Privacy Policy

Last updated: December 2024

Overview

wtfisthiscve.com ("we", "us", or "our") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your information.

Information We Collect

Account Information

When you sign in with GitHub, we collect:
- Your GitHub username
- Your GitHub user ID
- Your email address (if public on GitHub)

Usage Data

We automatically collect:
- CVE queries you make via the API
- Timestamps of requests
- IP addresses (for rate limiting)

We Do NOT Collect

• Payment information (we have no paid tiers)
• Sensitive personal data
• Tracking cookies for advertising

How We Use Your Information

• Authentication: To verify your identity and provide API access
• Service Delivery: To respond to your CVE queries
• Analytics: To understand usage patterns and improve the service
• Security: To detect and prevent abuse

Data Storage

• All data is stored on servers located in the EU
• We use SQLite databases with encrypted connections
• API keys are stored as hashed values

Data Retention

• Account data is retained while your account is active
• CVE explanations are cached indefinitely (they're public data)
• You can request account deletion at any time

Third-Party Services

We use the following third-party services:
- GitHub: For authentication (OAuth)
- NVD (NIST): As the source for CVE data
- Cloudflare: For DNS and DDoS protection

Your Rights

You have the right to:
- Access your personal data
- Request deletion of your account
- Export your data
- Opt out of non-essential data collection

Contact

For privacy-related inquiries, contact us at privacy@wtfisthiscve.com.

Changes to This Policy

We may update this policy from time to time. Significant changes will be announced on the website.