Terms of use

PART I: END USER AGREEMENT

1. Introduction

This End User Agreement ("Agreement") governs your use of Cove's platform, which enables businesses and individuals to build, embed, and interact with financial technology ("fintech") products including but not limited to tenant screening, lending workflows, Know Your Customer (KYC), Know Your Business (KYB), income and identity verification, and risk-based decisioning (collectively, the "Services"). By accessing or using the Services, you agree to be legally bound by this Agreement and the Privacy Policy. If you do not agree with these terms, do not use the Services.

2. Eligibility

You confirm that you are at least 18 years of age or the age of majority in your jurisdiction and that you have the legal authority to bind yourself or your organization to this Agreement.

3. Permitted Use

You agree to use the Services solely for lawful and legitimate financial or underwriting purposes, such as verifying applicants for tenancy, evaluating borrower eligibility, or automating financial workflows within your organization.

You further agree not to:

• Use the Services for any activity that violates financial regulations, including anti-money laundering (AML) or anti-fraud laws;

• Falsify data or impersonate others;

• Circumvent, disable, or interfere with platform security features.

4. Data Use Consent

You consent to the collection, analysis, storage, and transfer of personal and business data to facilitate the Services. By using Cove, you authorize Cove and its third-party service providers to collect and process your information in accordance with applicable privacy laws.

5. Data Ownership and Responsibility

Cove acts as both a data processor and data controller for the information submitted through its platform. You retain ownership of your data, but grant Cove the right to use it for the purposes of:

• Risk evaluation

• Regulatory compliance

• Performance improvement

• Fraud detection and mitigation

6. Platform Liability & Indemnity

Cove assumes full responsibility for data that remains within its secure infrastructure. Cove will implement commercially reasonable safeguards in accordance with industry standards (e.g., SOC 2, ISO 27001). Cove is not liable for damages caused by:

• Data processed through unauthorized third-party integrations;

• Client misuse, negligence, or improper configuration;

• Breaches resulting from external systems connected to Cove's platform.

Users agree to indemnify Cove for any claims arising from unauthorized or unlawful use of the Services.

7. Third-Party Infrastructure

Cove leverages licensed third-party services to offer identity verification, credit checks, bank data aggregation, and fraud prevention. These providers include, but are not limited to: Equifax, TransUnion, Plaid, Flinks, Persona, and Onfido. All such vendors are under strict confidentiality and data protection agreements.

8. Termination

Cove reserves the right to suspend or terminate access to the Services at its sole discretion if you violate any terms or use the platform in a way that jeopardizes the privacy, legality, or integrity of the system.

9. Governing Law

This Agreement is governed by the laws of the Province of Ontario, Canada, and any disputes shall be resolved in the courts of Toronto.

PART II: PRIVACY POLICY

1. Scope

This Privacy Policy outlines how Cove collects, uses, protects, and discloses information provided by individuals and businesses during their use of Cove's platform for underwriting, screening, or verification purposes.

2. Information We Collect

We collect information directly from users and through third-party data providers. This includes:

• Identity Data: Full legal name, address, phone number, government ID, biometrics

• Financial Data: Bank account details, payroll access, income streams, transaction history

• Credit Data: Credit reports, tradelines, public records, debt-to-income ratios

• Business Data: Company registration documents, beneficial ownership, corporate financials

• Technical Data: Device info, browser version, usage logs, IP addresses

3. Purpose of Data Use

We process data to:

• Conduct KYC and KYB checks

• Assess creditworthiness and ability to repay

• Perform tenant and business underwriting

• Monitor transactions and detect suspicious behavior

• Meet compliance obligations under AML, ATF, and sanctions screening laws

• Provide support and improve system performance

4. Lawful Basis for Processing

Cove processes personal and business data under the following legal bases:

• User consent

• Contractual necessity

• Legal and regulatory compliance (e.g., FINTRAC, OSFI, AMLD5)

• Legitimate interest, such as fraud mitigation and platform improvement

5. Data Storage and Security Controls

Data is encrypted both in transit and at rest. Our infrastructure is designed with:

• SOC 2 Type II and ISO 27001-certified environments

• Fine-grained role-based access controls (RBAC)

• Multi-factor authentication (MFA) for all administrative access

• Logging and real-time threat monitoring

6. Access to Data

Only authorized Cove personnel and vetted third-party vendors may access user data, and only for necessary operational or compliance functions. All data access is logged and monitored for audit purposes.

7. Data Sharing

Cove shares data only with:

• Identity and financial verification partners under strict agreements

• Government or regulatory agencies upon valid legal request

• Lenders, landlords, and property managers authorized by the user or applicant

We do not sell, rent, or monetize user data.

8. Data Retention

We retain user data only as long as:

• Necessary for regulatory and business purposes

• Required under applicable laws (e.g., 5–7 years for FINTRAC records)

• Requested by the user for ongoing financial product usage

Once no longer required, data is securely deleted or irreversibly anonymized.

9. Your Rights

You have the right to:

• Request a copy of your data

• Request corrections to inaccurate information

• Request deletion, unless required by law to retain

• Revoke previously given consent

Contact: team@cove.dev with your full name, email, and phone number used on the platform.

10. Children's Data

Our Services are not designed for users under the age of 13. If you believe a minor's data has been submitted, please contact us for immediate removal.

11. Updates to Policy

We may update this policy periodically. Changes will be posted with a revised "Effective Date" and users will be notified of material updates via email or through the platform.

12. Contact Us

For questions about this policy, contact us at:

Cove

5200 Yonge St, North York, ON M2N 5P6, Canada

Email: team@cove.dev