Privacy Policy

Last Updated: 28.05.2025

1. Introduction

Welcome to Echo! This Privacy Policy explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and relevant German data protection laws. By using theechoapp.co, you agree to the practices described in this policy.

Data Controller:
Sebastian Städler
Blumenstraße 3a
96450 Coburg
Contact Email: s.staedler05@gmail.com

2. Data We Collect

2.1 Personal Information Provided by You

We collect personal information that you voluntarily provide to us when you register on the Echo platform, express an interest in obtaining information about us or our products and services, when you participate in activities on the platform or otherwise when you contact us.

The personal information that we collect depends on the context of your interactions with us and the platform, the choices you make and the products and features you use. The personal information we collect may include the following:

• Email Address
• Name
• Age
• Gender

2.2 Automatically Collected Information

We automatically collect certain information when you visit, use or navigate the platform. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our platform and other technical information. This information is primarily needed to maintain the security and operation of our platform, and for our internal analytics and reporting purposes.

Specifically, we may collect:

• Log and Usage Data: Log and usage data is service-related, diagnostic, usage and performance information our servers automatically collect when you access or use our platform and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type and settings and information about your activity in the platform (such as the date/time stamps associated with your usage, pages and files viewed, searches and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called 'crash dumps') and hardware settings). (Prospective)
• Device and Browser Data: IP address, browser type, operating system, usage patterns, access times, and interactions with the platform.
• Cookies: Files stored on your device to enhance your user experience.
• Interaction Data: entries and topics visited, clicks, and session durations.
• Metadata: Such as location, time of created entries, etc. (Prospective)

3. Legal Basis for Data Processing

We process personal data in compliance with Art. 6 GDPR based on:

• Consent (Art. 6 para. 1 lit. a GDPR): For user registration, personalized recommendations, algorithm training, marketing, and communication.
• Contractual Necessity (Art. 6 para. 1 lit. b GDPR): To fulfill user requests or agreements, and for the prospective subscription model.
• Legitimate Interests (Art. 6 para. 1 lit. f GDPR): For website optimization, user analytics, improving our algorithms, security and functionality improvements.
• Legal Obligations (Art. 6 para. 1 lit. c GDPR): To comply with applicable German and EU laws.

4. How We Use Your Data

We use collected data for the following purposes:

• To provide and improve platform functionality.
• To manage user registrations and respond to inquiries.
• To provide personalized recommendations and train our algorithms.
• To improve our algorithms using metadata (prospective).
• To analyze platform usage and optimize performance.
• To send updates or marketing materials (with prior consent).
• To implement a subscription model (prospective).
• To collect logs and IP addresses for security and functionality improvement (prospective).
• To comply with regulatory and legal obligations.

5. Cookies and Tracking

5.1 What Are Cookies?

Cookies are small text files stored on your device to enhance your browsing experience.

5.2 Types of Cookies We Use:

• Essential Cookies: Required for platform operation.
• Analytics Cookies: Track user behavior for platform optimization.
• Preference Cookies: Store user preferences for a personalized experience.

5.3 Managing Cookies:

You can manage or disable cookies through your browser settings. Be aware that disabling cookies may limit certain platform functionalities.

6. Data Sharing and Transfer

Your data is not sold or rented to third parties. However, we may share it with the following third-party service providers to facilitate our services:

• Google Gemini API: For AI-powered features and processing.
• Hetzner: For server hosting.
• Auth0: For authentication and user management.
• MongoDB Cloud: For database hosting.
• Qdrant: For embedding storage and similarity search.
• Legal Authorities: When required by law or in compliance with German legal obligations.

All third-party services are selected carefully and are expected to comply with GDPR and ensure secure data handling. We will implement appropriate data processing agreements where necessary.

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy, or as required by law. For example, data used for algorithm training may be retained as long as it is beneficial for improving our services, while respecting your rights. Once no longer needed, data is securely deleted in compliance with GDPR and German Federal Data Protection Act (BDSG) requirements.

8. User Rights

As a user of Echo, you are entitled to the following rights under the General Data Protection Regulation (GDPR):

• Right of Access (Art. 15 GDPR): You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and relevant information.
• Right to Rectification (Art. 16 GDPR): You have the right to obtain the rectification of inaccurate personal data concerning you without undue delay.
• Right to Erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data. Upon such a request, we will permanently erase your data from our systems, provided there is no legal obligation or overriding legitimate interest to retain it.
• Right to Restriction of Processing (Art. 18 GDPR): You have the right to request the restriction of processing your personal data under certain conditions.
• Right to Data Portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance.
• Right to Object (Art. 21 GDPR): You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you.
• Right to Lodge a Complaint (Art. 77 GDPR): If you believe that the processing of your personal data violates GDPR, you have the right to lodge a complaint with a supervisory authority in your country of residence or where the alleged violation occurred. The responsible supervisory authority for us is generally the Bavarian State Office for Data Protection Supervision (Bayerisches Landesamt für Datenschutzaufsicht - BayLDA).

Data Deletion Process

If you choose to delete your Echo profile or account, please be aware of the following:

• Soft Deletion: When you delete your Echo profile or account, your data will be deactivated and no longer accessible to you or others. However, we retain your data for 90 days to prevent fraudulent activity, ensure security, and allow for account recovery in case of accidental deletion.
• Permanent Deletion: After the 90-day retention period, your data will be permanently erased from our systems unless required for legal compliance, dispute resolution, fraud prevention, or enforcing our Terms of Service.
• Legal Basis for Retention: Our retention of data for 90 days is based on our legitimate interests.

9. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information. If you become aware that a child has provided us with personal information, please contact us at s.staedler05@gmail.com.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us:

By email: s.staedler05@gmail.com
By mail: Sebastian Städler, Blumenstraße 3a, 96450 Coburg