Privacy Policy

Effective May 4, 2026

Introduction

Cove Technologies, Inc. is a Delaware-incorporated embedded-finance platform that provides white-label financial products to companies that own their customer relationships. This policy explains what information we collect, how we use it, and the rights you have over it. It is effective as of May 4, 2026.

Information we collect

Account information. When you sign up for Cove or use our platform as an operator, we collect your name, work email, company, role, and payment details necessary to bill for the services you configure.

Applicant data. Cove processes information about end-applicants on behalf of our customers — identity documents, bank account data, credit reports, employment verification, and other underwriting inputs. This data is processed under contract with the operator and with consent from the applicant. The operator, not Cove, determines the purposes and configuration of each workflow.

Technical data. We automatically collect IP address, device and browser metadata, and usage logs through standard cookies and analytics tooling. We use this to operate, secure, and improve the platform.

How we use information

  • To operate the platform and deliver the products our customers configure.
  • To run identity, credit, employment, and bank verifications authorized by the applicant.
  • To meet regulatory and compliance obligations, including KYC, AML, and sanctions screening.
  • To communicate with users about their accounts, support issues, and material product changes.
  • To monitor for fraud and abuse, and to improve reliability and performance.

How we share information

We do not sell personal information. We share information only in the following circumstances:

  • Subprocessors. Cloud infrastructure, analytics, fraud, identity, and KYC vendors that operate under data processing agreements.
  • Customers. Operators who configured the workflow that produced the data, and who control its use on their end.
  • Regulators and law enforcement. When we are legally required to do so, or to protect rights, safety, and property.
  • Acquirers. In connection with a merger, financing, or sale of all or part of the business, subject to confidentiality.

Applicant data and consumer rights

Applicants have the right to access, correct, and delete the personal information Cove holds about them, subject to legal exceptions. Depending on where you live, you may also have rights under the CCPA/CPRA, GDPR, and other US state privacy laws — including the right to opt out of certain processing and to receive a copy of your data in a portable format.

To exercise any of these rights, email privacy@cove.dev with your full name and the operator (landlord, lender, broker, etc.) you submitted information to. We will respond within the timeframe required by applicable law.

Security

Data is encrypted in transit and at rest. Cove operates under a SOC 2 Type II posture, with least-privilege access controls, multi-factor authentication for administrative systems, and ongoing third-party audits. No system is perfectly secure, but we treat security as a continuous engineering discipline rather than a one-time certification.

Data retention

We retain personal information only as long as we need it to deliver the service, meet legal and compliance obligations, or pursue legitimate business purposes such as fraud prevention. After that, data is deleted or irreversibly anonymized.

Children

Cove is not directed to anyone under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact privacy@cove.dev and we will delete it.

Changes to this policy

When we update this policy, we will revise the effective date above. If the changes are material, we will notify customers whose use of the service is affected.

Contact

For any privacy question or to exercise a right described above, write to privacy@cove.dev.