Privacy Policy

1. Introduction

EchoLog ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, name, and authentication data
• Entry Content: Text entries, voice recordings, and any attachments you upload
• Witness Information: Names and email addresses of witnesses you invite
• Payment Information: Processed securely through Stripe; we do not store credit card numbers

2.2 Information Collected Automatically

• Usage Data: Features used, time spent, and interaction patterns
• Device Information: Browser type, operating system, and device identifiers
• Log Data: IP addresses, access times, and pages viewed

3. How We Use Your Information

We use your information to:

• Provide and maintain the Service
• Process your entries with AI for fact extraction and analysis
• Generate PDF reports and exports
• Send witness invitations on your behalf
• Process payments and manage subscriptions
• Improve and personalize the Service
• Communicate with you about updates and support
• Detect and prevent fraud or abuse

4. AI Processing

Your entries are processed using third-party AI services (Anthropic Claude and OpenAI). We take the following precautions:

• Data is transmitted securely using encryption
• We use API agreements that prohibit training on your data
• AI providers do not retain your data after processing
• You can opt out of AI processing (with limited functionality)

5. Data Security

We implement industry-standard security measures:

• 256-bit AES encryption for data at rest
• TLS 1.3 encryption for data in transit
• Regular security audits and penetration testing
• Access controls and authentication requirements
• Secure cloud infrastructure (SOC 2 compliant)

6. Data Retention

We retain your data as follows:

• Active Accounts: Data is retained while your account is active
• Deleted Entries: Soft-deleted for 30 days, then permanently removed
• Closed Accounts: Data deleted within 90 days of account closure
• Legal Requirements: Some data may be retained longer if required by law

7. Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate data
• Deletion: Request deletion of your data
• Export: Download your data in a portable format
• Restriction: Limit how we process your data
• Objection: Object to certain types of processing

To exercise these rights, contact us at privacy@echolog.app

8. Data Sharing

We do NOT sell your personal data. We may share data with:

• Service Providers: Cloud hosting, payment processing, AI services
• Legal Requirements: When required by law or legal process
• Your Direction: When you explicitly authorize sharing (e.g., witness invitations)

9. International Transfers

Your data may be processed in countries outside your residence. We ensure appropriate safeguards are in place, including Standard Contractual Clauses for EU data transfers.

10. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or through the Service.

12. Contact Us

For privacy-related questions or concerns:

• Email: privacy@echolog.app
• Data Protection Officer: dpo@echolog.app