What we keep. What we don't.
Nothing hidden.

The exact list

Rather than bury this on page 9, here's exactly what we keep and exactly what we don't. If anything here changes, we update this page first.

1. Who we are

Cove is operated by Visible Media Co LLC ("Cove," "we," "us"), a company registered in Delaware, United States. We make the Cove iPhone app and run the VPN servers behind it.

Reach us at sebastian@visiblemediaco.com for anything privacy-related.

2. Information we collect

Account. Your email and a hashed (never plaintext) password, or your Apple ID and the name/email Apple shares with us.

Subscription. Apple handles payments. Apple tells us whether your subscription is active. We never see your card number.

Connection events. When you connect to Cove or disconnect, we log the event plus the timestamp. This is how we keep the service working and spot abuse.

Sign-in context. When you sign in (and again whenever you connect to the VPN), we record your IP address, the approximate location it reveals (country, city, latitude/longitude), the internet provider that issued it, and your device model / iOS version. This is used to flag suspicious sign-ins, prevent fraud and abuse, and keep the service safe — not for advertising or profiling.

DNS queries. Cove resolves domain names for the apps and websites your phone uses. We log the domains your account resolves through our service — for example, example.com — together with a timestamp and your account ID. We use this for abuse prevention (catching bots, scrapers, fraud, and accounts that violate our terms), platform-safety investigations, and answering law-enforcement requests when legally required. We do not see the content of any page, the URL after the domain, what you do on those sites, or who you talk to. DNS logs are kept for 7 days and then deleted automatically.

Bandwidth totals. A running monthly total of bytes transferred through your account — so we can enforce fair-use and keep servers stable. We do not record what those bytes contained.

Safety score quiz. If you take the safety score without an account, we store your answers anonymously, tied to a random session ID. If you later create an account and choose to save your score, we link it to your account.

Feedback. If you submit feedback in the app, we keep the rating, message, and app version until you delete your account.

Crash reports. If the app crashes, iOS may send us an anonymized crash report with no personal content.

3. What we do NOT collect

To be explicit:

• We do not inspect the content of your traffic — the actual page bodies, messages, photos, or anything past the domain name. VPN traffic is encrypted between your device and our server.
• We do not store the full URL of any page you visit (only the domain — e.g. example.com, never example.com/private/path).
• We do not fingerprint your browser, track you across apps, or build behavioral profiles.
• We do not sell, rent, license, or share your personal data — including your DNS log — with anyone for any commercial purpose. Ever.
• We do not use third-party advertising SDKs, analytics SDKs that profile individuals, or tracking pixels.

4. How we use what we collect

• Running the service — authenticating you, keeping your VPN session up, provisioning servers.
• Account security — flagging unusual sign-ins, rate-limiting abuse, blocking automated attacks.
• Abuse prevention & platform safety — investigating accounts suspected of routing bot traffic, fraud, spam, scraping, or any other violation of our Terms of Service. The DNS log is the primary tool here: it lets us spot a single account hammering the same domain a million times and shut it down before it degrades the service for everyone else.
• Fair-use enforcement — keeping per-account bandwidth within limits so one abusive account doesn't degrade the service for everyone.
• Support — when you email us about an issue, we look at your account and recent connection events to help.
• Product improvement — aggregate, anonymized metrics (e.g. "how many users used Night Out mode this week") help us prioritize what to build next.

5. Who sees your data

• Apple — processes your subscription payment and shares active/expired status with us. Their privacy policy applies to payment data.
• Our infrastructure providers — we host servers with DigitalOcean. They can see that our servers exist; they cannot read the encrypted traffic passing through them.
• Law enforcement — only when we receive a valid legal order, and only the specific data the order requires. We do not volunteer data. If legally permitted, we will inform you before responding.

6. How long we keep it

See the table at the top of this page for exact retention windows. Broadly: operational logs are kept 90 days, usage totals 24 months, account data until you delete it.

Delete your account in-app (Settings → Delete account) and everything linked to your identity is permanently removed within 30 days. We keep only the minimal records we're legally required to keep (e.g. tax records of a prior subscription payment), and these contain no browsing information.

7. Your rights

You can:

• Access — ask for a copy of the data tied to your account.
• Correct — ask us to correct anything inaccurate.
• Delete — delete your account from the app at any time; instant and irreversible.
• Port — ask for your data in a machine-readable format.
• Complain — reach out to your local data protection authority if we haven't resolved a concern.

California residents have these rights and more under the CCPA. We do not sell personal information.

Email sebastian@visiblemediaco.com to exercise any of the above. We respond within 5 business days.

8. Security

Passwords are stored using bcrypt (we genuinely cannot recover them). VPN traffic is protected end-to-end using a modern, audited encryption standard. Traffic between the app and our API uses TLS 1.2+. We patch dependencies on a rolling schedule and run a small ops team with least-privilege access.

No system is perfectly secure. If something happens that affects you, we'll tell you.

9. Children

Cove is for adults. We do not knowingly collect data from anyone under 13. If you believe a child has given us data, email sebastian@visiblemediaco.com and we'll delete it.

10. International

Cove is operated from the United States. Data is processed in the US. By using Cove from anywhere else, you're consenting to that transfer. We currently serve users in the United States primarily.

11. Changes

When we make a material change, we will notify you in the app or by email at least 14 days before it takes effect. Continued use of Cove after that constitutes acceptance.