Back to Kova

Privacy Policy

Privacy policy for Kova by AGENCY BINARY

This policy explains what data we collect, how we use it, how long we keep it, and your choices. It applies to the Kova web application and related services operated by AGENCY BINARY.

Last updated: April 6, 2026

Who we are

Kova is operated by AGENCY BINARY (“we”, “us”). For privacy requests: contact@agencybinary.fr.

What we collect

  • Account data: name, email address, and authentication identifiers from our identity provider when you sign in.
  • Workspace activity: prompts, chat messages, proposed and approved actions, execution results, and audit or history records needed to run the product.
  • Integration data: metadata required to connect third-party services (for example Google Workspace, Notion), and encrypted OAuth access and refresh tokens you explicitly authorize.
  • Technical data: limited logs and diagnostics (such as IP address, device/browser type, timestamps, error reports) used for security, abuse prevention, and reliability.
  • Billing data: if you subscribe to a paid plan, our payment processor handles card and invoice details; we receive subscription status and billing identifiers as needed to provide access.

How we use data

  • To authenticate users, enforce access control, and secure workspaces.
  • To operate AI-assisted features: interpret requests, prepare actions, and generate content you request.
  • To execute, review, approve, or log actions you initiate through connected integrations.
  • To maintain execution history, audit trails, and operational logs as described in the product.
  • To provide support, detect fraud or misuse, and improve reliability and security.
  • To comply with legal obligations and enforce our terms.

Google user data

If you connect a Google account, Kova accesses Google user data only within the OAuth scopes you approve, and only to provide the features you request (for example reading or sending email, calendar, or files where applicable). We do not sell Google user data. We do not use Google user data for advertising. We do not train generalized machine learning models on your Google content unless we explicitly notify you and you agree.

You can disconnect Google at any time from Kova; we stop using that connection for new actions, subject to retention described below.

Legal bases (EEA/UK users)

Where the GDPR or UK GDPR applies, we rely on: performance of a contract (providing Kova); legitimate interests (security, product improvement, fraud prevention), balanced against your rights; consent where required (for example certain marketing or optional analytics, if offered); and legal obligation where applicable.

Cookies and similar technologies

We use cookies and similar technologies as needed for authentication, session security, preferences, and (if enabled) analytics. Essential cookies are required for sign-in and core functionality. You can control non-essential cookies through your browser settings where applicable.

Sharing and subprocessors

We share data with service providers who process it on our instructions, for example: authentication (e.g. Clerk), hosting and infrastructure (e.g. Vercel), payment processing (e.g. Stripe), AI inference providers (e.g. Anthropic), and email or monitoring tools as needed to operate the service. We require appropriate contractual and security safeguards.

We may disclose information if required by law, court order, or to protect rights, safety, and security.

International transfers

We and our providers may process data in the European Economic Area, the United Kingdom, the United States, and other countries where we or they operate. Where data is transferred outside the EEA/UK, we use appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms where required.

Retention

We retain account, workspace, integration, and audit data for as long as your account is active and as needed to provide the service, comply with law, resolve disputes, and enforce agreements. When you ask to delete your account or data, we delete or anonymize it within a reasonable period unless we must retain specific records for legal reasons.

Security

We implement technical and organizational measures appropriate to the risk, including encryption in transit, encrypted storage of integration tokens, access controls, and monitoring. No method of transmission or storage is 100% secure; we encourage strong passwords and safe use of connected accounts.

Your rights

Depending on your location, you may have rights to access, rectify, erase, restrict or object to certain processing, data portability, and to withdraw consent where processing is consent-based. You may lodge a complaint with a supervisory authority. To exercise rights, contact contact@agencybinary.fr. We will respond within the timeframes required by applicable law.

Children

Kova is intended for professionals and is not directed at children under 16 (or the digital consent age in your country). We do not knowingly collect personal data from children.

Changes

We may update this policy to reflect product, legal, or regulatory changes. We will post the revised version on this page and update the “Last updated” date. Material changes may be communicated by email or in-app notice where appropriate.

Related documents

See also our Terms of use.