Privacy Policy — NullCVE

Plain English summary: We collect only what we need to run the service. We do not sell your data. We do not share it with advertisers. Your tech stack configuration stays private. You can request deletion at any time.

Contents

01What We Collect
02How We Use It
03Data Sharing
04Data Retention
05Security
06Your Rights
07Cookies
08Children
09Changes
10Contact

01What We Collect

We collect information in two ways — information you provide directly, and information collected automatically when you use the Service.

Data Type	Examples	How Collected
Account information	Email address, name	You provide when signing up
Tech stack configuration	Software components you add to your stack	You provide when configuring your feed
Contact form submissions	Name, email, message	You provide when contacting us
Usage data	Pages visited, features used, session duration	Automatically via analytics
Technical data	IP address, browser type, device type	Automatically via server logs
Payment data	Billing address, last 4 digits of card	Via payment processor (Stripe) — we never store full card numbers

We do not collect sensitive personal information such as government ID numbers, health data, or financial account details beyond what is necessary for payment processing.

02How We Use It

We use the information we collect to:

Provide, operate, and improve the Service
Personalize your CVE feed based on your tech stack configuration
Send transactional emails (subscription confirmations, alerts you opt into)
Respond to support requests and contact form submissions
Detect and prevent abuse, fraud, and security incidents
Analyze usage patterns to improve product features
Comply with legal obligations

We do not use your data to train machine learning models. We do not use your tech stack data for advertising targeting. We do not sell your data to any third party.

03Data Sharing

We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:

Service providers: We use third-party services to operate the platform, including payment processing (Stripe), email delivery, and analytics. These providers are contractually bound to use your data only to provide services to us.
Legal requirements: We may disclose information if required by law, court order, or government request, or to protect the rights, property, or safety of NullCVE, our users, or the public.
Business transfers: If NullCVE is acquired or merges with another company, your data may be transferred as part of that transaction. We will notify you before this happens.

We currently use the following third-party services that may process your data:

Service	Purpose	Privacy Policy
Web3Forms	Contact form submissions	web3forms.com/privacy
GitHub Pages	Website hosting	GitHub Privacy Statement
Cloudflare	DNS, email routing	cloudflare.com/privacypolicy

04Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specifically:

Account data is retained until you request deletion or your account is terminated
Tech stack configuration is deleted within 30 days of account deletion
Contact form submissions are retained for up to 2 years for support purposes
Usage logs are retained for up to 12 months then anonymized or deleted
Payment records are retained for 7 years as required by tax law

05Security

We implement reasonable security measures to protect your information, including HTTPS encryption for all data in transit, secure credential storage, and access controls limiting who can access user data internally.

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your data. If you discover a security vulnerability in NullCVE, please report it responsibly to security@nullcve.io.

06Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you
Correction: Request correction of inaccurate or incomplete data
Deletion: Request deletion of your personal data
Portability: Request your data in a machine-readable format
Objection: Object to certain types of processing
Withdrawal: Withdraw consent where processing is based on consent

To exercise any of these rights, email hello@nullcve.io with your request. We will respond within 30 days. We may need to verify your identity before processing your request.

If you are located in the European Economic Area, you have rights under GDPR. If you are a California resident, you have rights under CCPA. We honor these rights regardless of your location.

07Cookies

NullCVE uses minimal cookies. We use session cookies necessary for the Service to function (such as keeping you logged in). We do not use third-party advertising cookies or tracking pixels.

You can control cookies through your browser settings. Disabling cookies may affect some functionality of the Service.

08Children

NullCVE is not directed at children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will delete it promptly. If you believe we have collected data from a child, contact us at hello@nullcve.io.

09Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date and, where appropriate, by email. Continued use of the Service after changes are posted constitutes acceptance of the updated policy.

10Contact

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at:

hello@nullcve.io
NullCVE · nullcve.io

We are committed to resolving privacy concerns promptly and fairly.