Privacy policy

1. Scope

This Privacy Policy outlines how Cove collects, uses, protects, and discloses information provided by individuals and businesses during their use of Cove's platform for underwriting, screening, or verification purposes.

2. Information We Collect

We collect information directly from users and through third-party data providers. This includes:

• Identity Data: Full legal name, address, phone number, government ID, biometrics

• Financial Data: Bank account details, payroll access, income streams, transaction history

• Credit Data: Credit reports, tradelines, public records, debt-to-income ratios

• Business Data: Company registration documents, beneficial ownership, corporate financials

• Technical Data: Device info, browser version, usage logs, IP addresses

3. Purpose of Data Use

We process data to:

• Conduct KYC and KYB checks

• Assess creditworthiness and ability to repay

• Perform tenant and business underwriting

• Monitor transactions and detect suspicious behavior

• Meet compliance obligations under AML, ATF, and sanctions screening laws

• Provide support and improve system performance

4. Lawful Basis for Processing

Cove processes personal and business data under the following legal bases:

• User consent

• Contractual necessity

• Legal and regulatory compliance (e.g., FINTRAC, OSFI, AMLD5)

• Legitimate interest, such as fraud mitigation and platform improvement

5. Data Storage and Security Controls

Data is encrypted both in transit and at rest. Our infrastructure is designed with:

• SOC 2 Type II and ISO 27001-certified environments

• Fine-grained role-based access controls (RBAC)

• Multi-factor authentication (MFA) for all administrative access

• Logging and real-time threat monitoring

6. Access to Data

Only authorized Cove personnel and vetted third-party vendors may access user data, and only for necessary operational or compliance functions. All data access is logged and monitored for audit purposes.

7. Data Sharing

Cove shares data only with:

• Identity and financial verification partners under strict agreements

• Government or regulatory agencies upon valid legal request

• Lenders, landlords, and property managers authorized by the user or applicant

We do not sell, rent, or monetize user data.

8. Data Retention

We retain user data only as long as:

• Necessary for regulatory and business purposes

• Required under applicable laws (e.g., 5–7 years for FINTRAC records)

• Requested by the user for ongoing financial product usage

Once no longer required, data is securely deleted or irreversibly anonymized.

9. Your Rights

You have the right to:

• Request a copy of your data

• Request corrections to inaccurate information

• Request deletion, unless required by law to retain

• Revoke previously given consent

Contact: concierge@getcove.co with your full name, email, and phone number used on the platform.

10. Children's Data

Our Services are not designed for users under the age of 13. If you believe a minor's data has been submitted, please contact us for immediate removal.

11. Updates to Policy

We may update this policy periodically. Changes will be posted with a revised "Effective Date" and users will be notified of material updates via email or through the platform.

12. Contact Us

For questions about this policy, contact us at:

Cove

5200 Yonge St, North York, ON M2N 5P6, Canada

Email: team@cove.dev