Privacy Policy

Scope

Covable is an AI citation intelligence platform. This Privacy Policy applies to our marketing site at covable.app, our application at home.covable.app, and any support, billing, or account interactions tied to the service.

If you have questions about this policy or how we handle personal data, contact privacy@covable.app.

Information we collect

We collect the minimum information needed to operate, secure, and improve Covable.

• Account data: email address, hashed password, authentication identifiers, and profile information you choose to provide
• Workspace data: brand URLs, competitors, prompts, pages, settings, and other content you add inside the app
• Product output: scans, visibility scores, generated recommendations, generated content, and execution history
• Billing data: subscription status, invoices, transaction metadata, and customer identifiers from Dodo Payments. We do not store full card numbers
• Support data: emails, support requests, and product feedback you send us
• Technical data: IP address, browser, device, log data, and session identifiers needed to keep the service secure and working

How we use information

• Provide the service: authenticate users, run scans, calculate visibility metrics, generate workflows and outputs, and show results in the dashboard
• Operate billing: manage subscriptions, trials, invoices, renewals, and payment-related support
• Keep Covable secure: detect fraud, enforce rate limits, investigate abuse, and maintain service reliability
• Support and communicate: answer support requests, send product-critical notices, and share account or billing updates
• Improve the product: diagnose bugs, understand usage patterns, and prioritize product improvements
• Comply with law: satisfy legal obligations and respond to valid lawful requests

We do not sell personal data. We do not run advertising networks on Covable. We do not use customer workspace data to train third-party AI models for generalized use.

Service providers

We rely on a limited set of providers to run Covable. They process data on our behalf only to the extent needed for the service they provide.

• Supabase: authentication, database, and storage infrastructure
• Dodo Payments: subscription management and payment processing
• OpenAI: model-powered analysis and generation features
• Vercel: hosting, caching, and delivery of our web properties
• Trigger.dev: background job orchestration for asynchronous product workflows

Some data may be processed outside your country depending on where these providers operate. Where required, we use appropriate contractual and technical safeguards.

Cookies and session storage

Covable uses essential cookies and similar storage to keep you signed in and move you safely between covable.app and home.covable.app.

• Authentication cookie: a shared session cookie on .covable.app that lets the landing site and app recognize your signed-in state
• Preference storage: remembers app settings such as interface state
• Security and reliability data: helps us detect abuse and keep the platform working correctly

We do not use third-party advertising cookies or cross-site ad trackers.

Data retention

We keep account and workspace data for as long as your account is active and as needed to provide the service. If you request deletion or close your account, we delete or anonymize personal data within a commercially reasonable period unless we are legally required to keep it longer.

We may retain limited billing, tax, fraud-prevention, or security records where applicable law or legitimate operational needs require it.

How information is shared

We share information only in a few situations:

• With vendors and subprocessors that operate parts of Covable for us
• Within a corporate transaction such as a financing, merger, acquisition, or asset sale
• When required by law, regulation, or valid legal process
• To protect the rights, security, or integrity of Covable, our users, or the public

We do not sell personal data and we do not share personal data with data brokers.

Your rights

Depending on where you live, you may have the right to access, correct, delete, export, or restrict certain personal data we hold about you, and to object to some processing.

To make a privacy request, email privacy@covable.app. We may need to verify your identity before completing the request.

Security

We use reasonable administrative, technical, and organizational safeguards to protect data, including encrypted transport, access controls, hashed credentials, and infrastructure-level security measures. No method of storage or transmission is completely secure, so we cannot guarantee absolute security.

Children's privacy

Covable is not directed to children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will remove it.

Changes to this policy

We may update this policy as the product, our providers, or legal requirements change. When the update is material, we will post a prominent notice in the app or contact affected users directly. The date at the top of this page shows the latest revision.

Contact