CBOMCompliance.com is operated by NextGenRails™. The service accepts CycloneDX and SPDX JSON manifests, processes them to produce cryptographically signed receipt artifacts under Protocol NGR-TEC-CBM-002, and returns a portable JWS-signed receipt to the submitter.
Depending on the tier purchased, the service may also provide vulnerability intelligence sourced from OSV and NVD, component-level risk analysis, confidence scoring, and time-aware re-evaluation of previously issued receipts.
The service does not store, log, or retain any submitted manifest. The submitted manifest is discarded immediately following computation. NextGenRails™ retains no copy of submitted content and cannot reconstruct it.
Upon completing a purchase, you will receive an access code that controls your usage entitlement. This access code is personal and non-transferable.
All payments are processed securely by Stripe. NextGenRails™ does not store payment card information.
One-Time Packs — Standard Pack ($49) and Advanced Pack ($199) are one-time purchases granting a fixed number of receipts. Receipt entitlements do not expire.
Monthly Subscriptions — Professional ($299/month) and Professional Plus ($999/month) are recurring subscriptions. Receipt entitlements reset at the start of each billing cycle. Unused receipts from a prior cycle do not carry forward.
Enterprise — Enterprise agreements are governed by a separate written contract. Contact ngr.admin@proton.me.
All sales are final. Due to the nature of cryptographic receipt issuance, NextGenRails™ does not offer refunds on one-time pack purchases once an access code has been issued.
For monthly subscriptions, no prorated refunds are issued for partial billing periods. Your access continues through the end of the paid period following cancellation.
NextGenRails™ makes reasonable efforts to maintain service availability but does not guarantee uninterrupted access. The service is provided on an as-available basis.
Service may be temporarily unavailable due to:
NextGenRails™ shall not be liable for any damages, losses, or subscription credits resulting from service unavailability. Downtime does not entitle subscribers to refunds, credits, or extensions of their billing period.
NextGenRails™ does not retain, store, log, or archive any manifest submitted to the service. All submitted content is discarded immediately following cryptographic computation.
NextGenRails™ retains only: access code records, Stripe transaction records, and issued receipt identifiers. No manifest content, component data, or vulnerability findings are stored beyond the active processing session.
Because NextGenRails™ retains no copy of submitted manifests, it cannot reproduce, recover, or provide discovery of submitted content in response to legal process. Users should retain their own copies of submitted manifests.
CBOMCompliance.com issues cryptographic proof artifacts. It does not certify, guarantee, or warrant that use of the service satisfies any regulatory requirement, including but not limited to CMMC, EO 14028, the EU Cyber Resilience Act, or any other framework.
Vulnerability intelligence provided in Advanced tier receipts is sourced from third-party databases (OSV, NVD) and is provided for informational purposes only. NextGenRails™ makes no warranty as to the completeness, accuracy, or currency of vulnerability data.
Users are solely responsible for determining whether the service meets their compliance obligations. NextGenRails™ recommends consulting qualified compliance professionals for regulatory guidance.
To the maximum extent permitted by applicable law, NextGenRails™ shall not be liable for any indirect, incidental, consequential, special, or punitive damages arising from your use of or inability to use the service.
In no event shall NextGenRails™'s total liability to you for any claim arising from these Terms or your use of the service exceed the total amount paid by you to NextGenRails™ in the twelve (12) months preceding the claim.
You agree not to use CBOMCompliance.com to:
NextGenRails™ reserves the right to immediately revoke access and terminate service to any user found in violation of these provisions without refund.
NextGenRails™ reserves the right to suspend or terminate access to the service at any time for violation of these Terms, fraudulent activity, or misuse of access codes.
You may terminate your subscription at any time. Termination of a subscription does not entitle you to a refund of any prepaid fees.
One-time pack access codes remain valid for their remaining receipt entitlement unless revoked for cause.
These Terms shall be governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict of law provisions.
Any dispute arising under these Terms shall be resolved exclusively in the state or federal courts located in Delaware. By using this service, you consent to the personal jurisdiction of such courts.
NextGenRails™ reserves the right to modify these Terms at any time. Material changes will be posted to this page with an updated effective date. Continued use of the service following any modification constitutes acceptance of the revised Terms.
It is your responsibility to review these Terms periodically. If you do not agree to a modification, you must discontinue use of the service.
This site collects anonymous usage analytics including pages visited, browser type and version, referrer URL, device type, and approximate geographic location derived from IP address. No personally identifiable information is collected or stored. IP addresses are never retained.
Payment data is processed exclusively by Stripe. NextGenRails™ does not store your payment card details, card number, or CVV. Only a transaction reference is retained for reconciliation purposes.
Submitted content (documents, manifests, financial messages) is processed in memory and immediately discarded per the Zero Retention Policy above. No submitted content is stored after processing.
Analytics data is used solely for internal operational purposes and is never sold, shared, or used for advertising. For the full analytics disclosure covering all NextGenRails™ properties, see nextgenrails.net/legal.
To request deletion of any personal data, contact ngr.admin@proton.me. Requests will be processed within 30 days.
For questions regarding these Terms, billing disputes, or access code issues, contact NextGenRails™ at: