Privacy Policy

ABN: 64 108 741 214
Effective date: 4 June 2026
Contact: privacy@getkova.co

1. About this Privacy Policy

This Privacy Policy explains how Kova collects, uses, stores, discloses, and protects personal information and business data in connection with Kova, including through our website, application, integrations, communications, and related services. Kova operates under ABN 64 108 741 214.

In this document, "Kova", "we", "us", and "our" means the business operating the Kova platform and related services.

Kova is an AI-assisted software platform that helps users turn design and project context into structured delivery work, including tickets, acceptance criteria, QA notes, implementation details, and related project outputs.

You will be asked to acknowledge this Privacy Policy when you create an account. By creating an account and using Kova, you agree to the handling of information described in this Privacy Policy.

2. Information we collect

We may collect the following types of information.

Account information

This may include:

  • name
  • email address
  • company or workspace name
  • password or authentication details
  • role or permission level
  • billing plan
  • usage limits and subscription status

Product and workspace information

When you use Kova, we may process information connected to your projects, including:

  • workspace and project names
  • selected Figma files, pages, frames, screenshots, thumbnails, comments, and metadata
  • Jira, Linear, Asana, or other project management data that you connect or authorise
  • generated tickets, descriptions, acceptance criteria, story points, labels, priorities, epics, QA notes, and related outputs
  • uploaded or pasted content, including briefs, notes, documents, screenshots, or other materials you provide
  • integration settings and project configuration
  • team member roles and permissions
  • audit logs and activity history

Integration data

If you connect third-party tools such as Figma, Jira, Linear, Asana, Slack, Telegram, or similar services, we may collect and process information required to provide the integration.

This may include:

  • OAuth tokens or access credentials
  • account identifiers
  • workspace, site, cloud, team, file, project, issue, or board identifiers
  • project metadata
  • permission scopes granted by you
  • information returned by the relevant integration API

OAuth tokens and similar sensitive credentials are stored securely and encrypted at rest.

Billing information

Payments are processed by Stripe. We may collect and store limited billing-related information, including:

  • customer ID
  • plan type
  • subscription status
  • invoice status
  • payment event history
  • billing email
  • company or account name

We do not store full credit card numbers. Payment card information is handled entirely by Stripe.

Technical and usage information

We may collect technical information such as:

  • IP address
  • browser type
  • device type
  • operating system
  • pages visited
  • application events
  • login timestamps
  • API usage
  • error logs
  • security events
  • rate-limit events
  • referral source
  • analytics events

Communications

If you contact us, book a demo, submit a form, or communicate with us by email, LinkedIn, phone, chat, or other channels, we may collect the information you provide in that communication.

3. How we collect information

We collect information when:

  • you create an account
  • you use the Kova website or application
  • you connect a third-party integration
  • you generate, edit, review, export, or push project outputs
  • you invite team members
  • you upload, paste, or submit content
  • you contact us
  • you subscribe, upgrade, downgrade, or cancel
  • our systems automatically log technical and usage data
  • third-party services provide information in accordance with your authorisation

4. How we use information

We use information to:

  • provide, operate, maintain, and improve Kova
  • authenticate users and manage accounts
  • connect to authorised third-party services
  • analyse design, project, and workflow inputs
  • generate structured tickets and related delivery outputs
  • push outputs to project management tools
  • sync project or ticket status where enabled
  • detect changes, drift, or stale project information
  • personalise workspace settings and output structure
  • apply role-based permissions
  • manage billing and subscriptions
  • provide support
  • send transactional emails
  • improve reliability, security, performance, and user experience
  • investigate bugs, abuse, security incidents, and misuse
  • comply with legal obligations
  • communicate product updates, changes, and relevant notices

5. AI processing

Kova uses artificial intelligence systems to analyse user-provided or authorised inputs and generate draft delivery outputs.

This may involve sending relevant project content, screenshots, metadata, ticket history, comments, or other contextual information to AI infrastructure providers or model providers so the requested output can be generated.

Models and routing

Kova uses Anthropic (Claude) as a primary AI model provider. Kova may also use OpenRouter as a model routing layer, which may direct requests to Anthropic or other model providers depending on the feature and configuration in use. Both Anthropic and OpenRouter are listed in our Subprocessor List.

Vector and style data

Kova may use Pinecone as a vector database to store embeddings derived from your historical ticket data. This is used to improve the quality and consistency of generated output for your workspace. This data is scoped to your workspace and is not used to improve output for other customers or to train any AI model. You may request deletion of your workspace's style and embedding data at any time by contacting privacy@getkova.co.

Training

We do not use customer project data to train AI models. Anthropic's API terms govern how inputs to the Anthropic API are handled on Anthropic's side. You can review Anthropic's privacy policy at anthropic.com/privacy.

Output accuracy

AI-generated output may contain errors, assumptions, omissions, or inaccuracies. Users are responsible for reviewing generated output before relying on it or pushing it to any third-party system.

6. Third-party services and subprocessors

We use third-party service providers to operate Kova. These may include providers for:

  • cloud hosting
  • database and authentication
  • AI processing and model routing
  • vector search and retrieval
  • payment processing
  • email delivery
  • analytics
  • integrations with Figma, Jira, Linear, Asana, and similar tools

A current Subprocessor List is available at www.getkova.co/subprocessors.

We may disclose information to these providers where necessary for them to provide services to us. We require providers to handle information in accordance with applicable legal and contractual obligations.

7. Overseas disclosure

Some of our service providers may store or process information outside Australia. This may include locations such as the United States, Europe, or other regions where our providers operate infrastructure.

By using Kova, you acknowledge that your information may be processed or stored outside Australia where reasonably necessary to provide the service.

8. Data retention

We retain information for as long as reasonably necessary to provide Kova, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and improve the service.

We may retain:

  • account data while your account remains active
  • billing and transaction records as required by law
  • audit logs and security logs for a reasonable security and compliance period
  • project and generated output data until deleted by the user, workspace owner, or us in accordance with this policy
  • workspace style embeddings stored in Pinecone until deletion is requested or the workspace is closed
  • backups for up to 90 days before deletion from backup systems occurs in the ordinary course

You may request deletion of your account or workspace data by contacting privacy@getkova.co.

9. Security

We take reasonable technical and organisational measures to protect information from misuse, interference, loss, unauthorised access, modification, or disclosure.

These measures may include:

  • encryption of sensitive integration tokens at rest
  • role-based access controls
  • workspace-level data isolation
  • secure OAuth flows
  • access logging
  • audit logs
  • input validation
  • rate limiting
  • secure headers
  • restricted administrative access
  • monitoring and incident response processes

No system is completely secure. You are responsible for keeping your account credentials secure and for managing who has access to your workspace.

10. Access, correction, and deletion

You may request access to personal information we hold about you, ask us to correct it, or request deletion where legally and technically possible.

To make a request, contact us at privacy@getkova.co.

We may need to verify your identity before actioning a request. We will respond within 30 days of receiving a valid request.

11. Marketing communications

We may send you product updates, educational content, or launch notices where permitted by law.

You can unsubscribe from marketing emails using the unsubscribe link in the email or by contacting privacy@getkova.co.

We may still send transactional or service-related messages, such as security notices, billing updates, password reset emails, and important service changes. These cannot be unsubscribed from while your account is active.

12. Cookies and analytics

We use cookies and similar technologies to operate the website and application, keep users signed in, remember preferences, improve performance, and understand usage.

More detail is available in our Cookie Policy.

13. Children

Kova is not intended for children under 16. We do not knowingly collect personal information from children under 16.

14. Customer responsibilities

You are responsible for ensuring that you have the right to submit, upload, connect, or authorise access to any data you process through Kova.

This includes responsibility for client files, Figma designs, project data, Jira tickets, comments, screenshots, documents, and any personal information contained in them.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be posted on our website with a revised effective date.

If changes are material, we will provide additional notice by email to the account owner where reasonably practicable.

16. Operator changes

If the operator of Kova changes due to incorporation, corporate restructure, or acquisition, we will notify users and update these documents accordingly. Your continued use of the Service after such a change constitutes acceptance of the updated operator details.

17. Contact

Kova
ABN 64 108 741 214
Email: privacy@getkova.co
Website: www.getkova.co

Also available: Terms of Service · Cookie Policy · Plain text