/
PRIVACY POLICY
Privacy Policy
Last updated
January 1, 2025
Privacy Policy (Kova)
Efective date: [Month Day, Year]
Who we are: [Kova Labs, Inc.] (“Kova,” “we,” “us,” or “our”) operates the Kova website, marketplace, software agents, APIs/SDKs, hardware, and related services (collectively, the “Services”).
This Policy explains what we collect, how we use and share it, and your rights.
1) Scope & Audience
This Policy applies to:
Users/Buyers who run workloads,
Providers/Earners who supply compute,
Enterprise customers using governed/attested routes,
Website visitors to kovanetwork.com,
Partners and job applicants (as noted).
Some features (e.g., self-hosted gateways, attestation routes) may be governed by additional terms and data processing addenda (DPAs).
2) Data We Collect
A. Account & Contact
Name, email, password/SSO, organization, role, billing contacts, support communications, preferences.
B. Payment & Payout
Users: payment tokens, billing address, tax IDs (via our payment processor; we do not store full card numbers).
Providers: payout details (bank/wallet), tax/KYC/AML data where required.
C. Usage, Telemetry & Logs
API calls, job IDs/status, resource use (vCPU-sec, GPU-core-sec, GB-hr), queue times, price caps, region hints; agent/device info (OS, version, hardware profile, uptime), IP, timestamps, coarse location.
D. Workload & Content (Users)
Container images, job parameters, runtime logs you submit, checkpoint artifacts you configure. Avoid sensitive personal data unless covered by a DPA/SLA.
E. Reputation & Program Data (Providers)
Uptime, completions, dispute rate, verification outcomes, penalties/bonuses (e.g., staking/holdbacks where applicable).
F. Website & Marketing
Cookies/identifiers, page views, referral URLs, device/browser info, campaign metrics, form submissions, newsletter sign-ups.
G. Applicants/Partners
CV/resume details, interview notes, partner contacts and agreements.
We do not intentionally collect special/sensitive categories (e.g., health, biometric) except where required for compliance (e.g., KYC) via vetted vendors.
3) Sources
Direct from you; your organization; automated collection (telemetry, cookies); third parties (payments, KYC/AML, analytics, ad platforms, public sources).
4) How We Use Data
Provide the Services: account/auth, job scheduling, metering, Proof-of-Utilization (PoU) verification, support.
Security & integrity: abuse/fraud prevention, incident response, attestation, vulnerability remediation.
Payments & payouts: billing, invoicing, tax and compliance.
Optimization & R&D: performance tuning, utilization analytics, feature development (using de-identified/aggregated data where feasible).
Marketplace & reputation (Providers): routing based on uptime, completions, dispute rate.
Communications: service notices, security alerts, onboarding, product updates, and (with consent or as permitted) marketing.
Legal/compliance: audits, enforcing terms, responding to lawful requests.
5) Legal Bases (EEA/UK)
Contractual necessity; legitimate interests (security, improvement, fraud prevention); consent (e.g., some cookies/marketing); legal obligation (tax, AML/KYC).
6) Cookies & Similar Tech
Strictly necessary (auth, security),
Functional/analytics (product performance),
Marketing (where permitted).
Manage via our banner and browser settings. We honor Global Privacy Control (GPC) where required.
7) Sharing & Disclosure
We share with:
Processors/Sub-processors: hosting, analytics, payments, KYC/AML, support, email, logging/monitoring, CI/CD.
Counterparties you enable: model hubs, storage, integrations.
Your organization/admin (enterprise features and policies).
Legal/compliance and business transfers (merger/acquisition).
We do not sell personal information in the traditional sense. Where “sale”/“sharing” is defined broadly (e.g., CPRA), see Regional Notices for your rights.
8) International Transfers
We use recognized safeguards (e.g., EU Standard Contractual Clauses, UK Addendum) plus technical/organizational measures.
9) Retention
We keep data only as needed:
Account/billing: life of account + legal retention (e.g., tax).
Telemetry/PoU artifacts: through dispute/audit windows, then deleted or de-identified.
Logs: typically [30–180 days] unless required longer for security/legal.
Marketing: until you unsubscribe or request deletion.
10) Security
Least-privilege access, encryption in transit, secret management, code signing, secure boot (for Kova hardware), regular patching and monitoring. Report issues to security@kovanetwork.com. We’ll notify you of breaches as required by law.
11) Your Rights
Depending on your location, you may have rights to access/know, correct, delete, port, object/limit, withdraw consent, opt out of “sale/share”, and appeal.
Request via privacy@kovanetwork.com (or hello@kovanetwork.com) and we’ll verify and respond within statutory timeframes. Authorized agents may act where permitted.
12) Special Disclosures
A. Users/Buyers & Workloads
You control the data in workloads. Configure checkpointing/logs to minimize personal data. Self-hosted gateways/attested routes are covered by additional agreements.
B. Providers/Earners
We process telemetry and reputation signals to route jobs and calculate payouts. Where programs require KYC/AML or tax reporting, we collect what’s necessary via vetted vendors.
C. Proof-of-Utilization (PoU)
PoU generates signed metering and checkpoint hashes that show usage without revealing user content. Artifacts may reference job/config IDs.
D. Tokens, Staking & Rewards (if applicable)
We may process wallet addresses and transaction IDs to deliver rewards or enforce penalties. Blockchain data can be public/immutable—consider this when linking identities to wallets.
E. Kova Hardware
Devices run the Kova agent and transmit telemetry (health, utilization) and receive signed updates. Manage settings in the console; enterprise customers may enforce policies.
13) Children
The Services are not directed to individuals under 18. If you believe a child provided data, contact support@kovanetwork.com.
14) Third-Party Links & Integrations
Third-party sites/tools have their own policies. Review them before enabling integrations.
15) Changes
We may update this Policy. We’ll post a new Effective date and, where required, provide notice. Continued use means you accept the updated Policy.
16) Contact Us
General: hello@kovanetwork.com
Privacy: privacy@kovanetwork.com
Legal: legal@kovanetwork.com
Security: security@kovanetwork.com
Support: support@kovanetwork.com
17) Regional Notices
A. EEA/UK
Controller: [Kova Labs, Inc.] (or applicable EU/UK entity).
Representative/DPO (if appointed): [Details].
Transfers: EU SCCs/UK Addendum + supplementary measures.
You may lodge complaints with your local authority (e.g., ICO, CNIL).
B. California (CPRA)
We may collect identifiers, commercial info, internet activity, coarse geolocation, financial/payout info, professional data, and inferences for reputation.
Sources/Purposes: see Sections 3–4.
Disclosure: to service providers/processors.
Sale/Sharing: we do not “sell” data traditionally; we may engage in “sharing” for cross-context advertising where permitted—opt out via our Do Not Sell/Share link or GPC.
Rights: know/access, delete, correct, portability, opt out of sale/sharing, limit sensitive data, non-discrimination.
C. Other Regions
We honor local rights as required by law. Contact privacy@kovanetwork.com.
19) Data Map (Summary)
Category | Examples | Purpose | Typical Retention |
|---|---|---|---|
Account/Auth | Name, email, SSO | Provide access | Life of account |
Billing/Payout | Payment token, tax/KYC | Billing, compliance | Legal minimums |
Telemetry/Logs | API calls, job IDs | Operate/secure/optimize | 30–180 days |
PoU Artifacts | Signed metering, hashes | Verify/audit usage | Dispute + audit window |
Marketing | Cookies, campaigns | Comms & growth | Until opt-out |
Reputation | Uptime, completions | Routing/incentives | Life of program |