CVEium
Sign Up

Terms of Service

Our terms and conditions

Last updated: February 9, 2026

1. Acceptance of Terms

By accessing or using CVEium CIS ("the Service"), operated by CVEium ("we", "us", or "our"), you agree to be bound by these Terms of Service. If you are using the Service on behalf of an organization, you represent that you have the authority to bind that organization to these terms.

2. Description of Service

CVEium CIS is a software-as-a-service platform for vulnerability disclosure management. The Service enables you to upload Software Bills of Materials (SBOMs), scan for known vulnerabilities, triage findings, generate Vulnerability Exploitability eXchange (VEX) documents, and publish disclosures.

3. Account Registration

To use the Service, you must create an account with a valid email address and a secure password. You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account. You must notify us immediately of any unauthorized use.

4. Permitted Use

You may use the Service to:

  • Manage your organization's software products and releases
  • Upload and analyze SBOMs for vulnerability scanning
  • Triage vulnerabilities and record disposition assessments
  • Generate and publish VEX documents
  • Collaborate with team members on vulnerability disclosure

You may not use the Service for any unlawful purpose, to distribute malware, to interfere with the Service's operation, or to access other users' data without authorization.

5. Subscription and Billing

The Service offers a free tier and paid subscription plans. Subscriptions are billed monthly or annually as selected at the time of purchase. Prices are listed on our pricing page and may be updated with 30 days' notice.

Paid subscriptions renew automatically unless cancelled before the renewal date. You may upgrade, downgrade, or cancel your subscription at any time from your account settings. Downgrades take effect at the end of the current billing period.

6. Usage Limits

Each plan includes limits on products, releases, team members, and published disclosures. If you exceed your plan's limits, a grace period may apply during which you can upgrade or reduce usage. We reserve the right to restrict functionality if limits are consistently exceeded without upgrading.

7. Data Ownership

You retain all ownership rights to the data you upload to the Service, including SBOMs, vulnerability assessments, disposition records, and VEX documents. We do not claim any intellectual property rights over your content.

You grant us a limited license to process, store, and display your data solely to provide the Service. For published disclosures, you grant us permission to make those documents publicly accessible as directed by you.

8. Intellectual Property

The Service, including its software, design, and documentation, is owned by CVEium and protected by intellectual property laws. Your subscription grants you a non-exclusive, non-transferable right to use the Service for its intended purpose.

9. Privacy

Your use of the Service is also governed by our Privacy Policy, which describes how we collect, use, and protect your data.

10. Service Availability

We strive to maintain high availability but do not guarantee uninterrupted access. The Service may be temporarily unavailable for maintenance, updates, or circumstances beyond our control. We will make reasonable efforts to provide advance notice of planned downtime.

11. Limitation of Liability

The Service is provided "as is" without warranties of any kind. CVEium is not liable for any indirect, incidental, or consequential damages arising from your use of the Service. Our total liability shall not exceed the amount you have paid for the Service in the 12 months preceding the claim.

The vulnerability data provided through the Service is sourced from public databases and is offered for informational purposes. We do not guarantee the completeness, accuracy, or timeliness of vulnerability data. You are responsible for verifying findings and making your own security decisions.

12. Termination

You may close your account at any time. We may suspend or terminate your account if you violate these terms or if required by law. Upon termination, your data will be retained for 30 days to allow export, after which it will be permanently deleted.

13. Changes to Terms

We may update these terms from time to time. Material changes will be communicated via email or through the Service with at least 30 days' notice. Continued use of the Service after changes take effect constitutes acceptance of the updated terms.

14. Governing Law

These terms are governed by the laws of the European Union and the applicable member state where CVEium is established. Any disputes shall be resolved in the competent courts of that jurisdiction.

15. Contact

For questions about these terms, contact us at legal@cveium.com.