Privacy Policy
Last Updated: January 15, 2026
Introduction
CVEDNA ("we," "us," or "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.
This policy applies to all users globally and complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA/CPRA), and Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).
1. Information We Collect
1.1 Information You Provide
- Account Information: Name, email address, username, password
- Profile Information: Company name, job title, professional interests
- Contact Information: Email, phone number (if provided)
- Payment Information: Billing details (processed by third-party payment processors)
- Communications: Messages, feedback, support requests
- Newsletter Subscriptions: Email preferences and subscription data
1.2 Automatically Collected Information
- Device Information: IP address, browser type, operating system
- Usage Data: Pages visited, time spent, click patterns, search queries
- Cookies and Tracking: Session cookies, analytics cookies, functional cookies
- Log Data: Access times, error logs, referral URLs
1.3 Third-Party Information
- Information from authentication providers (OAuth, SSO)
- Public CVE database information
- Security research and threat intelligence data
2. How We Use Your Information
We use your personal information for the following purposes:
Service Provision (Legal Basis: Contract Performance)
- Create and manage your account
- Provide access to CVE database and security intelligence
- Process transactions and send notifications
- Deliver newsletters and security alerts
Service Improvement (Legal Basis: Legitimate Interest)
- Analyze usage patterns and improve our platform
- Develop new features and services
- Conduct research and analytics
- Optimize user experience
Communications (Legal Basis: Consent/Legitimate Interest)
- Send security updates and critical alerts
- Respond to inquiries and provide support
- Send marketing communications (with consent)
- Notify you of service changes
Security and Legal Compliance (Legal Basis: Legal Obligation)
- Prevent fraud and unauthorized access
- Comply with legal obligations and regulations
- Enforce our terms of service
- Protect rights, property, and safety
3. Information Sharing and Disclosure
We do NOT sell your personal information. We may share your information in the following circumstances:
Service Providers
We work with trusted third-party service providers for:
- Cloud hosting and infrastructure (AWS, Google Cloud, etc.)
- Payment processing
- Email delivery services
- Analytics and monitoring
- Customer support tools
Legal Requirements
We may disclose information when required by law, legal process, or to:
- Comply with valid legal requests
- Protect against fraud or security threats
- Enforce our agreements and policies
- Protect the rights and safety of our users
Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
4. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place:
- EU-US Data Privacy Framework compliance for transfers to the United States
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions where applicable
- Binding Corporate Rules for intra-organizational transfers
5. Data Retention
We retain your personal information for as long as necessary to:
- Provide our services to you
- Comply with legal obligations (typically 7 years for financial records)
- Resolve disputes and enforce agreements
- Meet legitimate business purposes
When information is no longer needed, we will securely delete or anonymize it. You may request deletion of your account at any time, subject to legal retention requirements.
6. Your Privacy Rights
GDPR Rights (EU Residents)
- Right to Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a structured format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time
- Right to Lodge a Complaint: File a complaint with your data protection authority
CCPA/CPRA Rights (California Residents)
- Right to Know: Request information about data collection and use
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Opt-out of the sale of personal information (we don't sell data)
- Right to Non-Discrimination: Equal service regardless of privacy choices
- Right to Correct: Request correction of inaccurate information
- Right to Limit Use: Limit use of sensitive personal information
PIPEDA Rights (Canadian Residents)
- Right to Access: Know what personal information we hold
- Right to Correction: Correct errors in your personal information
- Right to Withdraw Consent: Withdraw consent for data processing
- Right to File a Complaint: Contact the Privacy Commissioner of Canada
How to Exercise Your Rights
To exercise any of these rights, please contact us at:
- Email:privacy@cvedna.com
- Subject Line: "Privacy Rights Request - [Your Request Type]"
We will respond to your request within 30 days (GDPR), 45 days (CCPA), or 30 days (PIPEDA) as required by law.
7. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience:
Essential Cookies
Required for website functionality, authentication, and security.
Analytics Cookies
Help us understand how visitors use our website.
Functional Cookies
Remember your preferences and settings.
Marketing Cookies
Used to deliver relevant advertisements (with consent).
Cookie Management
You can control cookies through your browser settings. Note that disabling certain cookies may limit website functionality.
8. Security Measures
We implement industry-standard security measures to protect your information:
Encryption
TLS/SSL encryption for data in transit, AES-256 for data at rest
Access Controls
Role-based access, multi-factor authentication, password policies
Regular Audits
Security assessments, vulnerability scans, penetration testing
Incident Response
24/7 monitoring, breach notification procedures, incident management
Important: While we use reasonable security measures, no method of transmission over the Internet is 100% secure. Please use strong passwords and protect your account credentials.
9. Children's Privacy
Our services are not intended for individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children.
If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information promptly.
If you believe we have collected information from a child, please contact us immediately at privacy@cvedna.com.
10. Third-Party Links and Services
Our website may contain links to third-party websites and services. We are not responsible for the privacy practices of these third parties.
We encourage you to review the privacy policies of any third-party sites you visit. This Privacy Policy applies only to information collected by CVEDNA.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
When we make material changes, we will:
- Update the "Last Updated" date at the top of this policy
- Notify you via email or prominent notice on our website
- Obtain your consent where required by law
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
12. Data Protection Officer
We have appointed a Data Protection Officer (DPO) to oversee our privacy compliance. You may contact our DPO at:
Email:dpo@cvedna.com
Subject Line: "DPO - Privacy Inquiry"
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
Contact Information
Privacy Team Email:privacy@cvedna.com
General Inquiries:contact@cvedna.com
Data Protection Officer:dpo@cvedna.com
Supervisory Authorities
You have the right to lodge a complaint with your data protection authority:
- EU/EEA: Contact your national data protection authority
- UK: Information Commissioner's Office (ICO) - ico.org.uk
- Canada: Office of the Privacy Commissioner - priv.gc.ca
- California: California Attorney General - oag.ca.gov
14. Jurisdiction-Specific Provisions
European Economic Area (EEA) Users
Legal basis for processing: Contract performance, legitimate interests, legal obligations, and consent where required.
Data transfers outside the EEA are protected by appropriate safeguards including Standard Contractual Clauses.
California Residents
Categories of Personal Information Collected: Identifiers, commercial information, internet activity, professional information.
Sources: Directly from you, automatically through website use, from third-party services.
Sale of Personal Information: We do NOT sell personal information.
Canadian Residents
We comply with PIPEDA's ten privacy principles including accountability, consent, and safeguards.
You may withdraw consent at any time, subject to legal or contractual restrictions.
Acknowledgment
By using our website and services, you acknowledge that you have read and understood this Privacy Policy and agree to be bound by its terms.
If you do not agree with this Privacy Policy, please do not use our services.