Login Sign Up

🔒 Security & Compliance

Your security is our priority. Learn how we protect your data and help you stay compliant.

🛡️ Data Security

🔐

Encryption Everywhere

All data transmitted between your servers and our platform uses TLS 1.3 encryption. Data at rest is encrypted using AES-256.

🔑

Access Control

Multi-factor authentication, role-based access control, and secure password hashing with bcrypt ensure only authorized access.

🚨

Intrusion Detection

24/7 monitoring, automated threat detection, and real-time alerts protect our infrastructure from attacks.

📊

Regular Audits

We conduct regular security audits, penetration testing, and vulnerability assessments to maintain our security posture.

🔄

Automated Backups

Daily encrypted backups with geographic redundancy ensure your data is never lost.

🏢

Secure Infrastructure

Hosted on enterprise-grade infrastructure with DDoS protection, firewall rules, and network segmentation.

🎯 What Data We Collect

What We DO Collect

  • Email address and account credentials
  • Server names (as you define them)
  • List of installed packages (names and versions only)
  • Operating system type and version
  • Scan timestamps and results

What We DON'T Collect

  • Application source code
  • Configuration files or environment variables
  • Database contents or credentials
  • File contents or directory structures
  • Network traffic or communication logs
  • Any personally identifiable information from your servers

📋 Compliance Standards

GDPR Compliant

We comply with the General Data Protection Regulation for users in the European Economic Area. You have the right to access, correct, delete, and export your data.

CCPA Compliant

California residents have additional rights under the California Consumer Privacy Act, including the right to know what data we collect and opt-out of data sale (we don't sell data).

SOC 2 Type II

We follow SOC 2 Type II standards for security, availability, processing integrity, confidentiality, and privacy.

ISO 27001

Our information security management system follows ISO 27001 best practices for data security and privacy.

🔍 Agentless Security

Unlike traditional security tools that require persistent agents on your servers, FixTheCVE is completely agentless:

No software installation required on your servers
Zero attack surface - nothing persistent to exploit
No background processes consuming resources
You control when and how scanning happens
Minimal data transmission - only package lists

🚨 Incident Response

In the unlikely event of a security incident:

  • We will notify affected users within 72 hours
  • Detailed incident reports will be provided
  • We'll work with security experts to resolve the issue
  • Post-incident reviews and security improvements will be implemented
  • Regulatory bodies will be notified as required by law

📞 Security Contact

Found a security vulnerability? We take security seriously and appreciate responsible disclosure.

Security Email: security@fixthecve.com

PGP Key: Available upon request

Please do not publicly disclose security issues until we've had a chance to address them. We typically respond within 24 hours and aim to resolve critical issues within 7 days.

🔒 Your Data, Your Control

You have complete control over your data. You can:

  • Access and download all your data anytime
  • Delete your account and all associated data
  • Control who has access to your scan results
  • Opt-out of email notifications
  • Request data corrections or updates

Read our Privacy Policy →