TRUST · LEGAL · v1.0

Trust & Legal Center

This page is maintained by Kronos Vault to answer common security, privacy and legal questions about our service. Last updated 3 July 2026.

Overview

Kronos Vault operates kronos-vault.com, a unified CVE intelligence feed aggregating public vulnerability data from NVD, MITRE, GHSA and CISA KEV. This center summarises the terms under which the service is offered, how personal data is processed and the security measures we apply.

The following sections describe our platform capabilities and the shared responsibilities between Kronos Vault, our infrastructure providers and you as a customer. Nothing on this page constitutes a certification or independent audit.

Security

Platform controls

  • All traffic to kronos-vault.com is served over HTTPS with modern TLS.
  • Authentication uses email/password or Google OAuth. Passwords are never stored in plaintext.
  • Application data is protected by row-level security policies scoped to the authenticated user.
  • Administrative access to backend systems is limited to authorised personnel and role-based.
  • Webhook endpoints validate signatures and reject unsafe outbound URLs (SSRF protection).

Shared responsibility

Kronos Vault operates the application layer. Underlying hosting, database and email delivery are provided by third-party infrastructure vendors (see Subprocessors). You are responsible for safeguarding your account credentials and access tokens.

Vulnerability reporting

Report suspected security issues to security@kronos-vault.com. Please provide reproduction steps and allow reasonable time for triage before public disclosure.

Privacy Policy

Effective 3 July 2026.

Data we collect

  • Account data: email address, hashed password or OAuth identifier, display name.
  • Product data: watchlists, alert rules, webhook targets you create.
  • Billing data: processed by our payment provider; we retain order references, plan and invoice metadata.
  • Technical data: IP, user agent, request logs retained for security and debugging.

How we use it

  • Provide and operate the service (contractual necessity).
  • Send transactional emails (activation, password reset, receipts).
  • Fraud prevention, abuse detection, security monitoring (legitimate interest).
  • Analytics and marketing communications only where you consent.

Your rights (GDPR / UK GDPR)

You may request access, correction, deletion, restriction, portability, or object to processing by writing to privacy@kronos-vault.com. You may also lodge a complaint with your local data protection authority.

Retention

Account data is retained for the life of the account plus a reasonable period for billing and legal obligations. Logs are rotated on a rolling basis. Deleted accounts are purged from active systems within 30 days.

International transfers

Some subprocessors operate outside the EEA. Where applicable we rely on Standard Contractual Clauses or equivalent safeguards.

Cookie Policy

We use a small number of cookies and similar storage mechanisms:

  • Strictly necessary: authentication session, CSRF protection, consent state. Always on.
  • Analytics: aggregate usage measurement. Optional, off by default.
  • Marketing: attribution for paid channels. Optional, off by default.

You can change your preferences at any time.

Terms of Service

Effective 3 July 2026.

1. Acceptance

By creating an account or using kronos-vault.com you agree to these Terms. If you do not agree, do not use the service.

2. The service

Kronos Vault aggregates publicly available vulnerability information for informational purposes. The service is provided on an "as-is" and "as-available" basis and is not a substitute for professional security advice.

3. Accounts

You are responsible for the accuracy of your account information and for all activity under your account. You must not share credentials or attempt to circumvent access controls.

4. Acceptable use

  • No reverse engineering, scraping beyond documented rate limits, or resale of raw feeds.
  • No attempts to disrupt service, probe infrastructure without authorisation, or transmit malicious content.
  • No unlawful use or use that infringes third-party rights.

5. Fees and refunds

Paid plans are billed in advance via our payment provider. Except where required by law, fees are non-refundable. You may cancel at any time; access continues until the end of the paid period.

6. Intellectual property

Source data remains subject to the licences of its original publishers. Our aggregation, deduplication and analysis outputs are provided under a limited, non-transferable licence for your internal use.

7. Warranties and liability

To the maximum extent permitted by law, Kronos Vault disclaims all implied warranties. Our aggregate liability for any claim arising from the service is capped at the fees paid in the twelve months preceding the claim.

8. Termination

We may suspend or terminate accounts for material breach of these Terms. You may terminate at any time from your account settings.

9. Governing law

These Terms are governed by the laws of the jurisdiction in which Kronos Vault is established, without regard to conflict-of-laws rules.

10. Changes

We may update these Terms; material changes will be notified by email or in-app. Continued use after the effective date constitutes acceptance.

Data Processing Addendum

Where Kronos Vault processes personal data on your behalf as a data processor (for example, end-user identifiers you upload into watchlists), the following terms apply in addition to the Terms of Service.

  • We process personal data only on your documented instructions.
  • Personnel with access to personal data are bound by confidentiality obligations.
  • We implement appropriate technical and organisational measures (see Security section).
  • We assist you with data subject requests and, where required, data protection impact assessments.
  • Sub-processors are listed below; we notify customers of material changes.
  • On termination, personal data is deleted or returned upon reasonable request.

To execute a signed DPA, contact privacy@kronos-vault.com.

Subprocessors

We rely on the following categories of subprocessors to operate the service:

ProviderPurposeRegion
Cloud application hostingServing the kronos-vault.com applicationGlobal edge
Managed database & authenticationAccount, product and log storageEU
Transactional email deliveryActivation, password reset, notificationsEU / US
Payment processingCheckout, invoicing, taxEU / US

Specific vendor names and locations are provided on request under NDA to customers with a signed DPA.

Contact

Legal & general: legal@kronos-vault.com
Privacy & data protection: privacy@kronos-vault.com
Security disclosures: security@kronos-vault.com