CBOMCompliance.com is operated by NextGenRails™. The service accepts CycloneDX and SPDX JSON manifests, processes them to produce cryptographically signed receipt artifacts under Protocol NGR-TEC-CBM-002, and returns a portable JWS-signed receipt to the submitter.
Depending on the tier purchased, the service may also provide vulnerability intelligence sourced from OSV and NVD, component-level risk analysis, confidence scoring, and time-aware re-evaluation of previously issued receipts.
The service does not store, log, or retain any submitted manifest. The submitted manifest is discarded immediately following computation. NextGenRails™ retains no copy of submitted content and cannot reconstruct it.
Upon completing a purchase, you will receive an access code that controls your usage entitlement. This access code is personal and non-transferable.
All payments are processed securely by Stripe. NextGenRails™ does not store payment card information.
One-Time Packs — Standard Pack ($49) and Advanced Pack ($199) are one-time purchases granting a fixed number of receipts. Receipt entitlements do not expire.
Monthly Subscriptions — Professional ($299/month) and Professional Plus ($999/month) are recurring subscriptions. Receipt entitlements reset at the start of each billing cycle. Unused receipts from a prior cycle do not carry forward.
Enterprise — Enterprise agreements are governed by a separate written contract. Contact ngr.admin@proton.me.
All sales are final. Due to the nature of cryptographic receipt issuance, NextGenRails™ does not offer refunds on one-time pack purchases once an access code has been issued.
For monthly subscriptions, no prorated refunds are issued for partial billing periods. Your access continues through the end of the paid period following cancellation.
NextGenRails™ makes reasonable efforts to maintain service availability but does not guarantee uninterrupted access. The service is provided on an as-available basis.
Service may be temporarily unavailable due to:
NextGenRails™ shall not be liable for any damages, losses, or subscription credits resulting from service unavailability. Downtime does not entitle subscribers to refunds, credits, or extensions of their billing period.
NextGenRails™ does not retain, store, log, or archive any manifest submitted to the service. All submitted content is discarded immediately following cryptographic computation.
NextGenRails™ retains only: access code records, Stripe transaction records, and issued receipt identifiers. No manifest content, component data, or vulnerability findings are stored beyond the active processing session.
Because NextGenRails™ retains no copy of submitted manifests, it cannot reproduce, recover, or provide discovery of submitted content in response to legal process. Users should retain their own copies of submitted manifests.
CBOMCompliance.com issues cryptographic proof artifacts. It does not certify, guarantee, or warrant that use of the service satisfies any regulatory requirement, including but not limited to CMMC, Executive Order 14412, the EU Cyber Resilience Act, or any other framework.
Vulnerability intelligence provided in Advanced tier receipts is sourced from third-party databases (OSV, NVD) and is provided for informational purposes only. NextGenRails™ makes no warranty as to the completeness, accuracy, or currency of vulnerability data.
Users are solely responsible for determining whether the service meets their compliance obligations. NextGenRails™ recommends consulting qualified compliance professionals for regulatory guidance.
To the maximum extent permitted by applicable law, NextGenRails™ shall not be liable for any indirect, incidental, consequential, special, or punitive damages arising from your use of or inability to use the service.
In no event shall NextGenRails™'s total liability to you for any claim arising from these Terms or your use of the service exceed the total amount paid by you to NextGenRails™ in the twelve (12) months preceding the claim.
You agree not to use CBOMCompliance.com to:
NextGenRails™ reserves the right to immediately revoke access and terminate service to any user found in violation of these provisions without refund.
NextGenRails™ reserves the right to suspend or terminate access to the service at any time for violation of these Terms, fraudulent activity, or misuse of access codes.
You may terminate your subscription at any time. Termination of a subscription does not entitle you to a refund of any prepaid fees.
One-time pack access codes remain valid for their remaining receipt entitlement unless revoked for cause.
These Terms shall be governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict of law provisions.
Any dispute arising under these Terms shall be resolved exclusively in the state or federal courts located in Delaware. By using this service, you consent to the personal jurisdiction of such courts.
NextGenRails™ reserves the right to modify these Terms at any time. Material changes will be posted to this page with an updated effective date. Continued use of the service following any modification constitutes acceptance of the revised Terms.
It is your responsibility to review these Terms periodically. If you do not agree to a modification, you must discontinue use of the service.
You agree to indemnify, defend, and hold harmless NextGenRails™ from and against any claims, damages, liabilities, losses, costs, or expenses (including reasonable legal fees) arising from or related to: (a) any manifest or other content you submit to the service; (b) your violation of these Terms or any applicable law; (c) your infringement of any third-party right; or (d) misuse of your access code.
Because NextGenRails™ retains no copy of submitted manifests and cannot review their contents, responsibility for the legality and appropriateness of submitted content rests solely with you.
You must be at least 18 years old and able to form a binding contract to use the service. If you use the service on behalf of an organization, you represent that you are authorized to bind that organization to these Terms, in which case "you" refers to that organization.
Entire Agreement. These Terms, together with the Privacy Policy, constitute the entire agreement between you and NextGenRails™ regarding the service and supersede any prior agreements or understandings.
Severability. If any provision of these Terms is held unenforceable, that provision will be limited or severed to the minimum extent necessary, and the remaining provisions will remain in full force and effect.
Assignment. You may not assign or transfer these Terms without NextGenRails™'s prior written consent. NextGenRails™ may assign these Terms in connection with a merger, acquisition, reorganization, or sale of assets.
Waiver. Failure to enforce any provision of these Terms is not a waiver of the right to enforce it later.
Your use of the service is also governed by our Privacy Policy, which describes the limited personal data we collect, the third-party providers we use, and your data rights. Manifests you submit are processed in memory and discarded under the Zero Retention Policy in Section 6; we retain only limited account and access-code records to operate your purchase. To request deletion of your personal data, contact ngr.admin@proton.me; requests are processed within 30 days.
For questions regarding these Terms, billing disputes, or access code issues, contact NextGenRails™ at: