CVEReports
Reports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Reports
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Powered by Google Gemini & CVE Feed

Privacy Policy

Last updated: February 13, 2026

Table of Contents

  1. 1. Introduction
  2. 2. Information We Collect
  3. 3. How We Use Your Information
  4. 4. AI-Generated Content
  5. 5. Cookies & Tracking
  6. 6. Third-Party Services
  7. 7. Data Sharing
  8. 8. Data Retention
  9. 9. Data Security
  10. 10. Your Rights
  11. 11. Children's Privacy
  12. 12. International Transfers
  13. 13. Changes to This Policy
  14. 14. Contact Us

1. Introduction

Welcome to CVEReports ("we," "our," or "us"). CVEReports is an AI-powered vulnerability intelligence platform that autonomously researches, analyzes, and generates comprehensive reports for Common Vulnerabilities and Exposures (CVEs) and GitHub Security Advisories (GHSAs).

We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, store, and share your information when you use our website and services. It also describes your rights regarding your personal data and how the law protects you.

2. Information We Collect

We collect different types of information depending on how you interact with our platform:

Account Data

When you create an account, we collect information you provide directly:

  • Email and password if you register via email sign-up
  • Name and email if you sign in via Google OAuth
  • Username and email if you sign in via GitHub OAuth

Usage Data

We automatically collect information about how you interact with our platform:

  • Vulnerability reports you view
  • Search queries you perform
  • Pages visited and features used

Technical Data

We automatically collect certain technical information when you access our service:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Timezone and general location
  • Referring pages and exit pages

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, operate, and maintain CVEReports, including account authentication and management.
  • Improvement: To understand how users interact with our platform and improve its features, content, and user experience.
  • Communication: To send transactional emails such as email verification, password resets, and service notifications.
  • Security: To detect, prevent, and address technical issues, abuse, and unauthorized access.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes.

4. AI-Generated Content

AI Disclosure

CVEReports uses Google's Gemini AI models to autonomously research and generate vulnerability reports. These reports are produced by AI, not written or individually reviewed by humans.

Our AI pipeline processes publicly available vulnerability data from sources such as the National Vulnerability Database (NVD), GitHub Security Advisories, CISA KEV, ExploitDB, and others. The AI synthesizes this information into structured reports.

We do not use your personal data to train our AI models. The AI processes only publicly available vulnerability and security data.

5. Cookies & Tracking Technologies

We use the following types of cookies:

  • Authentication Cookies: Essential cookies that keep you signed in to your account. Session cookies expire after 7 days of inactivity.
  • Session Cookies: Temporary cookies that help maintain your session state while browsing. These are deleted when you close your browser.
  • Preference Cookies: Cookies that remember your settings such as theme preference (light/dark mode).

We do not use advertising cookies or third-party tracking cookies for marketing purposes.

6. Third-Party Services

We integrate with the following third-party services to operate our platform:

  • Google: OAuth authentication (sign-in) and Gemini AI models for report generation. Subject to Google's Privacy Policy.
  • GitHub: OAuth authentication (sign-in) and Security Advisory data. Subject to GitHub's Privacy Statement.
  • Resend: Transactional email delivery (email verification, password resets). Subject to Resend's Privacy Policy.
  • Vercel: Website hosting and infrastructure. Subject to Vercel's Privacy Policy.

7. Data Sharing

We do not sell your personal data. We only share your information in the following limited circumstances:

  • Service Providers: With the third-party services listed above, strictly to operate our platform.
  • Legal Requirements: When required by law, such as in response to a subpoena, court order, or other legal process.
  • Safety: To protect the rights, property, or safety of CVEReports, our users, or the public.

8. Data Retention

We retain your data as follows:

  • Account Data: Retained for as long as your account is active. If you delete your account, we will delete your personal data within 30 days.
  • Usage & Technical Data: Retained in aggregated, anonymized form for analytics and service improvement purposes.
  • Authentication Sessions: Session data expires after 7 days of inactivity.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • All data transmitted via HTTPS encryption
  • Passwords hashed using industry-standard algorithms
  • OAuth tokens securely managed through established providers
  • Database access restricted and encrypted

While we take reasonable steps to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

For EU/EEA Residents (GDPR)

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in a portable format
  • Objection: Object to certain processing of your data
  • Restriction: Request restricted processing of your data

For California Residents (CCPA/CPRA)

  • Right to Know: What personal information we collect and how it is used
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: We do not sell personal information
  • Non-Discrimination: We will not discriminate against you for exercising your rights

Exercising Your Rights

To exercise any of these rights, please contact us through our contact page. We will respond to your request within 30 days.

11. Children's Privacy

CVEReports is not directed at children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly.

12. International Data Transfers

CVEReports is hosted on Vercel's infrastructure, which may process and store your data in the United States and other jurisdictions. By using our service, you consent to the transfer of your data to these locations.

Where we transfer data outside of the EU/EEA, we ensure appropriate safeguards are in place to protect your personal data in accordance with applicable data protection laws.

13. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this policy periodically to stay informed about how we protect your information.

14. Contact Us

If you have questions or concerns about this privacy policy or our data practices, please reach out to us:

Use our contact form or email us directly.

Contact Us