1.1 Free Trial
Users may access data published freely on the service. There are limitations in regard of views, details, and number of items. Scraping large chunks of data is not allowed. Using multiple accounts or other approaches to circumvent limitations are not allowed.
More access capabilities are available for users that have created a free account. After the account validation you are able to access more views, details, and number of items.
1.3 Trial Period
The availability and accessibility of a free account might change over time due to trial expiration or changes in appearance. You are able to enhance the availability and accessibility of your account by purchasing a commercial license.
1.4 Commercial Subscription
Users are able to upgrade their account to a commercial subscription. This will allow more views, details, and number of items according to the purchased subscription level.
There might still be access and/or usage limitations which require a higher commercial subscription level or a custom enterprise license for several views, details, or number of items. Additional purchase of options might be necessary.
Combining multiple accounts to circumvent limitations of the service are not allowed. Splitting licenses onto multiple accounts is possible with enterprise accounts only.
Users with a subscription may upgrade their plans without extra charges.
1.5 Billing Cycle
Commercial subscriptions using credit card payments provide an automated renewal on a monthly basis. The charges apply as soon as a new period begins. It is possible to cancel a subscription at any time to prevent such an autorenewal. In this case the already charged period will expire and no further billing for a renewal will happen.
Commercial subscriptions with invoice payments have an automated renewal after 12 months unless defined otherwise. The payment must happen before the start of the new subscription period.
Enterprise licenses establish a custom contract which handle renewals individually.
1.6 Payment Methods
To use a commercial or enterprise license you must provide a valid payment method that is supported by the service.
All credit card payments are fully automated and handled by our external partner Stripe. Due to security and privacy reasons we do not send receipts nor invoices ourselves. You may find your credit card invoices in your profile. Custom invoicing is possible with other payment methods only.
Commercial subscriptions established with credit card payments can be cancelled at any time. Invoice-based subscriptions require a cancellation via email or contact form unless stated otherwise. As soon as the running and therefore charged period ends, there will be no renewal and no further charging. All access and usage capabilities associated with the expired license will be revoked.
The status of a subscription is visible in the personal user profile. A cancelled subscription can be reactivated before the charged period runs out without further expenses. This would re-enable the autorenewal again.
An immediate cancellation during a running period is not possible and therefore no pro-rata refunds nor chargebacks granted.
Enterprise licenses have a custom contract which handle cancellations individually.
1.8 Changes to Price and Subscription Plans
We may change our subscription plans and the price of our service from time to time. We will notify affected customers at least 30 days before deployment.
2. VulDB Service
VulDB owns all rights, titles, and interests in and to, or has obtained licenses to all data and technology used to provide the service.
2.2 Data Quality
VulDB is eager to provide the best possible data quality. Some of the data is calculated with custom algorithms. Changes or improvements in those algorithms might be reflected in their outcome.
It might always be possible that information is not available and therefore not included in the service. Recurring updating and quality assurance work on eliminating such shortcomings.
Data coverage and quality is provided with best effort unless stated or negotiated otherwise. Enterprise customers have the possibility to establish a pre-defined level of coverage and quality.
2.3 Service Availability
It might be possible that the service or parts of the service are not available temporarily due to technical reasons. Interference because of technical changes will be limited to a minimum. External influences are mitigated as quickly as possible. Redundancy aims at high-availability.
2.4 Commercial Usage
The content provided by the service might be used within the applied license. Free users are not allowed to use the service in a commercial context and have to attribute VulDB as source as defined by the license CC BY-NC-SA 4.0.
Commercial use is only possible if allowed by the individual service agreement of commercial or enterprise licenses.
2.5 Extended Work
All extended work that is not part of the core of the available service must be compensated.
This does include technical tasks like extending coverage, adding vulnerability details, quality control, workshops, phone assistance, and 3rd party software integration for example.
This does also include administrative tasks like supplier onboarding, processing of audit requests, handling of compliance requirements, and supporting proprietary invoicing formats. Our public knowledge base contains all necessary information.
2.6 Customer Support
Users are able to contact our customer support via web form or email if there are any questions or problems regarding our services or data. Support via phone is an optional service that must be purchased additionally.
The amount of requests is limited by account level. Enterprise users might establish an additional service level agreement for such requests.
The availability of our support team is documented online. Further help is provided with our public knowledge base that is available to all our customers.
3. Privacy, Security, and Abuse
3.1 Data Privacy
All data is protected under national data privacy laws of Switzerland. We do also guarantee coverage of extended frameworks like GDPR (EU) and CCPA (US).
Access to data and services is limited and monitored with best practice methods and technologies.
3.2 Account Security
The user that has created an account is responsible to secure the access to the account properly. This includes setting a strong password, to not share account credentials with others, and limit the access to devices using the service.
VulDB cannot be held responsible for compromises that were made possible by violating basic principles of cybersecurity by users.
3.3 Addressing Abuse
Abusing the terms and conditions might result in limitation, cancellation or blacklisting of features, access possibilities, or accounts. We implement several mechanisms to detect and react to abusive behavior. Severe abuse will be prosecuted legally.
3.4 Reporting Abuse
If you think there is some abuse of our services, your account, or credit card fraud please contact the abuse team at firstname.lastname@example.org.
4.1 Governing Law
These terms and conditions shall be governed by and construed in accordance with the laws of Zürich, Switzerland.
4.2 Laws, Rules, and Regulations
You agree to use the service, including all features, and functionalities associated with it, in accordance with all applicable laws, rules and regulations, or other restrictions on use of the service or content therein.
It might be possible that there will be changes to existing Terms and Use. We will notify at least 30 days earlier if such changes apply to existing customers.
Are you interested in using VulDB?
Download the whitepaper to learn more about our service!