Privacy Policy
COVEN AI ("we", "us", "our") is committed to protecting your personal information. This policy explains what data we collect, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.
This service is intended for adults and businesses. It is not directed at children under the age of 16, and we do not knowingly collect personal data from anyone under 16. If you believe a child has submitted data to us, please contact us at hello@covenai.io and we will delete it promptly.
1. Who We Are
COVEN AI is operated as a sole trader business based in England, United Kingdom. Contact: hello@covenai.io
2. Lawful Basis for Processing
We process your personal data on the following legal bases under UK GDPR:
- Contract performance — processing your email address and website URL is necessary to deliver paid audit reports you have purchased.
- Legitimate interests — for free scans and public tools, we process submitted URLs to generate your results. For lead capture (e.g. early-access sign-ups), we process your email to follow up on your expressed interest. These interests are balanced against your rights and do not override them.
- Consent — if you opt in to marketing communications, we will send them only with your explicit consent. You can withdraw consent at any time by emailing hello@covenai.io or using the unsubscribe link in any marketing email.
- Legal obligation — we may retain certain records to comply with applicable tax and financial regulations.
3. Data We Collect
When you purchase a report, we collect:
- Email address — to deliver your report and provide support
- Website URL — the target site you want analysed
- Payment information — processed entirely by Stripe. We never see or store your card details.
We do not use cookies, analytics trackers, or marketing pixels on this site.
4. How We Use Your Data
- To generate and deliver your purchased report
- To respond to support enquiries
- To comply with legal obligations
We do not sell, rent, or share your data with third parties for marketing purposes.
5. Third-Party Processors
- Stripe — payment processing (Stripe Privacy Policy)
- Resend — transactional email delivery (Resend Privacy Policy)
- Anthropic — AI analysis of submitted URLs (Anthropic Privacy Policy). URLs submitted are used only for report generation and are not used to train AI models.
- Railway — server hosting (EU-accessible infrastructure)
- Cloudflare — website delivery and DDoS protection (Cloudflare Privacy Policy)
6. International Data Transfers
Some of our third-party processors are based in the United States. Specifically, Stripe, Anthropic, and Resend are US-based companies. Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place:
- Stripe — relies on Standard Contractual Clauses (SCCs) and participates in the UK International Data Transfer Agreement (IDTA) framework.
- Anthropic — data transfers are covered by Standard Contractual Clauses. URLs submitted for analysis are processed only to generate your report and are not used to train AI models.
- Resend — data transfers are covered by Standard Contractual Clauses.
You can request further information about the specific safeguards in place by contacting us at hello@covenai.io.
7. Monitoring and Scanning Services
If you subscribe to our website monitoring product, COVEN AI will scan your website approximately once per hour to measure performance and other quality signals. We store a history of your site's scores over time so you can track progress and identify regressions. This scan data is tied to your account and is subject to the same retention and deletion rights as all other personal data we hold.
8. Automated Decision-Making
Our audit and monitoring reports are generated automatically using AI tools without human review. The AI analyses your website and produces findings and recommendations. While these outputs do not produce legal or similarly significant effects on their own, they may influence business decisions you make.
You have the right to request that a member of our team reviews any AI-generated report and provides a human assessment. To exercise this right, contact hello@covenai.io with your order reference and we will respond within a reasonable timeframe.
9. Data Retention
We retain your email and order details for up to 12 months for support purposes, then delete them. You can request earlier deletion at any time.
10. Your Rights (UK GDPR)
You have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data ("right to be forgotten")
- Object to processing of your data
- Lodge a complaint with the ICO at ico.org.uk
To exercise any of these rights, email hello@covenai.io. We will respond within 30 days.
11. Data Breach Notification
In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of it, as required by UK GDPR. If the breach is likely to result in a high risk to your rights, we will also notify you directly without undue delay, explaining what happened and what steps we are taking.
12. Security
All data is transmitted over HTTPS. Payment processing is handled entirely by Stripe using PCI-DSS compliant infrastructure. We do not store card numbers or CVVs.
13. Changes to This Policy
We may update this policy from time to time. Material changes will be noted on this page with a revised date.