echo

EN

(app)

Privacy Policy

This privacy policy is applicable to the Echo app (hereinafter referred to as "Application") for mobile devices, which was developed by Krom (hereinafter referred to as "Service Provider") as a free service. This service is provided "AS IS".

What information does the Application obtain and how is it used?

User Provided Information

To use the Application, you are required to create an account with your email address, and password. Email addresses need to be verified through an email verification link that is sent to the user. A name has to be submitted as well, but users are free to decide to use their actual name or a different username. Registration is mandatory; the Application cannot be used without creating an account.

Within the Application, you can create personal reflections and optionally share them with other users. These reflections are stored securely and are only accessible to you (by default) and the people you optionally choose to share them with.

The Service Provider may use the information you provide to contact you with important updates or notices related to your account or the Application.

Automatically Collected Information

The Application does not automatically collect personal data such as device identifiers, IP addresses, usage statistics, analytics, crash reports, or performance data.

All data stored in the Application are provided directly by you — including your name, email address, password, and any reflections you create and share within the Application.

This Application does not collect or use any precise or approximate information about the location of your mobile device.

Third Party Access

The Application uses trusted third-party services to operate and maintain its functionality:

  • Vercel hosts the Application’s backend services.
  • DigitalOcean stores the Application’s database and storage content (such as reflections and attached media).
  • Firebase Authentication is used to securely verify user accounts.

These third-party service providers only process the information on behalf of the Service Provider, strictly under the Service Provider’s instructions, and do not use your data for any independent purposes, including marketing. These providers implement industry-standard security measures to protect your information.

The Service Provider may also disclose user information to comply with applicable law, legal processes, or governmental requests, or to protect the rights, property, or safety of the Service Provider, its users, or others. No other third parties have access to your personal information, and the Service Provider does not sell or share your information for marketing purposes.

Where data is stored

The application’s database and storage is supplied by DigitalOcean, exclusively on servers based in the EEA (in Amsterdam, specifically).

Firebase Authentication is provided by Google, which may process data outside the EEA. However, Firebase is used exclusively for account verification and does not process reflections, user profiles, or any other app content.

Deleting your account and data

You can permanently delete your account and all associated data directly within the Application. If you need assistance, you can contact support@thisisecho.app.

Children

The Application is not intended for children under 13 and does not knowingly collect personal information from them. Users must be at least 16 years old to consent to the processing of their personal data, unless parental consent is provided where required by law. If you believe a child has provided personal information through the Application, please contact support@thisisecho.app so that we can take appropriate action.

Security

The Service Provider is committed to safeguarding the confidentiality of your information. We implement procedural and electronic measures to protect the data we process, including limiting access to authorized employees and contractors who need it to operate, develop, or improve the Application.

We rely on trusted third-party providers, such as Vercel and DigitalOcean, to maintain the physical security of the servers and infrastructure used to store and process your data.

Access to data is role based. Others, including other users both with regular user accounts and coach accounts, are not able to look at your profile or your reflections, unless you explicitly share it with them yourself. When you add a user as a connection, your share only your name and email address with them, so the invitee can verify who you are. Your reflections are only shared with an individual when you choose to do so for any single reflection.

While we strive to provide reasonable security, no system can guarantee complete protection against all potential security breaches.

Changes to This Privacy Policy

The Service Provider may update this Privacy Policy from time to time. Updated versions will be posted on this page, and you will be notified within the Application when significant changes are made. Continued use of the Application constitutes acceptance of any changes.

This Privacy Policy is effective as of 22-10-2025.

The last update was made on 18-03-2026. This update includes more information on security measures, but no actual changes in policy.

Your Consent

By using the Application, you consent to the Service Provider’s processing of your information as described in this Privacy Policy, and you agree to the Terms & Conditions. “Processing” refers to collecting, storing, using, sharing, and deleting information within the Application.

Contact Us

If you have any questions or suggestions about this Privacy Policy or about how your information is handled in the Application, please contact us at support@thisisecho.app. We will respond as soon as possible.