Back to Covrd
Last updated · 4 May 2026

Privacy policy

A plain-English summary of how Covrd handles your information — what we collect, who we share it with, and how to delete it.

Beta software notice. Covrd is currently in private beta testing. Some features may not work as expected, and the privacy practices described here are subject to change before public launch. End-to-end encryption is not yet active — see "Security" below.

Who we are

Covrd is operated by James Vann, based in Dubai, United Arab Emirates. References to "we," "us," or "our" in this policy mean the operator of the Covrd app and website at covrd.chat.

For privacy questions, contact privacy@covrd.chat.

What this policy covers

This policy describes how we handle information when you use the Covrd mobile app and the website at covrd.chat. By using Covrd, you agree to the practices described here.

Information we collect

Account information

When you sign up, we collect your phone number, a username you choose, and optionally a profile photo and display name.

Contacts

If you grant permission, the app reads your phone's address book to find which contacts also use Covrd. Phone numbers are hashed before being checked against our database. We do not store your full contacts list.

Messages and media

Text messages, photos, videos, voice recordings, and stories you send through the app are stored on our servers (hosted by Supabase, Inc.) so they can be delivered to recipients. Stories expire after 24 hours. Direct messages are retained until you or the recipient delete them. End-to-end encryption is not currently active — we are working on it. Until it is, treat anything you send through Covrd the way you would treat a regular text message.

Voice notes in anonymous groups

When you send a voice note in an anonymous group, the audio is sent to OpenAI for transcription (Whisper API) and to Microsoft Azure for re-synthesis in a different voice (Azure Speech Service, UK South region). Both providers process the audio under their own privacy policies. We do not retain the original recording after synthesis completes.

Voice calls

Calls are routed peer-to-peer where possible. When a direct connection cannot be established (typically due to network configuration), media is relayed through Cloudflare's TURN service. Cloudflare receives encrypted call media solely to relay it between participants — they do not store call content or transcribe it. Call metadata (caller, recipient, start time, duration) is stored in our database for call history.

In-app support assistant

Covrd includes a built-in support conversation that uses Anthropic's Claude AI to answer questions about the app. When you send a message in the Covrd Support chat, your message and recent conversation history are sent to Anthropic for the assistant to generate a reply. Anthropic processes the message under its own privacy policy and does not use Covrd conversations to train its models.

Device and usage information

We collect basic device data (device model, operating system version, app version) and Expo push notification tokens so we can deliver notifications to your device.

Crash and error reports

When the app encounters an unexpected error, technical information about the crash is sent to Sentry, our error monitoring service. This includes stack traces, device information, app version, and an anonymous user identifier. We use this data to diagnose and fix bugs. Sensitive content such as message text, contacts, and authentication tokens are filtered out before transmission.

Anonymous group activity

In groups you create with anonymity enabled, the link between your real account and your codename is stored on our servers. Other members of the group cannot see this link. Group creators may optionally enable an "admin-visible" mode, in which they alone can see the link — members are told upfront when this mode is active.

Reports you submit

When you report a user or message inside the app, we receive your report along with a snapshot of the reported content (message text, codename or username, timestamp). Reports are reviewed by our team and are retained for up to 12 months for moderation history, even if you or the reported user deletes accounts.

Third parties we share information with

  • Supabase, Inc. — database, file storage, real-time messaging, authentication. Hosted in the EU.
  • OpenAI — voice note transcription via Whisper API. Audio is sent only when a user sends a voice note in an anonymous group.
  • Microsoft Azure — voice synthesis via Azure Speech Service. Used only for voice notes in anonymous groups. Hosted in the UK.
  • Anthropic — powers the in-app support assistant via the Claude API. Receives only messages sent in the Covrd Support chat.
  • Cloudflare — TURN relay for voice calls. Receives encrypted call media only when peer-to-peer connection is unavailable.
  • Sentry — crash reporting and error monitoring. Receives stack traces, device information, and anonymous user identifiers when errors occur.
  • Apple Push Notification service / Expo Push Service — to deliver push notifications.
  • App stores — Apple TestFlight during beta, Apple App Store at full launch.

We do not sell personal data, and we do not share data for advertising purposes.

Your rights

Depending on where you live, you may have rights including:

  • Access — request a copy of the personal data we hold about you
  • Deletion — request that we delete your account and associated data
  • Correction — request that we fix inaccurate information
  • Objection — object to specific uses of your data

To exercise any of these rights, email privacy@covrd.chat. We will respond within 30 days.

You can delete your Covrd account at any time from within the app, which will remove your account, profile, contacts, codenames, and stored media from our servers within 30 days. Messages you sent in conversations with others may remain in those conversations as part of the recipients' chat history, but will no longer be associated with your identity — they will appear as "Deleted user."

Data retention

  • Account data — kept until you delete your account.
  • Messages — kept until deleted by you or the recipient.
  • Stories — automatically deleted after 24 hours.
  • Voice notes (anonymous groups) — the synthesised version is stored alongside the message; the original recording is deleted after synthesis.
  • Reports — retained for up to 12 months for moderation history.
  • Backups — routine database backups are retained for up to 30 days.

Children

Covrd is not intended for users under the age of 17. We do not knowingly collect data from anyone under that age. If you believe a child has used Covrd, contact privacy@covrd.chat and we will delete the account.

Security

We use industry-standard security practices, including TLS for data in transit and access controls on our database. End-to-end encryption for messages is currently in development and will be added in a future update. Until then, treat anything you send through Covrd the way you would treat a regular text message.

Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the "Last updated" date at the top and, where appropriate, notify you in the app or by email.

Contact

For privacy questions or to exercise your rights, contact privacy@covrd.chat. For general support, contact support@covrd.chat.

Terms of Use Support privacy@covrd.chat