Last updated: 18 May 2026
ByteGuard CVE is an Android app for browsing CVE information and receiving notifications when new vulnerabilities match keywords you choose.
This policy explains what data the app collects, why it is collected, and how you can delete it.
ByteGuard CVE is published by enim, an independent developer. enim is the data controller responsible for processing under the EU General Data Protection Regulation (GDPR) and the UK GDPR.
Contact: enim@byte-guard.net
ByteGuard CVE does not ask for your name, email address, phone number, contacts, photos, messages, files, or payment information.
The app may collect the following limited data:
| Data | Why it is used |
|---|---|
| Anonymous Firebase user ID | To identify your app install for watchlist sync and push alerts. |
| Firebase Cloud Messaging token | To send CVE alert notifications to your device. |
| Watchlist keywords | To match new CVEs against products, vendors, or technologies you choose. |
| App settings | To save preferences such as quiet hours, notification settings, and severity filters. |
| Crash logs | To diagnose app crashes and improve reliability. |
| Basic app activity | To understand app usage at a high level, such as screen views or feature usage. |
| Advertising identifier and ad interaction data | Used by Google AdMob to serve banner ads inside the app. Non-personalized ads are requested by default. |
Watchlist keywords may include technology names such as nginx, openssl, docker, or other terms you enter.
| Purpose | Lawful basis |
|---|---|
| Browsing CVE data and caching it on your device | Legitimate interest — providing the core read-only feature you installed the app for. |
| Registering your anonymous ID + FCM token with the backend to deliver push alerts | Consent — granted on first launch and revocable at any time via Settings → Reset and unsubscribe. |
| Storing and matching your watchlist keywords | Consent — same as above. |
| Crash diagnostics (Firebase Crashlytics) | Consent — disabled by default; opt-in via Settings → Crash reports. |
| Usage analytics (Firebase Analytics) | Consent — disabled by default; opt-in via Settings → Usage analytics. |
| Banner advertising (Google AdMob) | Consent — granted on first launch. Non-personalized ads are requested so no advertising profile is built. |
You can withdraw consent at any time by toggling the relevant setting off, or by tapping Settings → Reset and unsubscribe, which clears local data and asks the backend to delete your device record.
| Data | Retention |
|---|---|
| Anonymous Firebase user ID, FCM token, watchlist keywords (backend) | Stored until you unregister via Settings → Reset and unsubscribe, or until your install is inactive for 12 months (whichever comes first). |
| Local cache (recent CVEs, watchlist, settings) | Stored on your device until you clear app data, uninstall, or use Reset and unsubscribe. |
| Crash logs (Firebase Crashlytics) | Retained for up to 90 days by Google, per Firebase defaults. |
| Usage analytics (Firebase Analytics) | Retained for up to 14 months by Google, per Firebase defaults. |
| Server logs (HTTP access logs at the backend) | Retained for up to 30 days for abuse prevention, then deleted. |
| AdMob ad interaction data | Retained by Google per AdMob defaults (see Google’s data retention documentation). |
The app stores recent CVE data, watchlist entries, ignored CVEs, and settings locally on your device using Android local storage.
This local data is used to make the app faster and to keep recently viewed CVEs available offline.
When push alerts are enabled, the app sends the backend:
This is required so the backend can send a notification when a new CVE matches your watchlist.
ByteGuard CVE uses Firebase services provided by Google:
Google may process this data as a service provider according to Google Firebase terms and privacy documentation.
CVE information shown in the app comes from the ByteGuard CVE backend at cve.byte-guard.net, which is based on public vulnerability data sources such as the National Vulnerability Database.
The app does not invent CVE descriptions, scores, references, or severity data.
We do not sell your data.
We do not share your personal information with advertisers or data brokers.
Data may be processed by service providers needed to operate the app, such as Google Firebase and the ByteGuard CVE backend.
The app asks for notification permission so it can send CVE alerts.
You can disable notifications in Android system settings or inside the app settings.
You can delete your app data from the app:
This clears local app data and asks the backend to unregister your device from push alerts.
You can also contact enim@byte-guard.net and request deletion.
If you are in the European Economic Area, the United Kingdom, or a region with similar laws, you have the right to:
To exercise any of these rights, email enim@byte-guard.net. Because the app only stores an anonymous identifier, please include that ID (visible in Settings) so we can locate your record.
Firebase processes data on Google infrastructure that may be located outside your country, including in the United States. Google relies on the European Commission’s Standard Contractual Clauses for such transfers; see Google’s documentation for details.
ByteGuard CVE is not directed to children under 16 and we do not knowingly collect data from them.
This policy may be updated as the app changes. The updated policy will be posted at the privacy policy URL used in the app listing.