan: 10 scans per day
• Exceeding rate limits may result in temporary or permanent suspension

5. Subscription and Payments

5.1 Free Plan

• No credit card required
• Limited to 5 scans per day
• Full CVE database access
• May be discontinued or modified at any time

5.2 Pro Plan

• $9/month subscription
• 10 scans per day
• Email monitoring (5 URLs)
• JSON exports
• Automated rescans
• Exploit database access
• Billed monthly via Razorpay
• Auto-renewal unless cancelled

5.3 Billing and Refunds

• Billing Cycle: Monthly, charged on the subscription date
• Payment Method: Credit/debit card, UPI, net banking via Razorpay
• Failed Payments: Service may be suspended if payment fails
• Refund Policy: No refunds for partial months or unused scans
• Price Changes: We may change prices with 30 days' notice

5.4 Cancellation

• You may cancel your Pro subscription at any time
• Cancellation takes effect at the end of the current billing period
• No pro-rated refunds for early cancellation
• You may continue using the Free plan after cancellation

6. Intellectual Property

6.1 Our Intellectual Property

The Service and its original content, features, and functionality are owned by CVEFinder.io and are protected by international copyright, trademark, patent, trade secret, and other intellectual property laws.

This includes but is not limited to:

• Website design, layout, and graphics
• Software code and algorithms
• Database structure and organization
• CVEFinder.io name, logo, and branding

6.2 CVE Data

CVE data is sourced from the National Vulnerability Database (NVD) and is public domain. However, our presentation, organization, and analysis of this data is proprietary.

6.3 User Content

You retain ownership of URLs you submit for scanning. By using the Service, you grant us a limited license to process and store this information to provide the Service.

7. Disclaimer of Warranties

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND.

We specifically disclaim:

• Accuracy: We do not guarantee the accuracy, completeness, or timeliness of scan results or CVE data
• Availability: The Service may experience downtime, interruptions, or errors
• Security: No scanning tool can detect all vulnerabilities
• Fitness for Purpose: The Service may not meet your specific requirements
• Non-Infringement: Use of the Service does not guarantee compliance with laws

Important: CVEFinder.io is a tool for security awareness. It is NOT a substitute for professional security audits, penetration testing, or cybersecurity consulting.

8. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, CVEFinder.io SHALL NOT BE LIABLE FOR:

• Indirect, incidental, special, consequential, or punitive damages
• Loss of profits, revenue, data, or business opportunities
• Service interruptions, errors, or data loss
• Damages arising from unauthorized access to your account
• Reliance on scan results or CVE information
• Actions taken based on information provided by the Service

Our total liability shall not exceed the amount you paid us in the 12 months prior to the claim, or ₹1,000, whichever is greater.

9. Indemnification

You agree to indemnify, defend, and hold harmless CVEFinder.io, its officers, directors, employees, and agents from any claims, damages, losses, liabilities, and expenses (including legal fees) arising from:

• Your use or misuse of the Service
• Violation of these Terms
• Violation of any rights of another party
• Unauthorized scanning or security testing
• Your breach of applicable laws or regulations

10. Third-Party Services

The Service may integrate with or link to third-party services:

• Payment Processing: Razorpay (subject to Razorpay's terms)
• CVE Data: National Vulnerability Database (NVD)
• External Links: Vendor websites, security advisories, etc.

We are not responsible for the content, policies, or practices of third-party services. Your use of third-party services is at your own risk.

11. Data and Privacy

Your use of the Service is also governed by our Privacy Policy. Please review it to understand how we collect, use, and protect your information.

Key points:

• We do not sell your personal data
• Scan results are private and associated with your account
• We use industry-standard security measures
• You can request deletion of your account and data

12. Modifications to Service and Terms

12.1 Service Modifications

We reserve the right to:

• Modify or discontinue the Service (or any part) at any time
• Change features, functionality, or pricing
• Impose new limitations on the Service

12.2 Terms Modifications

We may update these Terms from time to time. Changes will be posted on this page with an updated "Last Updated" date. Material changes will be communicated via email.

Continued use of the Service after changes constitutes acceptance of the new Terms.

13. Governing Law and Dispute Resolution

13.1 Governing Law

These Terms shall be governed by and construed in accordance with the laws of India, without regard to its conflict of law provisions.

13.2 Dispute Resolution

Any disputes arising from these Terms or the Service shall be resolved through:

1. Negotiation: Good faith negotiations between the parties
2. Mediation: If negotiation fails, mediation by a mutually agreed mediator
3. Arbitration: Binding arbitration in accordance with Indian Arbitration and Conciliation Act, 1996

13.3 Jurisdiction

Subject to arbitration provisions, you agree to submit to the exclusive jurisdiction of the courts located in [Your City/State], India.

14. Severability

If any provision of these Terms is found to be invalid or unenforceable, the remaining provisions shall remain in full force and effect.

15. Entire Agreement

These Terms, together with our Privacy Policy, constitute the entire agreement between you and CVEFinder.io regarding the Service and supersede all prior agreements and understandings.

16. Waiver

Our failure to enforce any right or provision of these Terms will not be considered a waiver of those rights.

17. Assignment

You may not assign or transfer these Terms or your rights hereunder without our prior written consent. We may assign our rights and obligations without restriction.