Privacy Policy

Information We Collect

Account Information

When you create an account, we collect your email address and password. Your password is securely hashed and never stored in plain text. If you sign in with a third-party provider (such as Google), we receive basic profile information from that provider.

Voice & Conversation Data

When you have a conversation on EchO, your voice is converted to text in real time. We store:

• Text transcriptions of your speech
• AI-generated responses and feedback
• Conversation metadata (topic, duration, your English level)

Voice audio is processed in real time and is not permanently stored as audio files.

Notes & Learning Data

We store notes, saved phrases, review progress, and practice statistics linked to your account.

Usage Information

We collect information about how you interact with our service, including timestamps of conversations, feature usage, and your English level settings.

How We Use Your Information

We use the information we collect to:

• Provide AI-powered conversation practice and real-time feedback
• Generate notes, corrections, and vocabulary highlights
• Power spaced repetition and review features
• Maintain your account and authenticate your access
• Improve our service and user experience
• Respond to your support requests

Third-Party Services

We use trusted third-party services to provide and enhance our service. Your data may be processed by:

Supabase

We use Supabase for authentication, database storage, and user data management. Supabase hosts our data on secure servers with encryption at rest and in transit.

OpenAI

We use OpenAI's services for speech-to-text (Whisper), AI conversation and feedback (GPT-4o), and text-to-speech (TTS). Your conversation text is sent to OpenAI for processing. OpenAI's services are subject to their Privacy Policy.

Data Security

We take reasonable measures to protect your information:

• All data transmission uses HTTPS encryption
• Passwords are hashed using industry-standard algorithms
• Our database is hosted on secure servers with encryption at rest
• Access to user data is restricted to essential operations only

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Your Rights and Choices

Access & Deletion

You can view and delete your conversations, notes, and saved phrases at any time from within EchO. To delete your entire account and all associated data, go to Settings and choose “Delete account”. We will process account deletion requests within 30 days.

California Residents (CCPA)

If you are a California resident, you have rights under the CCPA, including the right to request disclosure of information we collect and the right to request deletion. We do not sell your personal information.

European Residents (GDPR)

If you are in the EEA, you have rights under the GDPR including access, rectification, erasure, restriction, and data portability. Our legal basis for processing is your consent and our legitimate interest in providing the service.

Data Retention

We retain your personal information for as long as your account is active. If you delete your account, we will delete or anonymize your data within 30 days, except where required by law.

Children's Privacy

EchO is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or in-app notice. Your continued use of EchO after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy, please contact us at hello.echoai@gmail.com. We will respond to privacy-related inquiries within 30 days.