Privacy policy
Last updated: July 2026
No accounts, no tracking
CVEInsight has no sign-up, no login, and no advertising or tracking cookies. Search queries are processed to return results and are not stored or tied to any identifier. Our host (Vercel) reports anonymous, aggregated page-view counts for performance monitoring; that data cannot identify you.
What stays on your device
Your theme preference and your watchlist live in your browser’s local storage. They never leave your device.
Scan data
When you use the scanner, you choose to submit a list of installed program names, vendors, and version numbers — nothing else. We never receive file contents, file paths, usernames, or credentials. The submitted list and its results are stored under a random, unguessable link, are not listed anywhere public, and are deleted 30 days after the scan. Submissions are rate-limited by IP address to prevent abuse; the IP is used only for that limit.
Third-party infrastructure
Vercel hosts the site; Supabase stores the public CVE database and scan results. Both are bound by their own privacy policies. We do not sell, rent, or share any data.
Children
The service is not directed at children under 13, and we knowingly collect nothing from them.
Changes and contact
Material changes to this policy move the date at the top of this page. Questions are welcome through the contact details listed on the site.