Terms of Use

VulDB provides a data service that allows users to access information about security vulnerabilities and threat intelligence. This data can be accessed via web site or API. These Terms of Use govern the service of VulDB.

1. Access

1.1 Free Trial

Users may access data published freely on the service. There are limitations in regard of views, details, and number of items. Scraping large chunks of data is not allowed. Using multiple accounts or other approaches to circumvent limitations are not allowed.

1.2 Registration

More access capabilities are available for users that have created a free account. After the account validation you are able to access more views, details, and number of items.

1.3 Trial Period

The availability and accessibility of a free account might change over time due to trial expiration or changes in appearance. You are able to enhance the availability and accessibility of your account by purchasing a commercial license.

1.4 Commercial Subscription

Users are able to upgrade their account to a commercial subscription. This will allow more views, details, and number of items according to the purchased subscription level.

There might still be access and/or usage limitations which require a higher commercial subscription level or a custom enterprise license for several views, details, or number of items. Additional purchase of options might be necessary.

Combining multiple accounts to circumvent limitations of the service are not allowed. Splitting licenses onto multiple accounts is possible with enterprise accounts only.

Users with a subscription may upgrade their plans without extra charges.

1.5 Billing Cycle

Commercial subscriptions using credit card payments provide an automated renewal on a monthly basis. The charges apply as soon as a new period begins. It is possible to cancel a subscription to prevent such an autorenewal. In this case the already charged period will expire and no further billing for a renewal will happen.

Commercial subscriptions with invoice payments have an automated renewal after 12 months unless defined otherwise. The payment must happen before the start of the new subscription period.

Enterprise licenses establish a custom contract which handle renewals individually.

1.6 Payment Methods

To use a commercial or enterprise license you must provide a valid payment method that is supported by the service.

All credit card payments are fully automated and handled by our external partner Stripe. Due to security and privacy reasons we do not send receipts nor invoices ourselves. You may find your credit card invoices in your profile. Custom invoicing is possible with other payment methods only.

1.7 Cancellation

Commercial subscriptions established with credit card payments can be cancelled at any time. Invoice-based subscriptions require a cancellation via email or contact form unless stated otherwise. As soon as the running and therefore charged period ends, there will be no renewal and no further charging. All access and usage capabilities associated with the expired license will be revoked.

The status of a subscription is visible in the personal user profile. A cancelled subscription can be reactivated before the charged period runs out without further expenses. This would re-enable the autorenewal again.

An immediate cancellation during a running period is not allowed and therefore no chargebacks possible.

Enterprise licenses have a custom contract which handle cancellations individually.

1.8 Changes to Price and Subscription Plans

We may change our subscription plans and the price of our service from time to time. We will notify affected customers at least 30 days before deployment.

2. VulDB Service

2.1 Rights

VulDB owns all rights, titles, and interests in and to, or has obtained licenses to all data and technology used to provide the service.

2.2 Data Quality

VulDB is eager to provide the best possible data quality. Some of the data is calculated with custom algorithms. Changes or improvements in those algorithms might be reflected in their outcome.

It might always be possible that information is not available and therefore not included in the service. Recurring updating and quality assurance work on eliminating such shortcomings.

Data coverage and quality is provided with best effort unless stated or negotiated otherwise. Enterprise customers have the possibility to establish a pre-defined level of coverage and quality.

2.3 Service Availability

It might be possible that the service or parts of the service are not available temporarily due to technical reasons. Interference because of technical changes will be limited to a minimum. External influences are mitigated as quickly as possible. Redundancy aims at high-availability.

2.4 Commercial Usage

The content provided by the service might be used within the applied license. Free users are not allowed to use the service in a commercial context and have to attribute VulDB as source as defined by the license CC BY-NC-SA 4.0.

Commercial use is only possible if allowed by the individual service agreement of commercial or enterprise licenses.

2.5 Extended Work

All extended work that is not part of the core of the available service must be compensated. Additional assignments are negotiated and approved by both parties before execution.

This does include technical tasks like extending coverage, adding technical details, quality control, and workshops for example.

This does also include administrative tasks like supplier onboarding and processing of audit requests for example. Our public knowledge base contains all necessary information.

2.6 Customer Support

Users are able to contact our customer support if there are any questions or problems. The amount of requests is limited by account level. Enterprise users might establish an additional service level agreement for such requests.

3. Privacy, Security, and Abuse

3.1 Data Privacy

All data is protected under national data privacy laws of Switzerland. We do also guarantee coverage of extended frameworks like GDPR (EU) and CCPA (US).

Access to data and services is limited and monitored with best practice methods and technologies.

We do not collect, share nor sell personal data. Data handling is minimized to legal, regulatory, and technical requirements. We do not qualify as data processor. Details are available in our data privacy policy.

3.2 Account Security

The user that has created an account is responsible to secure the access to the account properly. This includes setting a strong password, to not share account credentials with others, and limit the access to devices using the service.

VulDB cannot be held responsible for compromises that were made possible by violating basic principles of cybersecurity by users.

3.3 Addressing Abuse

Abusing the terms and conditions might result in limitation, cancellation or blacklisting of features, access possibilities, or accounts. We implement several mechanisms to detect and react to abusive behavior. Severe abuse will be prosecuted legally.

3.4 Reporting Abuse

If you think there is some abuse of our services, your account, or credit card fraud please contact the abuse team at fraud@vuldb.com.

4. Legal

4.1 Governing Law

These terms and conditions shall be governed by and construed in accordance with the laws of Zürich, Switzerland.

4.2 Laws, Rules, and Regulations

You agree to use the service, including all features, and functionalities associated with it, in accordance with all applicable laws, rules and regulations, or other restrictions on use of the service or content therein.

4.3 Survival

If any provision of these Terms of Use shall be invalid, illegal, or unenforceable, the validity, legality and enforceability of the remaining provisions shall remain in full force and effect.

4.4 Changes to Terms of Use

It might be possible that there will be changes to existing Terms and Use. We will notify at least 30 days earlier if such changes apply to existing customers.

Do you want to use VulDB in your project?

Use the official API to access entries easily!