Last Updated: April 16, 2024
OpenCVE is the Opensource Vulnerability Management Platform. We aggregate recognized public sources and prioritize vulnerabilities to alert cyber teams as soon as possible.
The personal information that we may collect about you broadly falls into the following categories:
We collect information about you when you input it into our Site or the Service or otherwise provide it directly to us.
We collect information about you when you register for an account, create or modify your profile, and set preferences for the Service. For example, you may provide your contact information, including your first and last name, email address, and password when you register for the Service. We keep track of your preferences when you select settings within the Service, including marketing and notification settings.
Instead of creating a user account, you can log in via your account with other platforms (currently not available). We will not collect the password that you use for the relevant platform, but we may collect details from your account with the platform, such as username and email address.
You may choose to provide us with information when you contact us about our Service or otherwise interact with us. For example, you may choose to submit information regarding a problem you are experiencing with our Service and send us screenshots to help in resolving the problem. You may submit your contact information to register for our events, to subscribe to receive marketing communications from us, or to make an inquiry through our Site. You may also provide content to us when you participate in a survey, contest, promotion, sweepstake, activity, or event, including via social media and other content platforms.
If you register for a paid Service, we will collect purchase information, such as the Service plan that you purchase and information related to refunds, credits, and cancellations, and your billing address and payment information. Please note that any payment information you provide is sent directly to a third-party payment processor. We have no access to and do not store your payment information.
We collect certain information about your device and how you and your device interact with us and our Site or Service. In some countries, including countries in the European Economic Area and the United Kingdom (together, "Europe"), this information may be considered personal data under applicable data protection laws.
Specifically, the information we collect will include information such as your IP address, device type, unique device identification numbers, browser-type, operating system, software installed, general location information (such as inferred from an IP address), and referring URL. We also collect information about how you and your device have interacted with our Site or Service or with us via email, including the pages you accessed, features you used, Service you purchased, links you clicked, and when you accessed and for how long.
Some of this information is collected using cookies and similar tracking technology, as explained further under the heading "Cookies and similar tracking technology" below.
From time to time, we receive personal information about you from third-party sources (including social media and other content platforms, public databases, and from our business and channel partners and service providers).
The types of information we collect from third parties include name, email addresses, job titles, and social media profiles. We may combine this information with information we collect through other means described above. This helps us to maintain and improve the accuracy of our records, identify new customers, deliver personalized communications, and suggest services that may be of interest to you.
We use your information for business and commercial purposes, such as to:
We may aggregate or de-identify information collected through the Service. We may use aggregated or de-identified data for any purpose, including without limitation for research and marketing purposes, and may also disclose such data to any third parties, including without limitation, advertisers, promotional partners, sponsors, event promoters, and others.
If you are based in Europe, we collect and process information about you only where we have a legal basis for doing so under applicable European laws. This means we collect and process your information only where:
The legal bases depend on the type of information and the purpose for our processing. In some contexts, more than one legal basis applies. When we process your information based on your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on such consent before it is withdrawn. To exercise your rights, see “Your data protection rights” below. Where we are using your information because we or a third party (e.g., your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Service.
We may disclose your personal information to the following categories of recipients:
We use cookies and similar tracking technology (collectively, “Cookies”) to collect and use personal information about you, including to understand and save your preferences, and to compile aggregate data about the Site and Service interaction.
We may also allow certain third parties (e.g., service providers such as Paddle) to access their own cookies or other tracking technologies on your computer, mobile phone, or other device you use to access the Site or Service. Cookies may be associated with de-identified data linked to or derived from data you voluntarily have submitted to us (e.g., your email address) that we may share with a service provider in hashed, non-human-readable form.
You may refuse to accept Cookies by activating the setting on your browser that allows you to refuse the setting of Cookies. You can find information on popular browsers and how to adjust your Cookie preferences at the browser provider’s websites. You can choose to disable Cookies, but if you do, your ability to use or access certain parts of our Site and Service may be affected.
We do not recognize or respond to browser-initiated Do Not Track signals.
We use appropriate technical and organizational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. However, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that information, during transmission through the Internet, or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others. In particular, email sent to or from OpenCVE may not be secure, and you should therefore take special care in deciding what information you send to us via email.
We retain the personal information we collect from you where we have an ongoing legitimate business need to do so (e.g., to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements). In certain circumstances, we will need to keep your information for legal reasons after our relationship has ended. For example, we may retain your data for longer than the usual retention period when we have a legal obligation to do such, to deal with and resolve requests and complaints, to protect an individual’s rights and property, and for litigation and regulatory matters. The specific retention periods depend on the nature of the information and why it is collected and processed and the nature of any legal requirement. The criteria we use to determine the retention period include:
When we have no ongoing legitimate business need or legal reason to process your personal information, we will either delete or anonymise it or, if this is not possible (e.g., because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Depending on your location, you may have the following data protection rights. To exercise any of them see specific instructions below or contact us using the contact details provided in your contract or by default at the address at the end of this page.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
OpenCVE’s Site and Service are not directed to children under 18. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information without parental consent, please contact us using the address at the end of this page. If we become aware that a child under 18 has provided us with personal information without parental consent, we will take steps to remove such information and terminate the child’s account.
If you are 18 or older, but have not reached your jurisdiction’s age of majority (such that you are able to enter a contract), you should only use the Service with permission from your parent or guardian.
The Site and Service may link to third-party websites or platforms from companies other than OpenCVE, such as to relevant online resources, social media platforms, our partners’ websites, payment processors, and other third-party websites. We are not responsible for the privacy practices or content of such other websites. If you have any questions about how these other websites use your information, you should review their policies and contact them directly. We are not responsible for the actions of third parties.
We may update this policy from time to time in response to changing legal, regulatory, technical, or business developments. When we update this policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material changes to this policy if, and where, required by applicable data protection laws.
You can see when this policy was last updated by checking the date displayed at the top of this policy.
If you have any questions or concerns about our use of your personal information, please contact by sending us an email at hello@opencve.io.
The data controller of your personal information is Amber Security SAS. Our address is Amber Security SAS, OpenCVE, Euratechnologies, 165 avenue de Bretagne, 59000 Lille, France.