Privacy Policy

Information We Collect

We collect only what we need to provide you with a safe, meaningful experience. Here is what that includes:

• Account data: your display name, username, email address, bio, and profile picture. If you sign in with Google, we receive your name and email from Google — we never see your Google password.
• Content you create: echoes (up to 280 characters), responses (up to 500 characters), direct messages (up to 1,000 characters), daily check-in answers, resonances, and bookmarks.
• Usage data: how you interact with the app, such as pages visited, features used, and timestamps. This helps us understand what is working and what needs improvement.
• Device information: browser type, operating system, and general location (country or region). We do not track precise geolocation.

How We Use Your Information

Everything we collect serves a clear purpose:

• To provide the service: displaying your profile, publishing your echoes, delivering messages, and powering notifications.
• To keep the community safe: content is reviewed through AI-powered safety checks to prevent harmful or abusive material from reaching others.
• To improve the experience: understanding usage patterns helps us make Echoes more intuitive, reliable, and welcoming.
• To communicate with you: sending magic link emails for sign-in, responding to support tickets, and delivering notifications you have opted into.

How We Store and Protect Your Data

Your data is stored in a PostgreSQL database hosted by Supabase, a trusted infrastructure provider. All data is encrypted in transit using TLS and at rest on Supabase's servers. Access to the database is restricted to authorized systems only, and we follow the principle of least privilege — no one has more access than they need. We regularly review our security practices and update them as the platform grows.

Information Sharing

We work with a small number of trusted services to keep Echoes running. These providers only receive the minimum data necessary to perform their function:

• Supabase: handles authentication (Google OAuth and magic links) and hosts our database. Supabase processes your email and authentication tokens.
• Sentry: captures error reports and performance data so we can find and fix problems quickly. Sentry may receive technical details about your session when an error occurs, but not the content of your echoes or messages.
• AI moderation: echo and response content is sent to an AI service for safety review before publication. This check is automated and the content is not stored by the moderation provider.

We do not sell, rent, or trade your personal information. We do not share your data with advertisers. Echoes has no ads and no intention of introducing them.

Your Rights and Choices

You are in control of your information. Here is what you can do at any time:

• Access and export your data: you can view all your echoes, responses, and profile information directly within the app.
• Delete your account: you may request permanent deletion of your account and all associated data by contacting support.
• Update your profile: change your display name, username, bio, or avatar from your profile settings whenever you like.
• Manage notifications: adjust which notifications you receive from your profile settings.

Cookies and Local Storage

Echoes uses cookies and local storage minimally — only for authentication sessions, language preferences, and theme settings. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies. Your preferences stay on your device.

Children's Privacy

Echoes is not intended for anyone under the age of 13. We do not knowingly collect personal information from children. If we learn that a child under 13 has created an account, we will delete the account and all associated data promptly.

Changes to This Policy

If we make meaningful changes to this policy, we will update the effective date at the top of the page and notify you through the app. We encourage you to review this page from time to time. Continued use of Echoes after a change means you accept the updated policy.

Contact Us

If you have questions about this policy or want to exercise any of your rights, we are here to help. Reach out through our contact page.