← covant.ai

Privacy Policy

Last updated: March 1, 2026

Overview

Covant, Inc. ("Covant," "we," "us") operates covant.ai and related services. This policy explains what data we collect, how we use it, and your rights.

We built Covant to handle partner programs, commissions, and attribution. Your data — and your partners' data — is yours. We don't sell it, train models on it, or share it except as described below.

What we collect

Account data

When you sign up: email address, name, and password (hashed via Clerk). If you use Google SSO, we receive your email and name from Google.

Program data

Data you enter into Covant: partner names and contact info, deal records, commission configurations, payout history, attribution rules, and audit logs. This data is stored in our database (Convex) and is scoped to your organization.

Usage data

Basic analytics: pages visited, features used, error logs. We use this to improve the product. We do not build profiles for advertising purposes.

Billing data

Payment details are handled entirely by Stripe. We never see or store raw card numbers. We store your Stripe customer ID and subscription status.

Communications

If you email us or reply to onboarding emails, we keep those records to provide support.

How we use your data

  • To operate and improve Covant
  • To send transactional emails (deal notifications, commission alerts, invoices) via Resend
  • To process payments via Stripe
  • To authenticate your account via Clerk
  • To provide customer support
  • To comply with legal obligations

We do not use your data to train AI models. We do not sell your data to third parties.

Subprocessors

We use the following services to operate Covant. Each has their own privacy program:

VendorPurposeData location
VercelHosting / CDNUS + global edge
ConvexDatabaseUS (AWS us-east-1)
ClerkAuthenticationUS
StripeBillingUS
ResendTransactional emailUS
GroqAI inference (program setup)US

For a full, up-to-date list email privacy@covant.ai.

Data retention

We retain your data for as long as your account is active. If you cancel, we retain data for 90 days to allow for recovery, then delete it.

You can request immediate deletion at any time — see "Your rights" below.

Audit logs are retained per your plan (30 days on Free, 90 days on Starter, 1 year on Growth, unlimited on Scale).

Your rights

You have the right to:

  • Access — request a copy of all data we hold about you
  • Correction — fix inaccurate data
  • Deletion — request we delete your account and all associated data
  • Portability — export your data in a machine-readable format (CSV export is available in the dashboard)
  • Objection — object to certain processing

To exercise any of these rights, email privacy@covant.ai. We respond within 30 days.

GDPR

If you're in the European Economic Area (EEA), UK, or Switzerland, you have additional rights under GDPR. Our legal basis for processing is:

  • Contract performance — processing needed to operate the service you signed up for
  • Legitimate interests — product improvement, fraud prevention, security
  • Legal obligation — where required by law

For EU customers, a Data Processing Agreement (DPA) is available at covant.ai/dpa.

CCPA (California)

California residents have the right to know what personal information we collect, delete it, and opt out of its sale. We do not sell personal information. To exercise your rights, email privacy@covant.ai.

Cookies

We use cookies for authentication (Clerk session tokens) and to remember your preferences. We do not use third-party advertising cookies.

Security

See our Security page for details on how we protect your data.

Changes

We'll notify you by email if we make material changes to this policy. The "last updated" date at the top always reflects the current version.

Contact

Questions? Email privacy@covant.ai.

Covant, Inc. · San Francisco, CA