Privacy Policy

1. Our Commitment

Cove is built on a privacy-first philosophy. We believe your conversations are yours alone. This policy explains what data we collect, how we use it, and the choices you have.

2. Data We Collect

Account Data: Username and optional email address for account recovery.

Message Data: All direct messages are end-to-end encrypted using the Signal Protocol. We cannot read your messages. Group messages are encrypted in transit.

Voice Data: Voice data is transmitted peer-to-peer via LiveKit. We never store, record, or process voice conversations.

Usage Data: We do not collect analytics, telemetry, or device fingerprinting by default. Crash reports are opt-in only.

What We Do NOT Collect: IP addresses (not logged), contacts (never uploaded), location data, device information, browsing history.

3. How We Use Data

We use account data solely to provide the Cove service. We do not sell, share, or monetize your personal data.

4. Data Storage & Retention

Encrypted messages are stored on our servers for up to 30 days, after which they are automatically deleted. Voice data is never stored. Account data is retained until you delete your account.

5. Third-Party Services

Cove uses the following third-party services:

• Apple App Store: For subscription management and payment processing (subject to Apple's privacy policy)
• LiveKit: For voice/video relay (SFU architecture, no recording)

6. Your Rights

You have the right to:

• Access all data we hold about you
• Export your data at any time
• Delete your account and all associated data
• Verify your encryption keys
• Opt out of any optional data collection

7. Children's Privacy

Cove is not intended for children under 13. We do not knowingly collect data from children under 13.

8. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via the app or email.

9. Contact

For privacy inquiries: privacy@coveapp.dev