Legal Document

Privacy
Policy

Effective March 2026

Applies to Cove for iOS

Cove Media Client

Summary

The short version: we don't collect your data.

Cove is a media client application. The Cove app does not operate any servers, collect any personal information, or transmit any data about how you use it to Cove Labs. When you use Cove, you connect to a server that you or someone you trust controls. Everything that happens between you and that server is outside our knowledge and outside our responsibility. The only third parties involved in your Cove experience are Google (sign-in) and Apple (crash reporting) — their privacy policies govern those interactions.

01Overview

What this policy covers

This Privacy Policy describes the data practices of Cove, the iOS media client application. It covers what data is processed on your device, what is transmitted and to whom, and what the app's role is in any of it. This policy applies to the Cove app only — it does not represent a blanket privacy statement for Cove Labs or any other products.

Cove is a media client. It does not have a Cove Labs-operated backend. You supply the server address yourself during onboarding, and all media, search, and playback activity flows between your device and that server. Cove Labs has no visibility into those interactions.

02Authentication

Sign-in via Google

Cove uses Firebase Authentication with Google Sign-In to verify your identity. When you sign in, your device communicates with Google's servers. Google issues a temporary identity token which Cove presents to your configured server to prove who you are. The Firebase SDK may store this token locally on your device to avoid repeated sign-in prompts.

Cove Labs does not receive, store, or process your Google account information. Your name, email address, and profile picture are retrieved from Google at sign-in time, held in memory for the session, and used only to display your identity within the app. None of this is transmitted to Cove Labs.

Google's handling of your account data during the sign-in flow is governed by the Google Privacy Policy.

03Your Server, Your Data

The server you connect to is yours

During onboarding, you enter the address of a media server running the hzMedia service. This server is operated by you or by a party you have chosen to trust — it is not operated by Cove Labs.

When you use Cove, the app sends the following information to your server:

Data sent	Purpose	Destination
Firebase ID token	Authenticate your session	Your server
Search queries	Find content in your library	Your server
Playback position	Resume and history tracking	Your server
Heartbeat timestamps	Keep the session alive	Your server

Cove Labs receives none of this data. How your server stores, processes, or retains it is entirely governed by whoever operates that server.

04On-Device Storage

What stays on your device

Cove stores a small amount of data locally on your device. None of it is ever sent to Cove Labs.

What	Where	Why
Server endpoint URL	UserDefaults	Remember which server you configured
Onboarding state	UserDefaults	Skip the welcome screen on relaunch
Offline media cache	Application Support (up to 3 GB)	Content you explicitly downloaded for offline playback
Cache access metadata	Application Support	Decide which files to evict when storage is full (LFU algorithm, 7-day cycle)

You can clear the offline cache at any time from your device's Settings → Cove → Offloaded Content, or by deleting the app entirely.

05Device Logs

Diagnostic logs

Cove writes diagnostic logs to your device using CocoaLumberjack. These logs rotate every 24 hours; the three most recent files are kept and older ones are deleted automatically. Log files are stored in your device's standard Logs directory.

These logs never leave your device. Cove Labs does not have a remote logging endpoint or any mechanism to pull log data. If you contact support and we need to diagnose an issue, we may ask you to share a log file manually — that is the only circumstance under which log data would be transmitted anywhere.

Note that if the app crashes, Apple's standard crash reporting infrastructure (App Store Connect) may collect a crash report separately from these logs. That is governed by your iOS diagnostic sharing settings and Apple's privacy policy — see Third-Party Services below.

06What We Never Do

Our commitments

For absolute clarity, Cove Labs does not and will not:

Collect analytics or usage telemetry

Sell or share your data with third parties

Serve advertising or track ad interactions

Use third-party crash reporting SDKs

Access your location, contacts, or camera

Store payment or financial information

Build a profile of your listening habits

Cross-reference your activity across sessions

07Third-Party Services

External services involved

Cove integrates one third-party service. No advertising networks, data brokers, or analytics platforms are included.

GGL

Firebase Authentication (Google)

Handles the Google Sign-In flow and issues identity tokens. Google may store authentication credentials on your device. Their collection and use of data is governed by their own privacy policy.

Policy →

APL

App Store Connect (Apple)

If the app crashes, Apple's standard crash reporting infrastructure collects a crash report and makes it available to us via App Store Connect. This is provided by Apple as part of iOS app distribution and is subject to your device's diagnostic sharing settings in iOS Settings → Privacy & Security → Analytics & Improvements.

Policy →

08Children's Privacy

Age requirements

Cove has no age-restricted content. However, because sign-in is handled by Google via Firebase Authentication, Apple's App Store guidelines and COPPA require that the app not be directed at children under 13 without parental consent. There is nothing inherent to Cove that makes it unsuitable for younger users — the 13+ floor is a platform and legal requirement tied to the Google sign-in flow, not a content decision.

If you are under 13 and wish to use Cove, parental consent and supervision is required in accordance with App Store terms.

09Changes

Updates to this policy

If we make material changes to this Privacy Policy, we will update the effective date at the top of this page and, where appropriate, provide notice through the App Store release notes. Continued use of Cove after any changes constitutes acceptance of the updated policy.

Because we collect no data, the most likely reason for a policy update would be the addition of a new feature that changes the data flow — in which case we would describe that clearly.

10Contact

Questions?

If you have questions about this policy or about Cove's data practices, you can reach us at hello@covelabs.dev. We're a small team and we'll respond personally.