Kove
Try KoveOpen Kove
MenuClose

Browser extension

Kove Connect — Privacy Policy

Effective date: June 7, 2026

Privacy contact: procc.main@gmail.com

Kove Connect reads a signed-in session from a site you explicitly choose to connect, only after you start a capture from Kove, and hands it back to the Kove web app. It never reads your password and never works in the background.

Single purpose

Kove Connect has one purpose: to connect a site you are already signed in to — in your own browser — to your Kove account, so Kove can act for you on that site. It does nothing else.

Data the extension reads

  • Cookies for the site you chose to connect (including httpOnly session cookies).
  • localStorage for the signed-in page on that site.
  • indexedDB database names and versions for that page’s origin.
  • Your browser’s user-agent string.

Data the extension never collects

  • Your Kove account token or password.
  • Passwords you type into third-party sites.
  • Anything from sites you did not choose to connect.
  • Your browsing history or activity in other tabs.

How a capture works

  • You start a capture from Kove for a supported site.
  • The extension opens that site’s login page in a new tab. You sign in normally.
  • Once you are signed in, the extension reads the session for that site, in that tab only.
  • It returns the captured session to the Kove web app page that asked for it. The extension itself never sends anything to the Kove API.

Why the extension asks for these permissions

  • cookies — to read the session cookie the site set after you signed in.
  • scripting — to read the signed-in page’s localStorage and show the in-page “Finish connecting” prompt.
  • storage — to keep a small local list of your recent captures, shown in the popup.
  • Site access — limited to the specific sites Kove supports connecting (alo.bg, bazar.bg, fresha.com, hippotaxi.bg, olx.bg). The extension reads a site’s session only on a capture you explicitly start — never passively.

Storage and transfer

The captured session is treated as a password-class secret: sent only to your Kove web app over HTTPS, encrypted at rest by Kove, and never written to logs. The extension keeps only a small local record of recent captures for the popup, which you can clear at any time.

Retention and control

You can disconnect a site from the extension popup, which clears its local record. Retention of any session you submit to Kove is controlled by Kove and described in the main Kove Privacy Policy.

Data use

Captured sessions are used only to provide the connect feature you asked for. They are never sold, never used for advertising, and never shared except as needed to operate the feature for you.

Contact

Questions about this policy: procc.main@gmail.com.

See also: Kove Privacy Policy · Terms