No. The app works without an API key, but requests will be rate-limited by NIST. Adding a free API key from nvd.nist.gov significantly increases your request limits.

Your API key is stored securely in the iOS Keychain with device-only encryption. It never leaves your device except when sent directly to NIST to authenticate your requests.

No. CVE Tracker collects nothing. All data — bookmarks, watchlists, search history, cached CVEs — is stored locally on your device and never transmitted to FGA Apps.

Notifications are generated entirely on your device using Apple's notification framework. No third-party push service is used. You can disable them in iOS Settings › CVE Tracker › Notifications.

Background refresh lets the app periodically check for new CVE alerts and news. You can disable it in iOS Settings › General › Background App Refresh › CVE Tracker.

Use the contact form on the support page and describe the issue. Include your iOS version and device model if possible.