Privacy Policy

Last updated: March 7, 2026

1. Introduction

CVE-iQ (“we”, “our”, “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our Service.

2. Information We Collect

We collect the following types of information:

  • Account Information: Email address, name, and password when you register
  • Usage Data: Search queries, feature usage, and interaction patterns
  • Payment Information: Billing details processed securely via Stripe
  • Technical Data: IP address, browser type, and device information
  • Uploaded Content: SBOM files and other security data you submit

3. How We Use Your Information

We use your information to:

  • Provide and improve the Service
  • Process payments and manage subscriptions
  • Send important notifications and security alerts
  • Analyze usage patterns to enhance features
  • Comply with legal obligations

4. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Usage data is retained for analytics purposes for up to 2 years. You may request deletion of your data at any time.

5. Data Sharing

We do not sell your personal data. We may share information with:

  • Service Providers: Cloud infrastructure, payment processing, and analytics
  • Legal Authorities: When required by law or to protect our rights
  • Business Transfers: In connection with mergers or acquisitions

6. Your Rights (GDPR)

If you are in the EU/EEA, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion of your data
  • Object to or restrict processing
  • Data portability
  • Withdraw consent

7. Security

We implement industry-standard security measures including encryption, access controls, and regular security audits. However, no method of transmission over the Internet is 100% secure.

8. International Transfers

Your data may be processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses.

9. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through the Service.

11. Contact Us

For privacy-related inquiries, contact our Data Protection Officer at [email protected].