Data Transparency
We don't ask you to trust us. We show you.
What we receive per API call
When you query our API, this is the complete record we store. Not a summary. Not a redacted version. This is it.
Standard Tier: CVE Lookup
{
"customer_id": 1,
"endpoint": "/api/v1/cve/cisco/C9800-40-K9",
"query_params": "os_version=17.09.04a",
"response_time_ms": 1,
"tier": "standard",
"queue_wait_ms": 0,
"processing_ms": 1,
"queue_depth_at_arrival": 0,
"country_code": "US",
"timestamp": "2026-03-29T13:12:36Z"
}Enterprise Tier: EOL Lookup
{
"customer_id": 13,
"endpoint": "/api/v1/eol/cisco/WS-C3750X-48P-S",
"query_params": "",
"response_time_ms": 1,
"tier": "enterprise",
"queue_wait_ms": 0,
"processing_ms": 1,
"queue_depth_at_arrival": 0,
"country_code": "US",
"timestamp": "2026-03-30T06:34:51Z"
}Standard Tier: Linux EOL Lookup
{
"customer_id": 12,
"endpoint": "/api/v1/linux/distro/fedora/Fedora 37",
"query_params": "",
"response_time_ms": 1,
"tier": "standard",
"queue_wait_ms": 0,
"processing_ms": 1,
"queue_depth_at_arrival": 0,
"country_code": "US",
"timestamp": "2026-03-29T00:39:14Z"
}Why country_code?
Cloudflare passes a country code to us as a standard HTTP header. That is all we store. Your IP address is never written to our database, never logged, never retained. We use country data solely to plan infrastructure capacity so we can reduce latency as demand grows in new regions. Infrastructure is currently in US-East, with expansion driven by where our customers actually are.
Read it again. Here's what's NOT in there.
✗ IP addresses
✗ Hostnames
✗ Device configs
✗ Network topology
✗ Serial numbers
✗ Inventory files
✗ Company names
✗ Email addresses
We receive a model number or distro name. We return public EOL dates and CVE data. That's the entire transaction.
Enterprise doesn't buy better data. It buys throughput.
The only difference between the two records above is the tier field. The data served is identical.
| Standard | Enterprise | |
|---|---|---|
| EOL + CVE data | Identical | Identical |
| API response format | Identical | Identical |
| What we log | Identical | Identical |
| Rate limit | 10 req/s | 50 req/s (upgradeable) |
Don't take our word for it. Read the code.
The collector is open source. It SSHes into your devices, runs show version, parses the model number locally, and sends only the model string to our API. Your credentials, configs, and command output never leave your network.
Database Coverage
Sourced from official vendor bulletins. Updated weekly.