Kova security and vendor review packet
Security and vendor review packet for paid pilots and enterprise licenses
This public packet helps procurement, security, and vendor onboarding teams qualify Kova before requesting private diligence, contracting, an order form, or a deposit invoice.
No source code, credentials, private dashboards, raw customer data, or bank details are published here.
Review owners to identify
| Field | Why it matters |
|---|---|
| Security review owner | Routes questions about auth, storage, generation flow, and operational boundaries. |
| Vendor onboarding owner | Handles supplier registration, tax, purchase order, and contract workflow. |
| Data processing or DPA owner | Reviews whether a campaign needs DPA, private diligence, or custom terms. |
| Invoice recipient email | Required before any payable invoice or payment instructions can be prepared. |
| Procurement or vendor path | Clarifies whether PO, vendor registration, tax invoice, or countersignature is required. |
Data processing boundary
Kova uses Firebase Authentication, Firestore, Firebase Functions, RevenueCat, Cloudflare R2-compatible storage, and OpenAI image generation flow.
Purchase and subscription plumbing is handled through RevenueCat and store platforms.
Payment instructions are not published; deposit requests require verified legal entity, invoice recipient, and procurement path.
Current public proof
Public App Store lookup confirms Kova 1.0.3 is available.
Production track [29], release 1.0.18 (29), status completed.
No signed contracts, verified purchase orders, deposits, exit proceeds, or live RevenueCat transactions are counted yet.
The latest 1h and 24h operational snapshots still show no RevenueCat webhook requests. Request logs are usage context only, not revenue or paid conversions.
Do not count as achieved until signed contracts, verified purchase orders, deposits, or exit proceeds exist.