Privacy Policy
Effective date: May 27, 2026 Last updated: May 27, 2026
This Privacy Policy describes how Cova (“Cova,” “we,” “us,” or “our”) collects, uses, discloses, and protects information about you when you use the Cova mobile application (the “App”) and the website at trycova.app (the “Site,” and together with the App, the “Services”).
Cova is operated in California, United States. For privacy questions or to exercise your rights, contact us at support@trycova.app.
Pre-launch note (to be removed before public launch): Cova is not yet incorporated. When the Cova entity is formed, this Policy will be updated to name it as the business responsible for your information. The operator above remains your point of contact in the interim.
1. Summary
- We collect the information we need to run Cova and keep it safe: account details, the content you create, your approximate or precise location when you create or join a gathering, and signals about your participation.
- We use it to operate the Services, personalize your experience, keep the community safe, and communicate with you.
- We share it only with service providers that help us run Cova, and only for that purpose.
- We do not sell or “share” (as defined under California law) your personal information, and we do not use it for cross-context behavioral advertising.
- You can delete your account at any time from within the App. When you do, we delete and de-identify your data — we permanently delete your profile and disconnect any remaining activity (like past gatherings) from your identity.
This summary is for convenience only; please read the full Policy below.
2. Scope
This Policy applies to everyone who uses the Services. Cova is intended only for individuals who are at least 18 years old (see Section 11) and is currently offered only in the United States. We do not knowingly direct the Services to, or collect information from, individuals outside the United States.
3. Information we collect
We collect information from three sources: information you provide, information collected automatically, and information from third parties.
3.1 Information you provide to us
- Account information: your display name, profile photo (avatar), and the sign-in provider you use (Google or Apple).
- Age confirmation: at sign-up you confirm your date of birth so we can verify you are 18 or older. We do not store your date of birth — we record only the fact and time that age was confirmed.
- Content you create: gathering (“cove”) titles, descriptions, and addresses; messages you send in group chats; attendance records; and any reports, safety reports, appeals, or feedback you submit.
3.2 Information we collect automatically
- Authentication data: a session token issued after you sign in.
- Device and push data: a device-bound push notification token used to deliver notifications.
- Location data (optional). When you create or join a gathering, you enter an address — that typed address is the location we use for the cove, not your live device location. Separately, if you grant location permission, we use your device’s location only to calculate distances to nearby gatherings. You can use Cova without granting location access. We only request location when a feature needs it, and we never track your location in the background.
- Usage and diagnostic data: app interactions (screens viewed, actions taken) and crash/error reports, including device and app version.
3.3 Information from third parties
When you sign in with Google or Apple, we receive your name, email address, and profile photo from that provider. Your email is stored by our authentication provider and used for account management; we do not currently send marketing email.
3.4 Categories of personal information (California)
For California residents, the following table maps the information above to the statutory categories under the California Consumer Privacy Act, as amended (“CCPA”). We have collected these categories in the preceding 12 months.
| CCPA category | Examples we collect | Source | Disclosed to (Section 6) |
|---|---|---|---|
| Identifiers | User ID, display name, push token, IP address, OAuth ID | You; automatic; provider | Infrastructure & analytics providers |
| Customer records / commercial information | Subscription tier and status | You; payment provider | Subscription provider |
| Internet or network activity | App usage events, crash and error logs | Automatic | Analytics & error providers |
| Geolocation data (precise — see Section 4) | Cova addresses, device location for distance | You; device | Maps provider (coordinates only) |
| Audio, visual, or similar information | Profile photo | You | Infrastructure provider |
| Inferences | Trust score (“rings”), trust tier, category preferences | Derived | Not disclosed |
We do not collect Social Security numbers, government IDs, biometric information, health information, financial account numbers, or information about your race, religion, sexual orientation, or other protected characteristics.
4. Sensitive personal information
The precise location you supply for a gathering — and your device location used to compute distance — is “sensitive personal information” under California law. We use this information only to provide the Services (showing you nearby gatherings, giving members the meeting address, and rendering a map). We do not use it to infer characteristics about you, and we do not sell or share it. Under the CCPA you may limit our use of sensitive personal information to these necessary purposes; because we already use it only for those purposes, no further action is needed, but you may contact us with any concern.
5. How we use information
We use personal information for the following business purposes:
- To operate the Services — show nearby gatherings, let you create and join them, deliver group chat, and track attendance.
- To personalize your experience — rank gatherings using your category preferences, distance, and trust tier.
- To keep Cova safe — review reports, enforce our Terms of Service and Community Guidelines, operate the trust (“rings”) system, and prevent fraud and abuse.
- To communicate with you — send push notifications about gatherings you’ve joined, chat replies, host announcements, and moderation outcomes.
- To maintain and improve the Services — diagnose crashes and understand how the Services are used.
- To process payments — manage Cova Unlimited subscriptions through Apple’s in-app purchase system.
- To comply with law — meet legal obligations and respond to lawful requests.
6. How we disclose information
We disclose personal information only to service providers and processors that perform functions on our behalf, under contracts that prohibit them from using it for their own purposes. We do not disclose your free-text content (chat messages, reports, appeals, descriptions, feedback) to any analytics or advertising provider.
| Category of recipient | Purpose | Categories disclosed |
|---|---|---|
| Cloud infrastructure provider | Database, authentication, file storage | All categories — this is our backend |
| Analytics provider | Understand how the Services are used | Identifiers, internet/network activity |
| Error-monitoring provider | Diagnose crashes and errors | Identifiers, internet/network activity |
| Subscription provider | Manage subscriptions | Identifiers, commercial information |
| Platform providers (sign-in, push, payments) | Authentication, notifications, billing | Identifiers |
| Maps provider | Render maps and address autocomplete | Geolocation (coordinates only) |
We may also disclose information (a) to comply with law or a valid legal request, (b) to enforce our Terms, or (c) to protect the rights, property, or safety of our users or the public.
We do not sell your personal information, and we do not “share” it for cross-context behavioral advertising, as those terms are defined under the CCPA. We have not done so in the preceding 12 months.
7. Data retention
We keep personal information only as long as necessary for the purposes described in this Policy.
| Data | Retention |
|---|---|
| Account profile | Until you delete your account; de-identified immediately on deletion (Section 8) |
| Gatherings you created or joined | Retained as historical records; your identity is de-identified after account deletion |
| Group chat messages | Visible to members until 24 hours after the gathering ends; records retained for safety audit |
| Push token | Until you sign out, change devices, or delete your account |
| Reports and safety reports | Retained as a moderation and audit record |
| Crash and analytics data | Per provider retention windows (analytics ~12 months; error logs ~30–90 days) |
| Subscription records | Until account deletion; deletion request sent to the subscription provider in periodic cleanup |
8. Your privacy rights
8.1 Everyone
- Access your account information by viewing your profile in the App.
- Correct your display name and avatar in Edit Profile.
- Delete your account in Profile → Account Settings → Delete account. We delete and de-identify your data: we immediately delete your avatar, your push token, your sign-in details, your notifications, and your authentication record, and we replace your display name with “Deleted Account.” Activity tied to other members (past gatherings, attendance, chat) is retained in de-identified form so their records stay coherent; it is no longer reasonably linkable to you.
- Manage notifications in Profile → Notifications or in your device settings.
8.2 California residents (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know / access the categories of personal information we collect, the sources, the purposes, and the categories of recipients — all described in this Policy. You can view your profile information any time in the App, and you can request a copy of the specific personal information we hold about you by emailing support@trycova.app.
- Delete the personal information we have collected from you.
- Correct inaccurate personal information.
- Limit the use of sensitive personal information to necessary purposes (see Section 4).
- Opt out of sale or sharing — not applicable, as we do not sell or share personal information.
- Non-discrimination — we will not discriminate against you for exercising these rights.
You may exercise these rights through the in-App controls in Section 8.1 or by emailing support@trycova.app. We will verify your request using your account credentials. You may use an authorized agent to submit a request on your behalf with proof of authorization.
8.3 How we respond
We aim to respond to rights requests within 45 days, extendable by another 45 days where permitted. There is no fee unless a request is excessive or unfounded.
9. Security
- All connections between the App, the Site, and our backend use TLS (HTTPS).
- On-device data is stored in the iOS Keychain / Android Keystore (authentication) or in encrypted local storage keyed to a device-bound secret (everything else).
- Database access is governed by row-level security, so an authenticated user can only access data they are authorized to see.
No method of transmission or storage is completely secure. If you believe your account has been compromised, contact support@trycova.app immediately.
10. Third-party services
The Services rely on the service providers described in Section 6, each of which maintains its own privacy practices. Maps and address-autocomplete features are provided by a third-party maps provider subject to its own privacy policy. Sign-in is provided by Google and Apple. We encourage you to review those providers’ privacy policies.
11. Children’s privacy
Cova is intended for adults. We do not knowingly collect personal information from anyone under 18. At sign-up we ask for a date of birth and decline accounts under 18, storing only the fact that age was confirmed. If you believe a person under 18 has provided us information, contact support@trycova.app and we will delete the account and associated data.
12. Changes to this Policy
We may update this Policy from time to time. The current version is always available in the App under Profile → Legal and at trycova.app/privacy. When we make a material change, we will provide notice within the Services and update the “Last updated” date above.
13. Contact us
For questions about this Policy or to exercise your rights, email support@trycova.app with “Privacy” in the subject line.