Privacy Policy

1. Introduction

FixTheCVE ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our vulnerability monitoring and security scanning services at fixthecve.com (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address
• Password (encrypted and hashed)
• Account preferences and settings

2.2 Server and System Information

When you scan your servers, we collect:

• Server names (as you define them)
• Operating system type and version
• List of installed packages (software names and versions only)
• Scan timestamps

2.3 Information We Do NOT Collect

We explicitly do NOT collect:

• Your application source code
• Configuration files or environment variables
• Database contents or credentials
• Any personally identifiable information from your servers
• File contents, directory structures, or system processes

2.4 Automatically Collected Information

We automatically collect certain information when you access the Service:

• IP addresses (for security and rate limiting)
• Browser type and version
• Access times and pages viewed
• Referring website addresses

2.5 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Maintain your session and keep you logged in
• Understand how you use the Service
• Improve Service performance and user experience

You can control cookies through your browser settings, but disabling cookies may limit functionality.

3. How We Use Your Information

We use the collected information for:

• Service Provision: Matching your installed packages against the CVE database to identify vulnerabilities
• Security Alerts: Sending email notifications when new CVEs affect your systems
• Account Management: Creating and managing your account, authentication, and preferences
• Service Improvement: Analyzing usage patterns to improve our Service
• Communication: Sending service-related announcements, updates, and security notices
• Security: Detecting and preventing fraud, abuse, and security incidents
• Legal Compliance: Complying with legal obligations and enforcing our Terms of Service

4. Data Sharing and Disclosure

4.1 We Do Not Sell Your Data

We do not sell, trade, or rent your personal information to third parties. Your server data and scan results are private and confidential.

4.2 Service Providers

We may share information with trusted third-party service providers who assist us in operating the Service, such as:

• Email delivery services (for sending alerts and notifications)
• Cloud hosting providers (for Service infrastructure)
• Analytics providers (for Service improvement)

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.3 Legal Requirements

We may disclose your information if required by law or to:

• Comply with legal process or government requests
• Enforce our Terms of Service
• Protect the rights, property, or safety of FixTheCVE, our users, or the public
• Investigate fraud, security, or technical issues

4.4 Business Transfers

If FixTheCVE is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

5. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data transmitted to/from our Service uses TLS/SSL encryption
• Password Security: Passwords are hashed using bcrypt with strong salt values
• Access Controls: Limited access to personal data on a need-to-know basis
• Regular Security Audits: Ongoing monitoring and security assessments
• Secure Infrastructure: Hosted on secure servers with firewall protection

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy:

• Account Data: Retained while your account is active, plus 90 days after deletion
• Server Scan Data: Retained while your account is active to provide historical tracking
• Log Data: Retained for 90 days for security and troubleshooting purposes
• Email Records: Retained for 30 days

You may request deletion of your account and associated data at any time. See "Your Rights" section below.

7. Your Rights

You have the following rights regarding your personal information:

7.1 Access and Portability

You can access and download your account data and scan results from your dashboard at any time.

7.2 Correction

You can update your account information and preferences through your account settings.

7.3 Deletion

You can request deletion of your account and all associated data. Contact us at admin@fixthecve.com to initiate deletion.

7.4 Opt-Out of Communications

You can unsubscribe from marketing emails using the unsubscribe link. Note that you cannot opt-out of essential service-related communications (e.g., security alerts, account notifications).

7.5 Do Not Track

Our Service does not respond to Do Not Track (DNT) browser signals. However, we minimize tracking to essential functionality only.

8. Third-Party Links

The Service may contain links to third-party websites (e.g., CVE references, vendor advisories). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

9. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us, and we will delete such information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your jurisdiction. By using the Service, you consent to such transfers.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date
• Sending an email notification for material changes

Your continued use of the Service after changes become effective constitutes acceptance of the revised Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: admin@fixthecve.com
• Contact Form: fixthecve.com/contact

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, and shared
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at admin@fixthecve.com.

14. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent

Our lawful basis for processing your data includes: contract performance, consent, legitimate interests, and legal compliance.