Privacy Policy
Last Updated: June 2026
Welcome to Cove. Your privacy is not just a priority; it is the fundamental architecture of our application. This Privacy Policy explains how we handle your data when you use our ephemeral messaging service.
1. Information We Do NOT Collect
For standard users of Cove, we operate on a strict Zero-Knowledge Architecture:
- No Account Data: We do not require a phone number, email address, or username to use the standard features.
- No Message Content: All text, audio, and image data is End-to-End Encrypted (E2EE) using WebCrypto AES-GCM 256-bit encryption. The encryption keys never leave your browser. We literally cannot read your messages.
- No Permanent Logs: We do not log IP addresses to permanent storage. Network routing is handled temporarily by our edge provider (Cloudflare).
2. Data Ephemerality
Cove is built on volatile memory structures (Cloudflare Durable Objects).
- Messages automatically self-destruct 10 minutes after they are sent.
- When both users leave a room, or if the Panic/Vanish button is triggered, the room's data is permanently wiped from our server's memory. There are no backups.
3. Information We Collect (Cove Plus Members Only)
If you choose to upgrade to Cove Plus, we collect the minimum information necessary to process your payment and manage your premium status:
- Authentication Data: We use Google OAuth to securely link your premium status to an account. We collect your email address and basic profile information (name, avatar) provided by Google.
- Payment Information: Payments are processed securely via Razorpay. We do not store your credit card details or bank information. We only store payment receipt IDs and subscription validity dates.
4. Third-Party Services
We utilize the following infrastructure partners to run Cove securely:
- Cloudflare: For edge-computing network routing and volatile memory storage.
- Supabase: For authentication and secure database storage (strictly for Cove Plus subscription data, not messages).
- Razorpay: For processing premium upgrades.
5. Law Enforcement
Because we do not collect or store decryption keys, message histories, or standard user identities, we physically cannot provide communication records to law enforcement agencies. We can only provide basic subscription metadata for Cove Plus users if legally compelled by a valid subpoena.
6. Changes to this Policy
We may update this Privacy Policy from time to time. Any changes will be reflected on this page.
7. Contact
If you have any questions regarding this Privacy Policy, please contact us at via our standard communication channels.