← Back to Kovered

Privacy Policy

Effective: May 18, 2026 · Last Updated: May 22, 2026

1. Introduction

Kovered LLC, a California limited liability company ("Kovered", "we", "us", or "our"), respects your privacy. This Privacy Policy explains what personal information we collect, how we use and share it, how long we keep it, and what rights you have over it.

This Privacy Policy applies to your use of:

  • The Kovered mobile application (the "App")
  • The Kovered website at trykovered.com (the "Website")
  • All related services we provide (collectively with the App and Website, the "Service")

By using the Service, you agree to this Privacy Policy. If you do not agree, you must not use the Service.

This Privacy Policy is part of, and incorporated into, our Terms of Service. Capitalized terms not defined here have the meaning given in the Terms of Service.

Contact us about privacy: privacy@trykovered.com

2. Quick summary

Here's the short version (full details below):

  • What we collect: the information you give us when you create an account, post tasks, apply to tasks, chat, upload photos/videos, and use the Service. Plus payment information (handled by Stripe), identity verification metadata (handled by Stripe Identity), your last-known location (used to show you nearby tasks and notify Helpers of nearby tasks), and product-usage and crash-diagnostic data (via PostHog and Sentry) used to operate, debug, and improve the app.
  • What we don't do: we don't track you across other websites or apps, we don't profile you for advertising, we don't sell or rent your information, and we don't store your full ID documents (Stripe Identity does that).
  • How we use it: to provide, operate, debug, and improve the Service. We don't use your information for advertising or sell it to third parties.
  • Who we share it with: other Kovered users (only as needed for tasks you participate in), our service providers (Stripe, Supabase, Apple, Resend, etc.), and law enforcement when legally required. We don't sell or rent your personal information to anyone.
  • Your rights: you can access, correct, delete, or download your data at any time. California law (CCPA/CPRA) gives you specific rights — we extend the same rights to all U.S. users.

3. Information We Collect

3.1 Information you provide directly

When you create and use a Kovered account, you provide us with:

| Category | Examples |
|---|---|
| Account information | Email address, full legal name, date of birth, password (we use one-time email codes — no stored passwords), profile avatar (optional) |
| Task information | Task titles, descriptions, prices, categories, locations (precise coordinates if you enable location), photos and videos you upload to a task |
| Helper information | Helper application content (your bio, why you want to help), Helper-specific terms acceptance |
| Communications | Chat messages and attachments (photos, videos) you send to other users |
| Reviews and reports | Star ratings, review text, reports you file against other users |
| Support requests | Information you provide when contacting us at hello@trykovered.com or appeals@trykovered.com |
| Marketing website (waitlist) | If you submit your email address through the email-capture form on trykovered.com (the marketing site), we collect that email address solely to notify you when the Service launches and to send service-launch updates you have requested. We do not add waitlist email addresses to any general marketing list or share them with third parties. You may unsubscribe at any time by emailing privacy@trykovered.com. |

3.2 Information collected automatically

When you use the Service, we automatically collect:

| Category | Examples |
|---|---|
| Device tokens | Apple Push Notification Service tokens used to deliver push notifications to your device |
| Last-known location | Your most recent latitude/longitude coordinates, captured from your device's location services when you grant permission. Used to (a) filter the home feed by distance, (b) deliver "new task nearby" notifications to approved Helpers |
| App usage timestamps | When you created your account, posted tasks, applied to tasks, sent messages — used for fraud detection, dispute resolution, and analytics about Service performance |
| Server logs (limited) | IP address and basic request metadata processed by our hosting providers (Vercel, Supabase) for security, abuse prevention, and operational purposes. We do not use this for tracking or advertising. |
| Product analytics (PostHog) | Screen views, button taps, and other in-app actions, tagged with your user ID after sign-in. Session replay (a video-style recording of your screen during use) is enabled to help us debug issues; password fields, payment fields, and other sandboxed views are automatically masked. Used to understand how users navigate the app, identify drop-off points, and diagnose UX issues. We do not use this data for advertising. |
| Crash reporting (Sentry) | When the app crashes or hits an unhandled error, we collect: stack trace, device model, OS version, app build, your most recent in-app actions ("breadcrumbs"), and a screenshot of the screen at the moment of failure. When you are signed in, the report is tagged with your user ID, email, and name so we can correlate the issue with your account if you contact support. Used solely for diagnosing and fixing bugs. |

3.3 Information from third parties

We receive information from third parties in connection with the Service:

| Source | What we receive |
|---|---|
| Stripe | Payment confirmations, payment failure notifications, payout statuses, refunds, chargeback notices. Stripe handles all payment card data — we never see your full card number. |
| Stripe Identity | Identity verification result (verified/failed), extracted metadata only: legal first and last name, date of birth, document type (driver's license / passport / ID card), document country, last 4 digits of document number, document issuance date, document expiration date. The actual photos of your ID and selfie are stored only by Stripe — never on Kovered's servers. |
| Stripe Connect | (Helpers only) Stripe Connect account ID, payout account status, requirements for additional verification |
| Apple Push Notification Service | Confirmations or failures of push notification delivery |

3.4 Information we do NOT collect

To minimize your privacy exposure, we have intentionally chosen NOT to use:

  • Behavioral advertising trackers of any kind (no Google Analytics for Advertising, no Meta Pixel, no ad networks)
  • Cross-site or cross-app tracking identifiers (no IDFA usage for advertising; we use device tokens only for push notifications)
  • A/B testing or experimentation tools that profile users (PostHog supports this but we do not use that feature)
  • Browsing history beyond what's necessary for basic Service operation
  • Voice or audio recordings at any time

4. How We Use Your Information

We use your information to:

  1. Provide the Service — create your account, authenticate you, show you tasks, match Askers and Helpers, process payments and payouts, deliver chat messages, send notifications, generate dispute records, etc.
  2. Verify identity — confirm Helpers' identities through Stripe Identity (mandatory for Helpers); confirm Askers' identities optionally for the "Verified Asker" badge.
  3. Process payments and payouts — through Stripe and Stripe Connect.
  4. Show nearby content — match your last-known location against task locations to (a) filter the home feed by distance and (b) notify approved Helpers of new tasks within 25 miles.
  5. Communicate with you — send transactional emails and push notifications about your account, tasks, payments, and disputes. Send marketing emails ONLY if you have opted in (which is OFF by default).
  6. Resolve disputes — review evidence in disputes between users and decide the disposition of held funds.
  7. Detect and prevent abuse, fraud, and illegal activity — including scanning user content for child sexual abuse material (legally required) and other prohibited content per the Terms of Service.
  8. Maintain safety — enforce account suspensions and terminations, prevent banned users from creating new accounts, comply with court orders and subpoenas.
  9. Improve the Service — analyze how users navigate the app using product analytics and session replay (PostHog) and diagnose crashes and errors (Sentry) to fix bugs, find drop-off points, and improve features. We use this only to operate and improve Kovered — not for advertising, and we never sell it.
  10. Comply with law — meet our legal obligations including tax reporting (1099-NEC for Helpers earning $600+/year), records retention, and lawful demands from government authorities.

We do NOT use your information to:

  • Show you advertising
  • Sell or rent to third parties
  • Profile you across other websites or apps
  • Train AI/machine learning models on your personal information

5. How We Share Your Information

5.1 With other Kovered users

The Service is, by nature, an interpersonal marketplace. To make it work, certain information about you is visible to other users in specific contexts:

| Information | Visible to | Context |
|---|---|---|
| Your profile (avatar, first name, last initial, ratings, badges) | All users when you appear in tasks, applications, chat, or reviews | Public-ish — visible across the Service |
| Your full first and last name | The other party in tasks you participate in | Once you and another user are matched on a task, your full name is shown to them (matches Stripe receipts and dispute records) |
| Your task descriptions, photos, location, and price | Approved Helpers in the area (for visible task posts) | Once you post a task, it appears in the marketplace until canceled or completed |
| Your chat messages and attachments | Only the other party in the conversation, plus Kovered admin during dispute investigation | Private between two users; admin can see only when investigating a report or dispute |
| Your reviews of other users | All users when they view that user's profile | Public — visible across the Service |
| Your reports against other users | Kovered admin only | Private — never shown to the user being reported |

You should consider any information you submit that is visible to other users to be public information. Do not include sensitive personal information in profile fields, task descriptions, or chat unless you intend it to be visible to the relevant party.

5.2 With our service providers

We share your information with the following third parties solely to operate the Service. Each is bound by contractual obligations to protect your information and to use it only for the purposes we authorize.

| Service Provider | Role | Their Privacy Policy |
|---|---|---|
| Stripe, Inc. | Payment processing, refunds, chargeback handling | https://stripe.com/privacy |
| Stripe Connect | Helper payout account management and bank transfers | https://stripe.com/privacy |
| Stripe Identity | Identity verification (storage of ID documents and selfies) | https://stripe.com/privacy |
| Supabase, Inc. | Database, file storage, authentication, real-time messaging, serverless functions | https://supabase.com/privacy |
| Apple Inc. | App distribution (App Store), push notification delivery (APNs), device platform services | https://www.apple.com/legal/privacy/ |
| Resend, Inc. | Transactional email delivery (auth codes, account notifications, dispute notices) | https://resend.com/legal/privacy-policy |
| Vercel, Inc. | Marketing website + admin dashboard hosting, server-side processing | https://vercel.com/legal/privacy-policy |
| Cloudflare, Inc. | DNS for trykovered.com | https://www.cloudflare.com/privacypolicy/ |
| PostHog Inc. | Product analytics + session replay (see Section 3.2). Self-serve EU/US hosting; we use US hosting. | https://posthog.com/privacy |
| Functional Software, Inc. (Sentry) | Crash and error reporting (see Section 3.2) | https://sentry.io/privacy/ |
| Dun & Bradstreet | Business identity verification (D-U-N-S Number) — used only for Kovered's company identification, not user data | https://www.dnb.com/privacy |

If we add or change a material service provider, we will update this list and notify you by updating this Privacy Policy.

5.3 For legal reasons

We may share your information when we believe in good faith that disclosure is necessary to:

  • Comply with a subpoena, court order, search warrant, or other valid legal process.
  • Respond to a lawful request from a government agency.
  • Investigate, prevent, or take action regarding suspected illegal activities, fraud, or threats to the safety of any person or property.
  • Enforce our Terms of Service.
  • Protect the rights, property, or safety of Kovered, our users, or the public.
  • Comply with legally mandated reporting obligations, including reporting CSAM to the National Center for Missing & Exploited Children (NCMEC) as required by 18 U.S.C. § 2258A.

When practical and legally permitted, we will notify you before disclosing your information in response to a legal request.

5.4 In a business transfer

If Kovered is involved in a merger, acquisition, financing, sale of assets, or bankruptcy, your information may be transferred to the successor or acquirer as part of that transaction. We will notify you (e.g., by email and a notice on the Service) before any such transfer becomes effective and before your information becomes subject to a different privacy policy. You will have the option to delete your account before the transfer if you do not agree.

5.5 With your consent

We may share your information with other parties if you give us explicit consent to do so. We will tell you what is being shared and with whom before you consent.

5.6 Aggregated and de-identified information

We may share aggregated or de-identified information (information that does not identify you and cannot reasonably be used to identify you) with third parties for any purpose. For example, we may share aggregated statistics about Service usage with potential investors or in marketing materials.

5.7 What we do NOT do

We do NOT:

  • Sell your personal information for monetary or other valuable consideration to third parties.
  • Share your personal information for cross-context behavioral advertising (sometimes called "targeted advertising" under state privacy laws).
  • Use your personal information to train or improve any third party's AI/ML models.
  • Disclose your information to data brokers, marketing partners, or affiliates for their own use.

This is a deliberate design choice. We make money from platform fees, not from your data.

6. Sensitive Personal Information

Under California's CPRA and similar state laws, certain categories of information are considered "sensitive." We collect and process the following sensitive information:

| Sensitive Category | What we have | How we use it |
|---|---|---|
| Government identifiers | Last 4 digits of your government ID number, date of birth (collected through Stripe Identity for Helpers; the full document images are stored by Stripe, not by us) | Identity verification for Helpers; age verification (18+) |
| Precise geolocation | Your last-known latitude/longitude coordinates (with your permission) | Showing nearby tasks; notifying approved Helpers within 25 miles of new tasks |
| Account credentials | Email address (we don't store passwords — we use one-time email codes) | Account access |
| Financial information | Stripe customer ID, Stripe Connect account ID, payment method tokens (we never see full card numbers) | Processing payments and payouts |

We use sensitive personal information only for the specific purposes listed above. California residents (and residents of any U.S. state with similar laws) have the right to limit our use of sensitive personal information to these specified purposes. To exercise this right, contact us at privacy@trykovered.com.

7. How Long We Keep Your Information (Data Retention)

| Category | Retention Period | Why |
|---|---|---|
| Profile data (name, email, avatar, DOB) | Deleted within 30 days of account closure | Operational |
| Transaction records (tasks, payments, payouts) | Retained 7 years after the transaction; user name anonymized to "Former User" after 1 year post-closure | Required by tax law (IRS recordkeeping), required for dispute defense, required for chargeback evidence |
| Chat messages and chat attachments | Retained 30 days after account closure (during dispute window); then deleted | Dispute resolution |
| User-uploaded photos and videos (task posts, proof, dispute evidence) | Deleted within 30 days of account closure or content deletion | Operational; aligns with media license termination |
| Identity verification metadata (Kovered's records: name, DOB, doc type, country, last 4 of doc number, dates) | Retained 7 years | Required for fraud investigation and tax reporting |
| Identity verification documents (ID images, selfies) | Stored by Stripe Identity, not Kovered. Stripe's retention policy applies — typically several years for fraud and regulatory reasons. See https://stripe.com/privacy. | Stripe's compliance requirements |
| Account verification status (verified yes/no, helper status) | Retained indefinitely | Prevents banned users from closing and reopening accounts to escape strikes or suspensions |
| Fraud and abuse history | Retained indefinitely | Account safety; prevention of repeat bad-actors |
| Server logs | Retained 30-90 days by hosting providers (Vercel, Supabase) | Security incident investigation |
| Aggregated and de-identified analytics | Retained indefinitely in non-identifying form | Service improvement |

We may retain information longer than the periods above if required by law (e.g., a litigation hold, regulatory investigation), or if needed to enforce our Terms of Service or to protect the rights, safety, or property of Kovered, our users, or the public.

8. Your Rights and Choices

8.1 Access and review

You can review most of your account information at any time directly in the App (profile settings, transaction history, chat history, etc.). For information not directly visible in the App, you may request a copy by emailing privacy@trykovered.com.

8.2 Correction

You can update most of your information directly in the App (profile, etc.). For information you cannot edit yourself (such as identity verification details), email privacy@trykovered.com.

8.3 Deletion

You can delete your account at any time using the in-app account deletion feature or by emailing hello@trykovered.com. Account deletion is processed per the data retention schedule in Section 7. Some information (transaction records, fraud history, account verification status) is retained as described above for legal and operational reasons.

8.4 Marketing communications

We send marketing communications only if you have explicitly opted in (default OFF). You can opt in or opt out at any time via Profile → Preferences → Marketing emails, or by clicking "unsubscribe" in any marketing email.

Transactional communications (authentication codes, task notifications, dispute notices, security alerts) are essential to the Service and cannot be disabled while you maintain an active account.

You can disable push notifications at any time through your device settings.

8.5 Location services

You control whether Kovered has access to your device's location services through your device's settings. If you disable location access:

  • The "Nearby" filter on the home feed will not work for you.
  • If you are an approved Helper, you will not receive "new task nearby" notifications.
  • All other Service features remain functional.

8.6 Cookies and tracking

The Website (trykovered.com) uses essential session cookies only — we use them to maintain your form inputs, remember your preferences, and operate basic site functionality. We do NOT use:

  • Advertising cookies
  • Analytics cookies (Google Analytics, etc.)
  • Cross-site tracking cookies
  • Social media tracking pixels
  • "Remarketing" or "retargeting" cookies

The App uses no traditional web cookies. The App uses your device's push notification token only to deliver push notifications.

We honor "Do Not Track" signals from your browser. (We do not track behaviorally regardless, but if you have DNT enabled, we explicitly comply with it.)

We honor Global Privacy Control (GPC) signals where applicable.

8.7 California rights (CCPA / CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

| Right | What it means |
|---|---|
| Right to Know | You can request a copy of the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the categories of third parties we share with. |
| Right to Delete | You can request that we delete personal information we have collected about you, subject to certain exceptions (legal retention, fraud prevention, etc.). |
| Right to Correct | You can request that we correct inaccurate personal information. |
| Right to Opt Out of Sale or Sharing | You can direct us not to sell or share your personal information for cross-context behavioral advertising. We do not engage in either of these practices, but the right to opt out remains formally available. |
| Right to Limit Use of Sensitive Personal Information | You can direct us to limit our use of sensitive personal information to the purposes specified in Section 6. |
| Right to Non-Discrimination | We will not deny you service, charge you different prices, or provide a lesser quality of service for exercising any of these rights. |

To exercise any of these rights, email privacy@trykovered.com with:

  • Your full name and account email.
  • The right you wish to exercise (or "all of the above").
  • Sufficient information for us to verify your identity (we will contact you for additional verification if needed — this is required to prevent fraudulent deletion requests).

We will respond within 45 days of receipt of your request (with a possible 45-day extension if the request is complex). If we cannot honor your request, we will explain why.

You may also designate an authorized agent to make a request on your behalf. The agent must provide proof of authorization (e.g., a power of attorney or a signed letter from you).

8.8 Other state privacy rights (extended to all U.S. users)

We extend the same rights described in Section 8.7 to all U.S. residents, regardless of state of residence. This is consistent with — and in some cases more protective than — the privacy laws of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), and other states with comprehensive privacy legislation.

To exercise these rights, follow the procedure in Section 8.7. We will respond per the timeframes in our Privacy Policy (45 days plus possible extension), which meet or exceed the minimum required by every applicable state law.

8.9 Appeals (if we deny your privacy request)

If we deny your privacy request and you believe the denial was incorrect, you may appeal by emailing privacy@trykovered.com with the subject line "Privacy Appeal" within 30 days of our denial. Your appeal should include the original request, our denial response, and your reason for appealing. We will review and respond to appeals within 60 days.

9. Children's Privacy

The Service is intended for users 18 years and older. We do not knowingly collect personal information from anyone under 18. If you are under 18, you must not use the Service or submit any information to us.

If we learn that we have collected personal information from a person under 18, we will delete that information as quickly as practical. If you are a parent or guardian and believe your child under 18 has provided information to us, please contact us at privacy@trykovered.com and we will work with you to address the issue.

Because the Service is restricted to adults, the federal Children's Online Privacy Protection Act (COPPA) does not apply to our intentional data practices. However, we treat any inadvertently collected information from a minor as immediately requiring deletion.

10. International Users

The Service is intended for users located in the United States (50 states + the District of Columbia) only. We do not actively market or provide the Service to users outside the U.S.

If you access the Service from outside the U.S.:

  • You acknowledge that your information will be transferred to and processed in the U.S.
  • U.S. data protection laws may differ from those of your country.
  • You are responsible for compliance with the laws of your jurisdiction regarding the use of an online service hosted in the U.S.
  • We have not designed the Service to comply with the EU General Data Protection Regulation (GDPR), the UK Data Protection Act, Brazil's LGPD, or other non-U.S. privacy laws. We recommend you do not use the Service if you require coverage under those laws.

11. Data Security

We take reasonable administrative, technical, and physical measures to protect your information from loss, theft, misuse, unauthorized access, disclosure, alteration, or destruction. These measures include:

  • Encryption in transit: all communication with our servers uses HTTPS/TLS 1.2+.
  • Encryption at rest: sensitive data in our database (managed by Supabase) and storage is encrypted at rest using AES-256.
  • Authentication: Service access requires email-based one-time codes (no stored passwords); admin access requires multi-factor authentication.
  • Access controls: internal access to user data is restricted to personnel with a legitimate need; row-level security policies in our database enforce that users can only access their own data.
  • Third-party security: our service providers (Stripe, Supabase, Apple, Vercel) maintain industry-standard security certifications (SOC 2, PCI DSS as applicable).
  • Incident response: we have procedures in place to investigate and respond to security incidents.

However, no security measure is perfect. We cannot guarantee that unauthorized access, hacking, data loss, or other security breaches will never occur. You use the Service at your own risk and should take reasonable steps to protect your account credentials and the device(s) you use.

12. Data Breach Notification

If we experience a data breach affecting your personal information, we will notify you within 72 hours of confirming the breach, by:

  • Email to your account address, AND
  • An in-app notification (where appropriate).

We will also notify state attorneys general and other regulators as required by applicable law (including California's data breach notification law, Cal. Civ. Code § 1798.82).

The notice will describe (where known): the nature of the breach, the categories of personal information affected, the steps you can take to protect yourself, and the steps Kovered is taking to address the breach.

The 72-hour commitment applies from the time we confirm the breach, not the time we initially become aware of a possible incident. We may need additional time to investigate and confirm the scope of an incident before notifying. In rare cases (e.g., ongoing law enforcement investigation), we may delay notification at law enforcement's request as permitted by law.

13. Third-Party Links and Services

The Service may contain links to third-party websites, apps, or services that are not operated by Kovered. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you engage with.

In particular, the following third-party privacy policies are most directly relevant to your use of the Service:

  • Stripe (payments + identity): https://stripe.com/privacy
  • Apple (App Store + APNs + iOS): https://www.apple.com/legal/privacy/
  • Supabase (data hosting): https://supabase.com/privacy

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will:

  • Update the "Last Updated" date at the top.
  • Notify you of material changes (those that adversely affect your rights or significantly change how we collect, use, or share your information) by email and/or in-app notification at least 30 days before the changes take effect.
  • For non-material changes (typo fixes, clarifications, additions of new service providers we publicly list), the changes take effect upon posting.

If you continue to use the Service after a material change takes effect, you accept the updated Privacy Policy. If you do not agree, you may close your account before the changes take effect.

15. Contact Us

For privacy-related questions, requests, or concerns:

Email: privacy@trykovered.com

Mailing address:
Kovered LLC
Attn: Privacy
2108 N St, Ste N
Sacramento, CA 95816

For general support questions: hello@trykovered.com

For legal notices: legal@trykovered.com

For account appeals: appeals@trykovered.com

16. California-specific notice

Pursuant to California Civil Code § 1798.83 (the "Shine the Light" law), California residents may request information about our disclosure of personal information to third parties for those third parties' direct marketing purposes during the preceding calendar year.

Kovered does NOT disclose personal information to third parties for their own direct marketing purposes. Therefore, no Shine the Light disclosure is required, but we confirm this in writing for transparency.

*End of Privacy Policy.*