Security | Your information is safe and encrypted

Your security

When you use Cova to track your wealth and plan your inheritance, you are trusting us with your sensitive information. We understand this and are committed to keeping your information protected and encrypted. Please read about how we implement industry security standards with bank-grade technology and practices.

Does Cova have access to my online bank, investment, or crypto accounts?

No. Cova DOES NOT have access to your banking or crypto account credentials. We use third-party financial account aggregator services to connect to your accounts. Your banking credentials are directly sent to the respective service from your browser. Cova uses these aggregators’ APIs to collect only information like your bank account; hence, Cova cannot make any transactions on your behalf. All our aggregators adhere to industry-leading practices for data security, regulatory compliance, and privacy.

Why does Cova enforce me to Enable Two-Factor Authentication?

By enabling Two Factor Authentication (2FA) on your Cova account, whenever you sign in from a new computer, device, or browser, we will send a unique code to your phone number that you must input as part of your login; this helps keep your Cova account secured. Security is not just about protecting your data and protecting access to your account. 2FA is an extra layer of protection that makes sure that even if anyone has access to your password, they cannot log into your Cova account.

How does Cova secure your data?

At rest

Within Cova’s systems, all your data is stored using AES-256 encryption with a uniquely derived key for each user as recommended by NIST Special Publication 800-132. Every identifiable field is encrypted; these include your name, email, and phone number. We also encrypt your uploaded files and are also encrypted. We advise Cova users to choose a strong password, set up their two-factor authentication and create a PIN for their Cova document vault. Never share your login details of vault PIN with anyone.

In Transit

All communications between you and Cova are encrypted via SSL using 2048-bit certificates, and we require SSL on all communications. If someone tries to hijack your communication, they will still never be able to decrypt the data.

Administrative Access to your Information

Cova operates strict internal procedures that ensure every Cova user is protected. Our strict internal guidelines prevent any Cova employee or administrator from gaining access to your account beyond a limited approved set of data that is important to help solve issues you raise, for example, e.g., triggering confirmation emails. Cova administrators can never see your asset values, financial data or view your beneficiaries. Cova employees can never see your uploaded documents and files. Cova logs and regularly audits all accesses to your account.

What happens if Cova is breached?

At rest

Within Cova’s systems, all your data is stored using AES-256 encryption with a uniquely derived key for each user as recommended by NIST Special Publication 800-132. Every identifiable field is encrypted; these include your name, email, and phone number. We also encrypt your uploaded files and are also encrypted. We advise Cova users to choose a strong password, set up their two-factor authentication and create a PIN for their Cova document vault. Never share your login details of vault PIN with anyone.

In Transit

All communications between you and Cova are encrypted via SSL using 2048-bit certificates, and we require SSL on all communications. If someone tries to hijack your communication, they will still never be able to decrypt the data.

What happens to the data I delete from my Cova account?

When you delete data from your account, we delete all the data from our primary database and notify our aggregators to stop connecting your account and delete everything from their end. We purge our backup every 15 days. Your data will be removed from the backup FOREVER in the next backup purge cycle.

Regular audits

Security for us is not a race; it’s a marathon. We regularly audit our code and processes for security issues and apply patches as we move along. We work with industry security leaders to ensure our security protocols are up to date.

Ready to Get Started with Cova?

Start organizing your assets, tracking your investments, building your digital vault and setting up your beneficiaries for the future.