Privacy Policy

Legal Entity: Covalent Inc.

Privacy Officer: Thomas Jackson

Contact: info@gocovalent.com

Jurisdiction: United States (Florida)

1.1 Information You Provide Directly

We collect information you provide when you:

• Create or modify your account
• Use our services and interact with F.R.I.D.A.Y. AI
• Create projects, tasks, documents, or diagrams
• Use voice commands with F.R.I.D.A.Y.
• Contact us for support
• Subscribe to our communications

1.2 AI-Generated and Interaction Data

F.R.I.D.A.Y. AI Processing:

• Voice interactions and commands
• Conversation context and memory data
• AI-generated diagrams, documents, and content
• Usage patterns and preferences for personalization
• Project analysis and workflow optimization data

1.3 Automatically Collected Information

• Device information and browser type
• IP address and location data
• Usage analytics via Google Analytics
• Performance and error logging

Information collected may include: name, email address, organization details, project data, voice commands, AI conversation history, usage patterns, and communication preferences.

2.1 Core Service Operations

We use your information to:

• Provide, maintain, and improve Peak services
• Process transactions via Stripe payment processing
• Manage your account and subscription ($49.99 Standard, $99 Unlimited, 3-day free trial)
• Send technical notices and support messages
• Respond to your comments and questions

2.2 F.R.I.D.A.Y. AI Intelligence & Memory Systems

Advanced AI Processing:

• Contextual conversation memory (retained for 60 days, user-clearable)
• Cross-project pattern recognition and insights
• Workflow optimization and bottleneck prediction
• Intelligent diagram generation and visual analysis
• Natural language understanding for project management
• Agent deployment and research coordination

⚠️ Research Note: F.R.I.D.A.Y. uses contextual memory but does not retrain underlying AI models with your data. Conversation context is stored temporarily for personalization only.

2.3 Third-Party AI Processing

Your data may be processed by our AI partners:

• OpenAI: Voice processing via Realtime 4o Voice API
• Anthropic: Advanced text analysis and generation

We follow our AI partners' data retention policies and do not use your data to train their base models.

2.4 Analytics & Improvement

• Monitor and analyze usage patterns via Google Analytics
• Improve F.R.I.D.A.Y.'s accuracy and performance
• Enhance user experience and develop new features

We do not sell, trade, or otherwise transfer your personal information to third parties.

3.1 When We Share Information

We may share your information only in these specific circumstances:

• With your explicit consent
• To trusted service providers (detailed below)
• When required by law or to protect our rights
• In connection with a merger, acquisition, or asset sale

3.2 Third-Party Service Providers

⚠️ Research Note: Voice data retention policies with OpenAI Realtime API need confirmation. Current understanding: audio is processed transiently without long-term storage.

4.1 Security Infrastructure

We implement comprehensive security measures including:

• End-to-end encryption for data in transit and at rest
• Secure Supabase PostgreSQL database with Row Level Security (RLS)
• Regular automated backups with disaster recovery procedures
• Email alerts for critical security events
• Multi-factor authentication support
• Regular security assessments and monitoring

4.2 AI Data Security

F.R.I.D.A.Y. Security Measures:

• Conversation memory encrypted with user-specific keys
• AI processing follows enterprise-grade security standards
• Voice data processed securely via OpenAI's encrypted channels
• No biometric authentication data collected or stored

4.3 Compliance & Certifications

• Current: Industry-standard security practices
• Planned: SOC 2 Type II certification
• OWASP security guidelines compliance
• Regular third-party security audits

Despite our security measures, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security but maintain industry-leading protection standards.

5.1 AI Processing Capabilities

F.R.I.D.A.Y. processes your data to provide advanced AI capabilities:

• Conversational Intelligence: Natural language understanding with contextual memory
• Orchestration Intelligence: Real-time workflow coordination and resource optimization
• Memory Intelligence: Advanced semantic memory across unlimited project history
• AI Agent Orchestra: Deploy intelligent research teams for parallel analysis
• Visual Intelligence: Screenshot analysis and interactive diagram creation
• Command Center: Voice-controlled dashboard with predictive analytics

5.2 Data Usage for AI Training

5.3 AI Processing Standards

• All AI processing adheres to strict privacy and security standards
• User consent required for AI processing (cannot opt-out while using platform)
• Transparent AI decision-making with explainable results
• Regular AI bias testing and fairness assessments

⚠️ Research Note: Confirm whether F.R.I.D.A.Y. adapts per-user beyond contextual memory or remains purely context-based without model adaptation.

6.1 Retention Periods

• F.R.I.D.A.Y. Conversation Memory: 60 days (user-clearable at any time)
• Account Data: Duration of active subscription plus 30 days
• Project Data: Retained until account deletion or manual removal
• Payment Records: 7 years for tax and legal compliance
• Analytics Data: Aggregated, anonymized after 2 years

6.2 User-Controlled Deletion

You can delete data immediately through your account:

• Clear F.R.I.D.A.Y. conversation history (instant)
• Delete individual projects and associated data
• Request complete account deletion via email
• Export data before deletion (CSV, JSON, TXT formats)

We retain information only as long as necessary to provide services, comply with legal obligations, resolve disputes, and enforce agreements.

7.1 Core Privacy Rights

You have the following rights regarding your personal information:

• Access: View all personal information we have about you
• Correction: Update or correct inaccurate information
• Deletion: Delete your account and associated data
• Portability: Export your data in standard formats
• Communication Control: Opt out of marketing communications
• Processing Objection: Object to certain processing activities

7.2 AI-Specific Controls

• Memory Management: Clear F.R.I.D.A.Y. conversation history
• Voice Data: Control voice interaction preferences
• AI Analytics: Opt out of usage pattern analysis
• Content Ownership: Retain rights to all AI-generated content

7.3 Exercising Your Rights

To exercise any of these rights, contact us at: info@gocovalent.com

We will respond to valid requests within 30 days and may require identity verification.

8.1 Types of Cookies We Use

• Essential Cookies: Required for basic platform functionality and authentication
• Analytics Cookies: Google Analytics for usage patterns and optimization
• Preference Cookies: F.R.I.D.A.Y. settings and user preferences
• Performance Cookies: Platform performance monitoring and improvement

8.2 Cookie Controls

You can control cookies through:

• Browser settings to block or delete cookies
• Platform privacy dashboard for preference cookies
• Google Analytics opt-out tools

Note: Disabling essential cookies may limit platform functionality.

9.1 Service Availability

• Primary Market: United States and North America
• Not Currently Serving: European Union residents (no GDPR compliance yet)
• Data Processing: Primarily within the United States

9.2 Future International Expansion

When we expand internationally, we will:

• Implement GDPR compliance for EU residents
• Ensure appropriate data transfer safeguards
• Update this Privacy Policy accordingly

⚠️ Research Note: Confirm CCPA compliance requirements for California residents based on user count and revenue thresholds.

10.1 Minimum Age Requirement

10.2 Future Educational Use

• Planned: COPPA-compliant version for educational institutions
• Timeline: Post-launch after core platform stabilization
• Requirements: Parental consent and enhanced privacy protections

We do not knowingly collect personal information from anyone under 18. If we discover we have collected such information, we will delete it immediately.

11.1 External Links & Services

Peak may contain links to or integrate with external services. We are not responsible for their privacy practices:

• Google Calendar: Subject to Google's privacy policy
• YouTube API: Subject to YouTube's terms and privacy policy
• Slack Integration: Subject to Slack's privacy policy (coming soon)
• External Links: Third-party websites accessed through Peak

11.2 Integration Data Sharing

When you connect external services:

• Data is shared only with your explicit permission
• You can disconnect integrations at any time
• Each service maintains its own privacy practices

12.1 Update Process

We may update this Privacy Policy to reflect:

• New F.R.I.D.A.Y. AI capabilities and features
• Changes in data processing or third-party services
• Legal compliance requirements
• Enhanced user privacy controls

12.2 Notification Methods

• Major Changes: 30 days advance notice via email
• Minor Changes: Updated "Last Modified" date and in-app notification
• Emergency Changes: Immediate notice for security or legal reasons

Your continued use of Peak after policy updates constitutes acceptance of the revised terms.

13.1 Privacy Officer Contact

13.2 Response Times

• Privacy Requests: 30 days maximum response time
• Security Incidents: Immediate investigation and response
• General Inquiries: 5-7 business days

13.3 Legal Compliance

This Privacy Policy is governed by Florida state law and applicable U.S. federal regulations. For data protection concerns or compliance questions, contact our Privacy Officer directly.