Privacy Policy

Last updated: March 28, 2026

Covewise (“we”, “us”, or “our”) is operated by Corvin Works LLC. This Privacy Policy describes how we collect, use, and safeguard your information when you use our service at covewise.app.

Information We Collect

We collect:

• Account data: name, email address, and authentication credentials
• Financial data: transaction history, account balances, and account metadata from connected institutions
• Household data: goals, budgets, loan details, and credit card information you enter directly
• Receipt data: merchant name, amount, date, and line items from receipts you scan or email receipts we parse
• Usage data: features used, screens visited, and app interactions to improve the product

What We Do NOT Collect

• Your bank login credentials — we never see or store these
• Full email body content — email parsing is limited to subject, sender, amount, and merchant name from receipt emails only
• Voice audio — voice input is transcribed in real time and not retained
• Social Security numbers or government ID numbers

How AI Processes Your Data

AI features in Covewise process your financial data server-side to generate insights, summaries, and recommendations. Specifically:

• Your data is sent to AI model providers (Anthropic, OpenAI, and/or Google) to generate responses
• We use zero-data-retention API configurations where available — your data is not used to train AI models
• AI processing happens on-demand when you interact with the assistant; we do not run background AI processing on your data
• AI-generated insights are stored in your account so you can review them later

Third-Party Data Processors

We share data with the following service providers solely to operate Covewise:

• Supabase — database hosting and authentication (US-based)
• Vercel — application hosting and serverless compute (US-based)
• Plaid / Quiltt — bank account connectivity and transaction retrieval
• Stripe — payment processing (card data never touches our servers)
• Anthropic, OpenAI, Google — AI model inference for financial analysis
• Resend — transactional email delivery

We do not sell your data to any third party. All processors are bound by data processing agreements.

How We Use Your Information

• To provide the Covewise financial companion service
• To generate AI-powered financial insights based on your household's data
• To send transactional emails (receipts, account notices) and product updates
• To analyze aggregate, anonymized usage patterns to improve the product

Data Retention

• Account and financial data: retained while your account is active
• Transaction history: retained for the life of your account to support historical analysis
• AI conversation history: retained for 90 days, then automatically deleted
• Usage logs: retained for 30 days
• Deleted accounts: all data is permanently deleted within 30 days of account deletion

Security

We use TLS in transit and AES-256 encryption at rest. Sensitive fields (bank access tokens, connection credentials) are encrypted at the application layer before storage. We enforce row-level security on all database tables. No system is perfectly secure; if you suspect unauthorized access to your account, contact us immediately.

Your Rights

You may access, correct, export, or delete your personal data at any time. Account deletion is available in the app via Settings → Account → Delete Account. For data export requests or other privacy inquiries, contact us at hello@covewise.app. We will respond within 30 days.

Changes to This Policy

We may update this policy as the product evolves. We'll notify registered users of material changes via email at least 14 days in advance.

Contact

Corvin Works LLC — Privacy
hello@covewise.app