Kove
Sign inTry Kove
MenuClose

Legal

Privacy Policy

Effective date: February 25, 2026

Privacy contact: procc.main@gmail.com

Mailing path: Bulgaria, Varna Region, Varna Municipality, 9000 Varna, Odessos District, 10 Aleko Konstantinov St., floor 1, apt. 3.

Quick summary

  • We collect account, conversation, voice, integration, automation, and billing data to provide assistant features.
  • Google, voice, and external-site actions run only after explicit connection, consent, or your instruction.
  • You can export, reset, delete, and disconnect from account controls.
  • We do not sell your personal information.
  • Security, billing, and abuse-prevention logs are retained for defined periods.

1. Who we are

MTG LTD. is the data controller for Kove and related services.

Legal entity
MTG LTD.
Role
data controller
Registered address
Bulgaria, Varna Region, Varna Municipality, 9000 Varna, Odessos District, 10 Aleko Konstantinov St., floor 1, apt. 3.
Company number
UIC/PIC 207520386
Contact email
procc.main@gmail.com
DPO / privacy email
procc.main@gmail.com

2. Overview

Kove is the product name. MTG LTD. is the legal entity that offers and operates the service as the data controller for the portal and connected services.

Most data comes directly from you. When you connect Google or ask Kove to act on an external website, we also receive the data those services return so we can complete your request.

3. Information we collect

  • Account details such as your email, display name, phone number if you add one, linked channel identifiers, and billing country or VAT details if you purchase a paid plan.
  • Telegram and portal messages, including prompt text, assistant replies, optional voice recordings uploaded to our backend for transcription and summaries, transcripts, uploaded files, and conversation history.
  • Preference settings such as provider, reply style, help depth, summary settings, and account controls.
  • Integration status and scope metadata if you connect Google Calendar or Gmail, plus browser-automation session state, approved site credentials encrypted at rest, related consent records, and data returned by those services or websites when you ask Kove to act there.
  • Security, reliability, and billing logs used for abuse prevention, audit trails, service health, accounting, dispute resolution, and fraud review.

4. How we use your information

  • To provide assistant replies through selected AI services, organize conversations into chats and memory context, and process uploaded files, voice recordings, and transcripts.
  • To run account controls such as memory view, data export, reset, delete, preference changes, and privacy-request workflows.
  • To complete Google, voice, and external-site actions only after consent, connection, or a task instruction from you, such as calendar updates, Gmail sending, transcription, and browser automation.
  • To secure accounts, run browser automation requested by you, support billing through Stripe, maintain service records when paid plans apply, and meet accounting obligations.

5. Legal basis

  • Article 6(1)(b) contract performance for core assistant, memory, account, billing, and support features.
  • Article 6(1)(a) consent for optional Google integrations, voice recording uploads for transcription, and browser actions that use external credentials when you approve them.
  • Article 6(1)(f) legitimate interests for security, abuse prevention, service diagnostics, and limited product improvement.
  • Article 6(1)(c) legal obligation for tax, accounting, fraud prevention, and lawful disclosure requests.

6. Sharing and third parties

We use service providers to run hosting, storage, analytics, AI inference, browser automation, and billing. Current providers can include OpenAI, Anthropic, Steel.dev, Stripe, Google, Firebase / Firestore, and Google Cloud Run. We do not sell your personal information.

If you connect Google, we only access the scopes you approve and you can disconnect or revoke access at any time from preferences. We may also disclose information when required by law, to respond to valid legal requests, or to protect the rights, safety, and security of Kove, our users, and the public.

7. Data retention

We keep account, memory, conversation, and integration data while your account is active and for up to 30 days after deletion so backups can expire safely. Voice recordings are uploaded for transcription and summaries; recordings, transcripts, and conversation history remain available until you delete them or the related account data, then follow the same deletion path.

Browser-automation credentials remain until you delete them, disconnect the integration, or delete the account, then follow the same backup window. Security logs are typically kept for up to 90 days. Billing, tax, and accounting records are kept for the period required by law, which may be up to 10 years where applicable.

8. International transfers

Some processors may store or process data outside the EEA, including in the United States or other countries where our providers operate. This can include OpenAI, Anthropic, Steel.dev, Google, Firebase / Firestore, and Google Cloud Run regions.

When we transfer personal data internationally, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent Article 46 transfer mechanisms, together with technical controls and access limits.

9. Your controls and rights

  • Use export controls to receive a JSON copy of your account profile, memory, and conversation data.
  • Use delete controls to remove account-linked data in active systems.
  • Use reset controls to clear memory/profile/messages while keeping your account link.
  • Disconnect Google integrations and revoke connector consent from the portal at any time.
  • Update preferences for provider, performance mode, and summaries from your account settings.

10. Security

We apply technical and organizational safeguards including access controls, encrypted transport, webhook secrets, replay dedupe checks, rate limits, encrypted storage for credentials, and least-privilege access to third-party systems.

No system is perfectly secure, but we monitor abuse and incidents and respond quickly when issues are identified.

11. Your GDPR rights

  • Right of access to a copy of your personal data.
  • Right to rectification if your data is incomplete or incorrect.
  • Right to erasure, subject to legal retention limits.
  • Right to restriction of processing in the cases provided by law.
  • Right to data portability for data you provided to us where technically feasible.
  • Right to object to processing based on legitimate interests.
  • Right to withdraw consent at any time without affecting prior lawful processing.
  • We do not use solely automated decisions that produce legal or similarly significant effects. If you believe one has been made, you can object and ask for human review.
  • Right to lodge a complaint with the Bulgarian Commission for Personal Data Protection (CPDP), 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, https://www.cpdp.bg/, or with your usual EEA supervisory authority.

12. Children and caregiver setups

Kove is not directed to children under the age required by local law without appropriate supervision and consent. Caregivers who set up the account for a family member should only share information they are authorized to provide.

13. Policy updates

We may update this policy when products, legal requirements, or security practices change. We will post the new effective date, keep a change log for material revisions, and provide notice in-product or by email when required.

14. Google API Services — Limited Use

When you connect a Google account, Kove accesses only the Google data needed for the features you use — Google Calendar events you ask Kove to manage, and sending email through Gmail when you approve it. Kove requests the minimum scopes required and you can disconnect or revoke access at any time from Preferences.

Kove's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, Kove does not:

  • Transfer or sell Google user data to third parties such as advertising platforms, data brokers, or information resellers.
  • Use Google user data for serving advertising, including retargeting or personalized or interest-based advertising.
  • Use Google user data to determine credit-worthiness or for lending purposes.
  • Allow humans to read Google user data, except (a) with your specific consent to view specific data, (b) where necessary for security or to comply with applicable law, or (c) where the data is aggregated and anonymized for internal operations.

15. Contact us

Privacy contact: procc.main@gmail.com

Mailing path: Bulgaria, Varna Region, Varna Municipality, 9000 Varna, Odessos District, 10 Aleko Konstantinov St., floor 1, apt. 3.

Use the contact email above for privacy questions, data requests, objections, or complaints. We will respond within the time limits required by law.

If MTG LTD. has not appointed a formal data protection officer, the privacy contact and DPO / privacy email above remain the monitored contact route for data protection requests.