CVEInsight.

Privacy policy

Last updated: July 2026

No accounts, no tracking

CVEInsight has no sign-up, no login, and no advertising or tracking cookies. Search queries are processed to return results and are not stored or tied to any identifier. Our host (Vercel) reports anonymous, aggregated page-view counts for performance monitoring; that data cannot identify you.

What stays on your device

Your theme preference and your watchlist live in your browser’s local storage. They never leave your device.

Scan data

When you use the scanner, you choose to submit a list of installed program names, vendors, and version numbers — nothing else. We never receive file contents, file paths, usernames, or credentials. The submitted list and its results are stored under a random, unguessable link, are not listed anywhere public, and are deleted 30 days after the scan. Submissions are rate-limited by IP address to prevent abuse; the IP is used only for that limit.

Third-party infrastructure

Vercel hosts the site; Supabase stores the public CVE database and scan results. Both are bound by their own privacy policies. We do not sell, rent, or share any data.

Children

The service is not directed at children under 13, and we knowingly collect nothing from them.

Changes and contact

Material changes to this policy move the date at the top of this page. Questions are welcome through the contact details listed on the site.