Security & Privacy

How is my data protected?

Encryption: All data encrypted in transit (TLS 1.3) and at rest

Tenant isolation: Row-level security (RLS) in the database ensures your data is completely isolated from other organizations

Authentication: Powered by Clerk with support for MFA, SSO, and social login

No shared data: Your organization's data is never accessible to other tenants, even at the database level

Where is my data stored?

Data is stored in Neon Postgres (US East region). File uploads are stored in Cloudflare R2. Payroll data is stored exclusively with your payroll provider (Gusto).

Do you sell my data?

No. We never sell, share, or monetize your data. Your data is used solely to provide the Kova service.

How does AI handle my data?

When you use AI features, relevant data is sent to Anthropic's Claude API for processing. Data is scoped to your organization only. Anthropic does not use your data to train their models.

Is Kova SOC 2 compliant?

We're working toward SOC 2 Type II certification. Our infrastructure follows SOC 2 principles including encryption, access controls, audit logging, and incident response procedures.

Can I export my data?

Yes. Go to **Settings → Export Data** to download all your organization's data in CSV format. Data portability is a core principle.

What happens when I delete my account?

All data is permanently deleted within 30 days, except where legally required (e.g., payroll tax records). You'll receive a confirmation email when deletion is complete.