Privacy Policy

Covey ("we", "us", "our") is the data controller for personal data processed through the Covey mobile application, this website and related services (the "Service"). We are based in the United Kingdom and comply with the UK GDPR and the Data Protection Act 2018.

Contact for privacy matters: privacy@coveyapp.co.uk.

• Identity data: name/display name, date of birth, profile photos.
• Verification data: selfie and photo of your government-issued ID, used solely to confirm you are an adult woman. Verification images are deleted once verification is decided — we retain only a flag of the outcome.
• Contact data: email address.
• Profile data: sports/activities, bio, approximate location.
• User content: posts, comments, chat messages, community content, images you upload.
• Device & technical data: device type, OS version, app version, push token, IP-derived approximate location, crash logs.
• Subscription data: subscription status from Apple/Google via RevenueCat — we do not see or store card details.
• Website data: essential cookies and (with consent) basic analytics — see our Cookie Policy.

• Provide the Service (contract): account creation, matching, chat, communities, posts, push notifications.
• Verify your identity and keep the platform safe (legal obligation + legitimate interests): age verification, fraud prevention, moderation, enforcing our Community Guidelines, banning bad actors.
• Detect illegal content (legal obligation): images may be scanned against hashes of known child sexual abuse material (CSAM). Confirmed matches are reported to the UK NCA / NCMEC and the user is banned.
• Communicate with you (contract / legitimate interests): service updates, safety alerts, moderation decisions.
• Improve the Service (legitimate interests): aggregated analytics, crash reporting, debugging.
• Comply with law and respond to lawful requests (legal obligation).

We do not sell your personal data. We share data only with the providers we need to run the Service:

• Supabase — database, authentication and file storage hosting (EU region).
• Google Firebase Cloud Messaging — push notifications.
• RevenueCat, Apple, Google — in-app subscription management.
• OpenStreetMap Nominatim — convert place names to approximate coordinates for matching.
• Law enforcement and regulators — where legally required, or where there is a serious risk to life.

Some service providers (e.g. Google, Apple, RevenueCat) are based outside the UK. Where we transfer data outside the UK, we rely on appropriate safeguards such as the UK International Data Transfer Agreement or the EU Standard Contractual Clauses.

• Verification images: deleted once verification is decided.
• 1-to-1 chat messages: automatically deleted 30 days after they are sent.
• Profile, posts, communities: kept while your account is active.
• Account deletion: profile, photos, posts, comments, friendships and chat history are wiped. We keep a minimal record (email hash + reason) where needed to enforce bans or comply with legal obligations.
• Moderation evidence: may be retained for up to 12 months to support investigations and appeals.

Data is encrypted in transit (HTTPS/TLS) and at rest. Passwords are hashed. Production access is restricted to authorised personnel. We use row-level security so users only access their own data. If a breach affecting your rights occurs, we will notify the ICO within 72 hours and inform you where required.

• Access — request a copy of your data.
• Rectification — correct inaccurate data.
• Erasure — delete your data ("right to be forgotten").
• Restriction / objection — restrict or object to certain processing.
• Portability — receive your data in a machine-readable format.
• Withdraw consent — at any time where processing is based on consent.
• Complain — to the UK Information Commissioner's Office at ico.org.uk.

To exercise any right, email privacy@coveyapp.co.uk. We respond within 30 days.

Covey is strictly for users aged 18 and over. If we become aware that an account belongs to someone under 18 we will delete it immediately. Report concerns to safety@coveyapp.co.uk.

We may update this Privacy Policy from time to time. Material changes will be notified in-app or by email. Continued use of the Service after changes take effect constitutes acceptance.