Terms of Use

Back

1. General

CVEHub is an automated service for monitoring security vulnerabilities (CVEs) operated by DC Digital Communication. By using the service, you accept these terms of use.

2. Service Description

CVEHub imports publicly available vulnerability information (CVEs) from third-party sources (e.g. NVD, Ubuntu Security, GitHub) and compares it against the software packages specified by the user (SBOM). If a match is found, the user is notified by email. The service serves as a tool for detecting possible security issues.

3. Disclaimer of Liability

The service is provided without any warranty. DC Digital Communication assumes no liability for:

  • Damages caused by vulnerabilities that were not detected or incorrectly detected
  • Damages caused by system outages, delays, or errors during CVE import or matching
  • Damages caused by security incidents, attacks, or data loss in the user's monitored systems
  • Inaccuracy or incompleteness of CVE data obtained from third-party sources
  • Indirect, incidental, or consequential damages of any kind

4. No Guarantee of Reliability

No guarantee is given for complete monitoring, error-free detection, or uninterrupted operation. The service may be changed, restricted, or discontinued at any time without prior notice.

5. User Obligations

The user is responsible for the accuracy of the project and SBOM data they provide, as well as for the security of their account. Misuse of the service, in particular automated mass queries or sharing access credentials with third parties, is prohibited.

6. Plans and Payment

The service is available in various plans that differ in scope and price. Paid plans are billed monthly or annually in advance, either by credit card (Stripe) or in advance by bank transfer. For payment in advance, the booked plan is activated only after payment has been received.

7. Data Protection

Personal data is used exclusively for operating the service and is not disclosed to third parties unless required for the performance of the contract. Only the data necessary for operation is stored.

The payment service provider Stripe is used for payment processing. A Data Processing Agreement is in place with Stripe. Data may be transferred to countries outside the EU/EEA (in particular the USA); this is based on EU Standard Contractual Clauses or an equivalent level of protection.

Under the General Data Protection Regulation (GDPR), users have, in particular, the right to access, rectification, erasure, restriction of processing, data portability, and objection to the processing of their data. Requests regarding this should be directed to the contact address listed in the legal notice (Info page).

Personal data is stored only for as long as necessary to provide the service or to fulfill legal retention obligations. Details on data processing can be found in the separate privacy policy.


8. Cancellation

Paid subscriptions can be cancelled or downgraded to the free plan at any time. The booked plan remains active until the end of the already paid billing period.

9. Changes

DC Digital Communication reserves the right to change these terms of use at any time. Users will be informed of material changes by email.

10. Note on NIS2, CRA, and Compliance

CVEHub can help companies meet obligations arising from the NIS2 Directive (Directive (EU) 2022/2555) and the Cyber Resilience Act (Regulation (EU) 2024/2847) in the area of vulnerability management. However, use of the service does NOT constitute an assurance, certification, or legal confirmation of compliance with NIS2, the CRA, or other legal requirements.

Responsibility for compliance with all regulatory obligations (including reporting obligations, risk management, and documentation) remains entirely with the user or their company. CVEHub provides no advisory or warranty services in this regard.


11. Availability, Third-Country Data Transfer, and Dispute Resolution

No specific availability (SLA) is guaranteed unless expressly agreed separately.

As part of the CVE import, data is obtained from third-party sources outside the EU (e.g. NVD/NIST, GitHub, both based in the USA). This data consists of publicly available, non-personal security information.

Consumers have the option to use the European Commission's Online Dispute Resolution platform (ec.europa.eu/consumers/odr) to resolve disputes.


12. Governing Law

Austrian law applies. To the extent permitted by law, the place of jurisdiction is the registered office of DC Digital Communication.

© 2026 Digital Communication · Info