Skip to content

Privacy Policy

Last updated:July 5, 2026  ·  Effective: June 28, 2026

The short version

  • Kova is a tool for airline employees doing standby (non-rev) travel. It is built for adults age 18 and older.
  • We do not sell your personal information and we do not share it for cross-context behavioral or third-party advertising.
  • We are not affiliated with, endorsed by, or operated by any airline. We do not access airline employee portals (Flying Together, TravelNet, Jetnet, etc.). We never tell your employer that you use Kova.
  • Boarding-pass verification reads only the data already inside the pass you choose to share. We don’t keep the file. We keep a small set of derived fields and one-way hashes used to detect fraud.
  • You can export your data, correct it, delete your account, and revoke any consent at any time — from inside the iOS app or on the web at flykova.com/account/settings/privacy.
  • Questions: privacy@flykova.com.

1. Introduction & Scope

This Privacy Policy (“Policy”) describes how Black Bull Capital, LLC, doing business as Kova (“Kova,” “we,” “us,” or “our”), collects, uses, discloses, and safeguards personal information when you use our iOS application, our website at flykova.com and related domains, and any related services we provide (collectively, the “Services”). It applies to all users of the Services, including airline employees, their dependents and travel companions, and visitors to our website.

By creating an account or using the Services, you confirm that you have read this Policy. If you do not agree with this Policy, do not use the Services.

2. Information We Collect

We collect the categories of personal information listed below (the bracketed labels mirror the California Consumer Privacy Act categories under Cal. Civ. Code § 1798.140).

(a) Information you give us directly — [Identifiers; Customer Records; Professional Information; User Content]

  • Account information: email address, display name, your date of birth (collected once at signup for the 18+ age gate), and your Apple ID relay address if you use Sign in with Apple. We do not store user passwords; account access is via Sign in with Apple and email magic links.
  • Profile information: airline employer (e.g., UA, AA, DL), priority code (e.g., SA1, D2, ID1), home airports, and seniority/hire date if you choose to provide it.
  • Trip and watchlist data: origin, destination, dates, flight numbers you save, and notes you add.
  • Community contributions: boarding outcomes (boarded / didn’t board / standby cleared), load reports, gate screenshots you choose to upload, crew-chat messages, comments, and reactions.
  • Boarding-pass verification material: the contents of any .pkpass file or boarding-pass barcode you choose to share with us. See Section 8.
  • Support correspondence: the contents of any message, screenshot, or attachment you send to support, plus what you choose to tell us in surveys or feedback prompts.

(b) Information collected automatically — [Identifiers; Internet/Network Activity; Geolocation; Sensor/Device Data]

  • Device information: device model, operating-system version, app version, language and timezone, App Group identifier, and a Kova-issued install identifier.
  • Log information: IP address (truncated for analytics), request paths, status codes, timestamps, and user-agent.
  • Push tokens: Apple Push Notification service tokens, used only to deliver notifications you ask for.
  • Diagnostic data: crash reports, performance traces, and exception messages, with personal identifiers scrubbed before upload.
  • Approximate location: derived from your IP at request time. We do not store precise geolocation in your account.
  • Precise location (only when you ask for it): if you turn on the “Get Me Home” feature, iOS asks you separately for “While Using” location access. We use that single fix to find your nearest airport. We do not record a continuous track.

(c) Information from third parties — [Identifiers; Commercial Information]

  • Authentication providers: when you Sign in with Apple, Apple sends us a stable user identifier and (if you allow it) a relay email address.
  • Payments: all subscriptions are billed through Stripe at flykova.com. Stripe sends us subscription status, your card brand, and the last four digits of your card number, but never the full card number (PAN). We do not process payments inside the iOS app.
  • Aviation data feeds: we receive flight schedules and operational data from aviation data providers (see Section 6). These feeds describe flights, not you.

(d) Information we infer — [Inferences]

  • Outlook predictions for specific flights, derived from public load history, your contributed reports, schedule data, and aircraft type.
  • Your verification tier (e.g., verified crew, unverified) and a derived classification of whether your most recent boarding pass appears to be employee non-rev, pass-rider non-rev, or revenue.
  • Aggregated usage patterns we use to debug the app and improve predictions.

(e) Sensitive personal information

The CCPA, the Colorado, Connecticut, Delaware, Maryland, Minnesota, Montana, New Jersey, Oregon, and Texas state privacy laws all classify certain data as “sensitive.” In the ordinary course of using Kova, we may handle the following sensitive categories: account-access tokens (refresh tokens and one-time codes, stored only as one-way SHA-256 hashes; we do not store passwords) and, when you turn on “Get Me Home,” precise geolocation for the duration of that single request. We do not collect Social Security numbers, driver’s license numbers, passport numbers, financial-account numbers, racial or ethnic origin, religion, union membership, genetic data, biometric identifiers, health data, or sex-life or sexual-orientation data. We do not use sensitive personal information to infer characteristics about you. California residents have a right to limit the use of sensitive personal information; see Section 12.

3. How We Use Information

We use personal information for the following purposes:

  • Provide the Services — create your account, deliver predictions, sync your watchlist and trips, deliver crew-chat messages and notifications, and process subscriptions.
  • Verify your eligibility for verified-crew features — parse and validate boarding passes you share, cross-reference against flight schedules, and detect replay and fraud.
  • Improve and train our prediction models — use de-identified, aggregated load and outcome data to improve prediction accuracy (see Section 7 for the model-training opt-out).
  • Communicate with you — send transactional emails, push notifications you opted into, and security or service-change notices.
  • Diagnose and debug — investigate crashes and anomalies; the data is scrubbed of personal identifiers before it leaves the device.
  • Comply with law and protect Kova — respond to legal process, prevent abuse, and enforce our Terms.

We do not use any personal information for purposes incompatible with the purposes described above without first asking you. We do not use the contents of your private crew-chat messages to train prediction models.

4. How We Share Information

We do not “sell” personal information as the term “sale” is defined under the California Consumer Privacy Act, the Nevada SB 220 statute, or any other US state privacy law. We do not “share” personal information for cross-context behavioral or third-party advertising as the term “share” is defined under the California Consumer Privacy Act. We have not sold or shared personal information for these purposes in the preceding 12 months.

We disclose personal information to the following categories of recipients:

  • Service providers / sub-processors who process information on our behalf under written contracts that limit them to processing on our instructions and that require equivalent protection. The current list is below and is mirrored at /legal/subprocessors.
  • Other Kova users, only when you choose to share — for example, posting a boarding outcome to community loads, sending a crew-chat message, or uploading a load report. We tell you at the moment you do this what becomes visible.
  • Legal authorities, if we are required to by valid legal process, or when we have a good-faith belief that disclosure is necessary to protect rights, property, or safety.
  • Victims of fraud or impersonation, on a limited and need-to-know basis, where we determine in good faith that disclosure is necessary to allow the affected person to file a report with law enforcement. For example, if your name or boarding pass appears to have been used by another account to obtain verified-crew status, we may share with you the limited account context required to make a police report.
  • A successor entity, in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to confidentiality obligations and your continuing rights under this Policy.

Current sub-processors:

CategoryProviderPurpose
AuthenticationAppleSign in with Apple; email magic links are generated and verified in-house (no third-party auth provider)
PaymentsStripeSubscriptions, billing (web only)
Push & WalletApple (APNs, PassKit)Notifications, boarding passes
EmailResendTransactional email
Image OCRGoogle Gemini APIReading text from images you choose to upload (see Section 7 for retention and Google’s use of inputs)
DiagnosticsSentryCrash and error reporting (PII scrubbed)
InfrastructureCloudflareCDN, network, DDoS protection
Aviation dataPublic and commercial aviation data sourcesFlight schedules, positions, and operational data (no user PII transmitted)
HostingSelf-managed infrastructure (United States)Application servers, databases
Backup storageBackblaze, Inc.Encrypted off-site database/file backups (United States; data is encrypted before upload — Backblaze only ever receives ciphertext)

We will post material additions to the sub-processor list at /legal/subprocessors at least 14 days before they take effect. Each provider processes information on our behalf under its data-protection terms, limited to processing on our instructions. Kova data is stored and primarily processed in the United States; our CDN and edge-security provider (Cloudflare) may handle network traffic transiently at the edge location nearest the request. The aviation data feeds listed above receive no user personal information and are included for transparency only — they are not personal-data sub-processors.

5. “Sale,” “Sharing,” and Targeted Advertising

We do not sell personal information for money or other valuable consideration. We do not share personal information with third parties for cross-context behavioral advertising, targeted advertising, or profiling that produces legal or similarly significant effects on you. We do not knowingly sell or share personal information of any minor under 16. We do not run third-party ad networks. We honor browser-level Global Privacy Control (GPC) signals as an opt-out request from California, Colorado, Connecticut, Delaware, Maryland, Minnesota, Montana, New Hampshire, New Jersey, Oregon, and Texas residents, and as an authorized opt-out preference signal in any other state that requires it.

Texas residents: NOTICE: We do not sell your sensitive personal data. NOTICE: We do not sell your biometric personal data.

California residents may exercise their rights at flykova.com/account/settings/privacy, in the iOS app under Settings → Privacy & Data, by emailing privacy@flykova.com, or via the “Your Privacy Choices” link in the website footer.

6. Aviation-Specific Disclosures

  • No airline-system access. Kova does not access, scrape, integrate with, or pull data from any airline employee portal, including United’s Flying Together, Delta’s TravelNet/DeltaNet, American’s Jetnet, Southwest’s SWALife, Alaska’s AlaskasWorld, JetBlue’s BlueNet, Sabre, Jetnet for AA, CCI, or any reservation, departure-control, or revenue-management system. All data is volunteered by you or comes from public/government sources (FAA SWIM, BTS T-100, ADS-B).
  • Your employer is not notified. We have no contractual relationship with any airline. We never notify your employer that you use Kova. Profile fields you enter (such as airline) exist only to filter and personalize your experience inside Kova.
  • Boarding-pass minimization. When you choose to verify with a boarding pass, we parse the pass on our servers, retain only the minimum verification fields (see Section 8), and discard the original file.
  • Community-load anonymity. Boarding outcomes and load reports are stored without your name, email, or employee ID, and are surfaced to other users in aggregate. We do not show your identity alongside your reports unless you explicitly choose to.
  • Employer policy acknowledgment. You are responsible for complying with your own employer’s social-media, confidentiality, and data-handling policies. The Terms of Service describe this in more detail.
  • Trademarks. Airline names and IATA codes are used only nominatively to identify those carriers’ flights. Kova is not affiliated with, endorsed by, or sponsored by any airline.

7. AI, Machine Learning & Automated Decisions

Kova uses statistical models and machine learning to estimate seat availability, recommend routings, and surface relevant flights. The inputs are public schedule data, public load-factor history (e.g., U.S. Bureau of Transportation Statistics T-100), aircraft and equipment data, and de-identified boarding outcomes contributed by Kova users. Outputs are advisory and informational. They do not produce legal or similarly significant effects on you. They are not used to make decisions about employment, credit, insurance, housing, healthcare, or essential goods or services.

Training data: when you submit a boarding outcome or load report, you grant Kova a license to (a) display anonymized aggregates to other crew, and (b) use the report to improve Kova’s prediction models. Personal identifiers (name, email, employee ID) are stripped before any data enters a training pipeline. You may opt out of future training-data collection at any time at flykova.com/account/settings/privacy(toggle “Opt out of model training”). Opting out does not delete your account; it does not retroactively remove already-trained model weights, but excludes your future contributions.

Third-party AI processors. When you upload an image (for example, a gate-monitor screenshot for OCR), the image is sent over TLS to Google’s Gemini API. We currently use the standard Gemini API tier; under Google’s applicable terms for that tier, Google may retain submitted content for a limited period (typically up to 30 days, longer where law requires) and may use submitted content to operate, improve, and develop its services and machine-learning models. We do not send identifying account information alongside the image. We are evaluating a migration to a paid commercial tier with stricter no-training terms; if and when that happens, we will update this Policy and post the change to /legal/subprocessorswith at least 14 days’ advance notice. If you would prefer not to use image OCR, you can enter load information manually instead.

We list current AI sub-processors in Section 4 and at /legal/subprocessors.

Profiling opt-out. Residents of California, Colorado, Connecticut, Delaware, Maryland, Minnesota, Montana, New Hampshire, New Jersey, Oregon, Texas, and Virginia have a right to opt out of profiling. The fastest path is to flip the “Opt out of profiling” toggle at flykova.com/account/settings/privacy, which records your preference immediately. Because Kova’s outputs are advisory and are not individualized in a way that produces legal or similarly significant effects, Kova does not perform profiling of that kind; this control records your preference so that your account is excluded from any profiling-based personalization should we introduce it. You can also email privacy@flykova.comwith the subject line “Profiling Opt-Out.”

8. Boarding-Pass Verification (BCBP / .pkpass)

Kova’s “verified crew” flow asks you to share a boarding pass — either an Apple Wallet .pkpass or its IATA Resolution 792 BCBP barcode payload. We use this to confirm you are an actual airline employee or pass-rider on a non-revenue itinerary.

  • What we read: airline code, flight number, flight date, origin and destination airports, passenger surname, fare basis or priority code, the pass’s digital signature (if a .pkpass), and any “for individual airline use” field that contains a non-rev priority indicator.
  • What we keep: the airline code, flight number, flight date, origin/destination, the verification verdict, the detected priority code (e.g., “SA1P”), the standby signals we found, the signing Pass Type Identifier, and two one-way SHA-256 hashes — one of the (airline + flight + date + name + reservation locator) tuple to detect replays, and one of the normalized passenger name to detect cross-account harvesting. We do not store the reservation record locator (PNR), the Known Traveler Number (KTN), or the original .pkpass file.
  • What we use it for: to set your verification tier and auto-fill your airline and priority code on your profile, to detect replayed or stolen boarding passes, and to gate access to verified-crew features such as crew chat.
  • How long we keep it: verification attempts are retained for 24 months for fraud prevention and audit; replay hashes and name hashes for the same period. After deletion, hashes can no longer be reversed because there is no source data left.
  • Your right to delete it: you may purge all boarding-pass-derived records at any time. On the web, open flykova.com/account/settings/privacy and tap “Delete verification data,” or email privacy@flykova.com. Deleting verification data revokes your verified-crew tier.

We display a privacy disclosure inside the app the first time you open the verification flow, summarizing what is read, kept, and discarded. Submitting a pass is your affirmative consent to the processing described here.

9. Data Retention

We keep personal information only for as long as we need it to provide the Services or to comply with our legal obligations. Concrete retention periods:

  • Account profile: for the life of your account.
  • Trips, watchlist, saved searches: for the life of your account.
  • Boarding-pass verification artifacts (Section 8): 24 months.
  • Boarding-pass file itself: never persisted; discarded after parse.
  • Community contributions and load reports: retained on the platform indefinitely in anonymized form even after account deletion (because they have been made public to other crew); your account identifier is severed at deletion.
  • Crew-chat messages: 24 hours for routine messages, longer if subject to a legal hold or abuse investigation.
  • Diagnostic and crash logs: 30 days.
  • Subscription and billing records: retained as required by U.S. tax law (generally up to 7 years), primarily through our billing provider, Stripe.
  • Backups: retained on a short rolling cycle (currently approximately 30 days) and then overwritten.

When you delete your account, we begin hard deletion immediately on confirmation of your verified deletion request and ordinarily complete the database-level deletion the same day. Backup snapshots that captured your data prior to deletion are aged out of rotation within the rolling backup window above. Aggregated, de-identified data and material we are required to retain for legal, tax, audit, fraud-prevention, or security purposes may persist after that point.

How to delete from each surface. In the iOS app, open Profile → Settings → Privacy & Data → Delete Account. On the web, open flykova.com/account/settings/privacy and use the “Delete my account” control in the Danger zone. Both paths send a 6-digit confirmation code to your account email; entering it triggers immediate hard deletion. If neither surface is available to you, email privacy@flykova.com from the email on your account.

10. Security

We use industry-standard safeguards: encrypted connections (TLS) for data in transit, encryption at rest, SHA-256 hashing of identifiers used for fraud detection, certificate pinning on our production iOS client, scoped least-privilege access controls, audited administrative access, and parameterized database queries to guard against SQL injection. Account access uses Sign in with Apple and email magic links; we do not store user passwords. Authentication artifacts (refresh tokens, magic-link codes, deletion confirmation codes) are stored only as one-way SHA-256 hashes. We monitor for anomalies and intrusion. Despite these protections, no system can be guaranteed perfectly secure; you are responsible for protecting access to your email account, your Apple ID, and your device.

11. Children’s Privacy

The Services are intended for adult airline crewmembers age 18 and older. We do not knowingly collect personal information from children under 13 (the standard set by the Children’s Online Privacy Protection Act, 15 U.S.C. §§ 6501–6506), and we do not direct the Services to anyone under 18. We use a neutral date-of-birth gate at signup. If we learn that we have collected personal information from a child under 13, we will delete it promptly and terminate the associated account. A parent or legal guardian who believes a child under 13 has provided us information may contact us at privacy@flykova.com. Apple Family Sharing purchase data is not provided to us.

12. Your Privacy Rights

Depending on where you live, you may have some or all of the following rights with respect to your personal information:

  • Right to know / access: what personal information we hold about you, the categories, sources, purposes, and recipients.
  • Right to a copy / portability: a machine-readable export of the personal information you provided.
  • Right to correct: inaccurate personal information.
  • Right to delete: personal information we hold about you, subject to legal exceptions.
  • Right to opt out of sale of personal information, sharing for cross-context behavioral advertising, profiling that produces legal or similarly significant effects (see Section 7 — Kova does not currently conduct such profiling; the toggle records your preference for any future feature), and use of sensitive personal information beyond enumerated necessary purposes.
  • Right to limit use of sensitive personal information (California residents).
  • Right to non-discrimination for exercising any of these rights.
  • Right to appeal a denial of your request, within 45 days, in Virginia, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, and Texas.
  • Right to lodge a complaint with your state attorney general or supervisory authority.

How to exercise your rights. Submit a request from inside the iOS app at Profile → Settings → Privacy & Data, on the web at flykova.com/account/settings/privacy, or by emailing privacy@flykova.com. We will verify your identity (typically by sending a confirmation link to the email on the account) before fulfilling a request. We respond within 45 days; we may extend once by an additional 45 days when reasonably necessary, with notice. Requests are free of charge unless they are manifestly unfounded or excessive. You may also designate an authorized agent to submit a request on your behalf, with written authorization and verification.

Nevada residents. Nevada law (NRS 603A.340) permits Nevada consumers to opt out of the sale of certain personal information. We do not sell personal information; you nonetheless may submit a verified opt-out at privacy@flykova.com.

California “Shine the Light”.California Civil Code § 1798.83 permits California residents to request information about disclosures to third parties for direct-marketing purposes. Kova does not disclose personal information to third parties for their direct-marketing purposes.

13. Where Your Data Is Processed

Kova is operated from the United States, and the Services are intended for users in the United States. We do not market or offer the Services in the European Economic Area, the United Kingdom, or Switzerland, and the Services are not directed to individuals located there. All Kova data is stored and processed in the United States. If you choose to access the Services from outside the United States, you do so on your own initiative and are responsible for compliance with your local laws.

14. Apple App Store Disclosures

The data types we collect map to App Store Privacy Labels as follows: Contact Info (Email Address, linked to you, App Functionality); User Content (Other — airline, priority code, watchlist, community contributions, boarding-pass-derived fields, linked to you, App Functionality); Identifiers (User ID, Device ID, linked to you, App Functionality); Location (Coarse from IP, Precise only when you turn on Get Me Home, linked to you, App Functionality); Diagnostics (Crash and Performance Data, not linked to you after PII scrubbing, App Functionality); Usage Data (Product Interaction, linked to you, Analytics and Product Personalization). The iOS app does not sell subscriptions or process in-app purchases, and we therefore do not declare a Purchases category. We do not declare anything under “Data Used to Track You.” The app does not show an App Tracking Transparency prompt because we do not engage in tracking as Apple defines it. Our iOS bundle ships a PrivacyInfo.xcprivacy manifest declaring required-reason API usage and the data categories above.

15. Third-Party Links and Integrations

The Services may contain links to third-party websites or integrate with third-party services (for example, an “Open in Apple Wallet” deep link, or a Stripe-hosted checkout page). Those services have their own privacy policies; we are not responsible for their practices. We encourage you to read them before interacting.

16. Cookies and Similar Technologies

On flykova.com and related web pages, we and our service providers use a small number of cookies and similar local-storage technologies. We use only the categories listed below.

  • Strictly necessary. Required to operate the site — for example, to keep you signed in, to remember your subscription state across pages, and to protect against cross-site request forgery. These cannot be disabled without breaking the site.
  • Functional / preference. Remember your choices, such as theme, last-viewed origin airport, or whether you have dismissed an in-product banner.
  • Diagnostics. A small amount of anonymous error and performance information, used to detect and fix bugs.

We do not use advertising or cross-site tracking cookies, we do not allow third-party advertisers to set cookies on flykova.com, and we do not participate in any cross-context behavioral advertising network. The iOS app does not use web cookies; it uses local on-device storage and an authenticated session token.

You can control cookies through your browser settings. Most browsers let you block all cookies, block third-party cookies, or delete cookies on exit. Blocking strictly-necessary cookies will prevent core features (sign-in, subscriptions) from working. We honor browser-level Global Privacy Control (GPC) signals as an opt-out request as described in Section 5.

17. California Notice at Collection

At or before collection, California residents are informed: we collect the categories of personal information described in Section 2 (identifiers, customer records, commercial information, internet/network activity, geolocation, professional information, sensitive personal information, inferences, user content), for the purposes described in Section 3 (providing the Services, verification and fraud prevention, model improvement, communications, diagnostics, legal compliance), and we retain it for the periods described in Section 9. We do not sell or share personal information. The full Policy is here.

18. Contact & Privacy Officer

Privacy Officer, Black Bull Capital, LLC (d/b/a Kova) — privacy@flykova.com. For all other inquiries: hello@flykova.com.

19. Changes to this Policy

We review this Policy at least every 12 months. When we make material changes, we will notify you by in-app notice and email at least 30 days before the change takes effect, and we will update the “Last updated” date above. Continued use of the Services after the effective date constitutes acceptance of the revised Policy. We will not retroactively apply a materially different use of personal information to data already collected without obtaining your affirmative consent first.