Privacy Policy

1. Data Controller

The data controller for personal data collected on cveo.tech is the site publisher, reachable at: contact@cveo.tech.

2. Data Collected

We collect the following data:

• Account data: email address, password (hashed with bcrypt), name (optional)
• Usage data: search history, registered assets, CVE alerts
• Navigation data: pages visited, session duration (via Umami Analytics — no cookies, anonymised data)

3. Purposes

• Providing and managing the cveo.tech service
• Sending CVE alerts and transactional emails (welcome, password reset)
• Service improvement via anonymous statistics
• Compliance with legal obligations

4. Legal Basis

Processing is based on contract performance (use of the service) and your consent for optional communications.

5. Retention

• Account data: retained until account deletion
• Search history: rolling 12 months
• Technical logs: 30 days

6. Data Sharing

Your data is not sold or transferred to third parties. We use the following processors:

• Resend (email delivery) — privacy policy available at resend.com
• NIST NVD (public CVE data) — no personal data transmitted

7. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Access to your personal data
• Rectification of inaccurate data
• Erasure of your data (right to be forgotten)
• Portability of your data
• Objection to processing

To exercise these rights, contact us at contact@cveo.tech. You may also lodge a complaint with your national data protection authority.

8. Cookies

cveo.tech uses Umami Analytics, a privacy-friendly analytics solution. No tracking cookies are placed on your device. No personal identifiers are collected.

9. Security

Passwords are hashed with bcrypt (cost 12). Communications are encrypted via TLS/HTTPS. Infrastructure is hosted in Europe.

10. Contact

For any questions regarding this policy: contact@cveo.tech