Your data is yours. Here is exactly how we protect it.
Privacy FirstEU HostedEncryptedNo Password StoragePasswordless Auth
Infrastructure
- Hosted on Vercel (EU region) with automatic TLS encryption
- Database on Supabase (EU region, PostgreSQL with row-level security)
- All data encrypted at rest (AES-256) and in transit (TLS 1.3)
- Hosted in the EU with automatic failover and redundancy
- Passwordless authentication via one-time codes (OTP) and magic links
- No passwords stored — no password to leak
- Google OAuth as alternative sign-in method
- Session tokens with automatic rotation
- We do not store the content of your conversations with Cove
- Queries are sent directly to AI providers and responses are returned to you
- Conversation history is stored only if you choose to keep it (deletable anytime)
- We do not sell, share, or use your data for training
- API keys are SHA-256 hashed before storage — we cannot see your key
- Rate limiting on all endpoints (per-IP and per-key)
- Content Security Policy (CSP), HSTS, X-Frame-Options, XSS protection headers
- Stripe webhooks verified via cryptographic signatures
- Anthropic (Claude) — SOC 2 Type II, GDPR compliant
- OpenAI (GPT) — SOC 2 Type II, GDPR compliant
- Google (Gemini) — ISO 27001, SOC 2, GDPR compliant
- Mistral — EU-based company, GDPR native
- Perplexity (Sonar) — SOC 2 Type II
- GDPR compliant — privacy by design, data minimization
- Right to erasure — delete your account and all data from Settings
- Data Processing Agreement (DPA) available for enterprise customers
- No tracking cookies — analytics via privacy-friendly tools only
Found a security issue?
Report it hereSatcove — A product by Abyssal Group