CVEyeSign in

Legal

Privacy Policy

Last updated: April 29, 2025

Who we are

CVEye is a vulnerability alert service operated by its founder. We help individuals and teams stay informed about security vulnerabilities that affect the software they use. If you have questions about this policy, contact us at support@cveye.net.

What we collect

We collect only what is necessary to deliver the service:

  • Account information — your name and email address, provided during sign-up.
  • Product selections — the software and devices you choose to monitor during onboarding.
  • Alert history — a record of CVE alerts we have sent you.
  • Usage data — basic metrics such as how many trial alerts you have used.

We do not collect browsing behaviour, sell your data, or build advertising profiles.

How we use your data

Your data is used solely to operate CVEye:

  • Matching newly published CVEs against your product selections.
  • Sending you alert emails when a relevant vulnerability is found.
  • Managing your account and subscription.

Third-party services

We use a small number of trusted services to run CVEye:

  • Supabase — database and authentication. Your account data is stored in Supabase's EU infrastructure.
  • Resend — transactional email delivery. Your email address is shared with Resend only to send you alerts.
  • Anthropic — AI-generated plain-English summaries. We send public CVE descriptions (no personal data) to Anthropic's API to generate readable summaries.
  • NIST NVD — all vulnerability data is sourced from the NIST National Vulnerability Database, a public US government resource.

Data retention

We keep your data for as long as your account is active. If you delete your account, we remove your personal information within 30 days. Alert records may be retained in anonymised form for service improvement.

Your rights

You have the right to access, correct, or delete your personal data at any time. You can:

  • Unsubscribe from alert emails using the link in any alert email.
  • Request deletion of your account and data by emailing support@cveye.net.

If you are in the EU/EEA, you also have rights under GDPR including the right to lodge a complaint with your local data protection authority.

Cookies

CVEye uses a single session cookie to keep you signed in. We do not use tracking cookies or third-party analytics.

Changes to this policy

If we make material changes to this policy, we will notify you by email. Continued use of CVEye after changes take effect constitutes acceptance of the updated policy.