Privacy Policy
Last updated: June 25, 2026
1. Data controller
The data controller is SYSDEVOPS.EU Jarosław Karsznia, ul. Zbożowa 5/34, 81-020 Gdynia, Poland, Tax ID (NIP): 5871592779.
Contact: support@secvalis.eu
2. Analytics — Umami
The CVE catalog uses Umami Analytics — a web analytics tool that does not use cookies and does not collect personal data. Umami processes only anonymized statistical data (device type, country, visited pages). Using Umami does not require user consent under GDPR or the Polish Telecommunications Law.
Analytics tracking runs only on this public CVE catalog. The login panel and the dashboard for authenticated users do not include this script.
3. Cookies
This public CVE catalog does not use any tracking or marketing cookies. The login panel (outside the scope of this page) may use session cookies necessary for authentication — this is a separate part of the application and not the subject of this policy.
4. Trial account users
When you register for a free trial we process the data you provide (email address) and account data needed to deliver the Service, on the basis of performing the agreement (GDPR Art. 6(1)(b)). After moving to a paid plan, we also process billing data to fulfil our legal obligations — issuing invoices and keeping accounting records (GDPR Art. 6(1)(c)).
5. Registration IP address (anti-abuse)
At registration we store the IP address from which the account was created (signupIp). We use it solely to prevent abuse of open registration — for example to limit mass automated account creation from a single address. The legal basis is our legitimate interest in protecting the Service (GDPR Art. 6(1)(f)).
6. Data recipients (processors)
To deliver the Service we use the following processors who may process account data on our behalf:
- Resend (Resend, Inc., USA) — sending transactional emails (account verification, notifications). Data processed: email address. Transfer to the USA takes place under the appropriate GDPR safeguards (standard contractual clauses / Data Privacy Framework).
- OVHcloud (OVH SAS, region — Warsaw, Poland) — storage of encrypted backups. Backups are encrypted (restic) before being sent, so OVHcloud has no access to the data in plaintext.
- Error reporting (GlitchTip) is self-hosted on our own server in Poland — not a separate third-party processor. Error reports may contain technical data needed for diagnostics.
- Hosting infrastructure: OVHcloud (OVH SAS), servers located in Warsaw, Poland.
7. Data retention
Personal data is stored for the following periods:
- Account data (email address) — for the duration of the Service (while the Account is maintained) and until the limitation of any claims arising from the agreement;
- Billing and accounting data — for the period required by tax law (5 years from the end of the tax year in which the payment deadline fell);
- Registration IP address — for the period necessary for security and anti-abuse purposes, no longer than 12 months from registration or until an effective objection is raised.
8. Your rights
Under GDPR (Articles 15–21) you generally have the right to access, rectify, erase, restrict processing of, and port your personal data, the right to object to processing (in particular against processing based on our legitimate interest, e.g. storing the IP address), as well as the right to lodge a complaint with the supervisory authority — the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, Poland.
In practice, these rights do not apply to the analytics data described above: Umami does not collect any personal data, so there is no personal data of yours for us to access, rectify, or delete in this context.

