This policy was last modified on January 30, 2013.
We collect anonymous data from every visitor of the Service to monitor traffic and fix bugs. For example, we collect information like web requests, the data sent in response to such requests, the Internet Protocol address, the browser type, the browser language, and a timestamp for the request.
For the Service, we ask you to register an account, log in and provide certain information (such as names and email addresses of your team members, your company name and address and your credit card information) in order to be able to store your Library entries and invoices, as well as periodically automatically bill you & charge your card (credit card numbers are never stored on our servers, but are securely transmitted and stored with our payment provider).
Cookies are used to store information about your current session and other preferences. This information may be used to track user progress and to offer a more personalized experience. Cookies can be disabled or cleared in your web browser settings.
We only use your personal information to provide you with the Service to communicate with you about the Service or the Website.
With respect to any data you may choose to enter or upload to VulnDB, we take the privacy and confidentiality of this data seriously. Your data (in the Service) is specifically not shared between accounts or with the public. We employ industry standard techniques (including your own database schema) to protect against unauthorized access of data that we store, including personal information. All off-site backups of your data are securely encrypted.
We do not share personal information you have provided to us without your consent, unless:
VulnDB is operated from the European Union. If you are visiting the Website from outside the EU, you agree to any processing of any personal information you provide us according to this policy.
VulnDB may contact you by email. For example, VulnDB may send you promotional emails relating to the Service or communicate with you about your use of the Website and Service. If you do not want to receive email from VulnDB, please opt out of receiving emails at the bottom of any VulnDB email. Please note that for some emails (for example billing issues), there’s no option to opt-out.
We don’t share your personal information with third parties except as listed below. Only aggregated, statistical data is periodically transmitted to external services to help us improve the VulnDB Website and Service.
We currently use Mailchimp (mailing list management) and Kissmetrics (analytics). We listed below what data these third parties extract exactly. Feel free to check out their own Privacy Policies to find out more.
Additionally, VulnDB uses third party vendors that provide the necessary hardware, software, networking, storage and other technology required to run the Website and the Service. While Security Roots owns the rights to the VulnDB Website and Service, you retain all rights to the data you enter into VulnDB.
In other to provide the Service, we also share data with services that help us track errors and bugs, keep backups of log files and identify performance issues.
We employ and contract with people and other entities that perform certain tasks on our behalf and who are under our control (our “Agents”). We may need to share personal information with our Agents in order to provide products or services to you. Unless we tell you differently, our Agents do not have any right to use Personal Information or other information we share with them beyond what is necessary to assist us. You hereby consent to our sharing of Personal Information with our Agents.
If VulnDB is acquired or merged with an other company, or Security Roots sells the VulnDB Website and Service to an other company, or if Security Roots goes out of business or enters bankruptcy, user information may be transferred to a third party. You acknowledge that such transfers may occur, and that any acquirer of Security Roots or its assets may continue to use your personal information as set forth in this policy.