Privacy Policy

Last updated: April 26, 2026

1. Overview

This Privacy Policy explains what information ECHOsenses collects, how we use it, who we share it with, and your rights. By using ECHOsenses you agree to this policy.

2. Information We Collect

Account information: email address, authentication identifiers, and license key.

Payment information: handled directly by our payment processors (Razorpay, Skydo, or successor). We do not store your full card or bank details — only the transaction reference, last-4 digits, and amount.

Usage data: session start/end timestamps, total minutes consumed, device identifier (for one-device-per-license enforcement), application version, and aggregate error logs.

Audio & transcription: when you start a session, audio captured by your device is sent to our cloud transcription provider in real time. Transcripts are returned to your local app and may be stored temporarily on your device for the duration of the session. We do not retain audio or transcripts on our servers after the session ends.

AI prompts & responses: the question text generated from your transcript is sent to our AI proxy and forwarded to a model provider (e.g. Groq). We log the request count, token usage, and latency for billing and abuse prevention. We do not retain the full prompt or response content beyond what is required for short-term troubleshooting (typically 24 hours).

3. How We Use Information

  • To provide and operate the service (transcription, AI assistance, license validation).
  • To process payments and remit applicable taxes.
  • To enforce one-device-per-license and prevent abuse.
  • To send transactional emails (purchase receipt, refund notice, security alerts).
  • To diagnose bugs and improve product reliability via aggregate metrics.
  • To comply with legal obligations (tax, KYC, lawful requests).

4. Third-Party Service Providers

We rely on a small set of trusted third-party service providers to operate ECHOsenses. These providers are used for the following categories of functions:

  • Cloud hosting & database — to store account data and license records securely.
  • Authentication — to verify your identity at sign-in.
  • Speech-to-text transcription — real-time audio is streamed during your session and is not retained by us after the session ends.
  • AI model inference — to generate the live answer suggestions.
  • Payment processing — to handle purchases, refunds, and tax/compliance reporting.
  • Transactional email delivery — for receipts and account notifications.

Each provider is bound by a data-processing agreement appropriate to its function and operates under its own privacy policy. We do not sell your data to any third party and we share only the minimum information each provider needs to deliver its specific function. The list of providers may change over time as we evaluate quality, performance, and compliance; current providers can be disclosed on written request to the contact email below.

5. Data Retention

  • Account & license records: retained while your account is active and up to 7 years thereafter for tax/audit purposes.
  • Payment receipts: retained for 7 years per Indian accounting law.
  • Audio: not stored beyond session lifetime.
  • Transcript & AI request logs: deleted within 24 hours unless flagged for abuse review.
  • Server-side error logs: retained 30 days.

6. Your Rights

Depending on your jurisdiction (GDPR, India DPDP, CCPA, etc.) you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and personal data (subject to legal retention requirements above).
  • Object to or restrict processing.
  • Port your data in a machine-readable format.
  • Withdraw consent at any time.

To exercise any right, email echosensessupport@gmail.com. We respond within 30 days.

7. Cookies & Local Storage

The website uses minimal cookies / localStorage only for: keeping you logged in, remembering UI preferences, and basic anonymous analytics. We do not use third-party advertising trackers.

8. Security

Communication between the app and our backend is encrypted (HTTPS/WSS). License keys are HMAC-signed. Payments are PCI-DSS compliant via the gateway. We follow industry-standard practices, but no system is 100% secure — promptly notify us of any breach you suspect.

9. Children

ECHOsenses is not directed at children under 16. We do not knowingly collect data from minors. If you believe we have, contact us to remove it.

10. International Transfers

Our backend operates globally; your data may be processed in countries other than your own (United States, India, EU). We rely on standard contractual clauses and provider commitments to ensure adequate protection.

11. Changes

We may update this policy. Material changes will be emailed to active users at least 7 days before taking effect. The "Last updated" date reflects the most recent change.

12. Contact

Privacy questions or rights requests: echosensessupport@gmail.com