At EchoEvolve, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.
Key Points:
- We collect only the information necessary to provide our services
- We never sell your personal data to third parties
- You have control over your data and can request deletion at any time
- We use industry-standard security measures to protect your information
1. Information We Collect
1.1 Information You Provide to Us
When you use our Service, we collect information that you voluntarily provide:
- Account Information: Name, email address, password (encrypted), company name, phone number
- Business Information: Business name, business location, business category, Google Business Profile details
- Payment Information: Processed securely by Paddle (our payment processor). We do not store your credit card information on our servers
- Communication Data: Messages you send us through contact forms, support emails, or chat features
- Feedback and Surveys: Responses to surveys, testimonials, or feedback requests
1.2 Information Automatically Collected
When you access our Service, we automatically collect certain information:
- Usage Data: Pages visited, features used, time spent on the Service, referring URLs
- Device Information: IP address, browser type and version, device type, operating system
- Cookies and Similar Technologies: We use cookies to enhance your experience and analyze usage patterns (see Section 7)
- Log Data: Server logs that include IP address, timestamps, and access records
1.3 Information from Third-Party Sources
We collect publicly available business data from:
- Google Places API: Competitor business information, ratings, reviews, location data, photos
- Payment Processor (Paddle): Transaction status, payment confirmation, customer location for tax purposes
2. How We Use Your Information
We use the information we collect for the following purposes:
| Purpose |
Description |
| Service Provision |
Generate competitor analysis reports, provide dashboard access, enable multi-location management |
| Account Management |
Create and manage your account, authenticate your identity, process registrations |
| Payment Processing |
Process payments, issue invoices, handle refunds, prevent fraud |
| Communication |
Send report delivery emails, account notifications, customer support responses, marketing emails (with consent) |
| Service Improvement |
Analyze usage patterns, improve features, develop new products, fix bugs |
| Marketing |
Send newsletters, product updates, promotional offers (you can opt-out anytime) |
| Security |
Protect against fraud, detect and prevent security threats, enforce our Terms of Service |
| Legal Compliance |
Comply with legal obligations, respond to lawful requests, protect our rights |
3. Legal Basis for Processing (GDPR Compliance)
If you are located in the European Economic Area (EEA), we process your personal data based on the following legal grounds:
- Consent: You have given explicit consent for us to process your personal data for specific purposes (e.g., marketing emails)
- Contract: Processing is necessary to fulfill our contract with you (e.g., delivering reports you purchased)
- Legitimate Interests: Processing is necessary for our legitimate interests (e.g., improving our Service, fraud prevention), provided your rights do not override these interests
- Legal Obligation: Processing is necessary to comply with legal requirements (e.g., tax reporting)
4. How We Share Your Information
We do not sell, rent, or trade your personal information. We may share your information in the following circumstances:
4.1 Service Providers
We share information with trusted third-party service providers who assist us in operating our Service:
- Paddle: Payment processing, transaction management, tax calculation
- Google Cloud Platform: Data from Google Places API for competitor analysis
- Email Service Providers: Sending transactional and marketing emails
- Cloud Hosting: Railway, Vercel, GCP - for hosting our infrastructure
- Analytics Providers: Google Analytics (anonymized data) for usage analysis
- AI Services: OpenAI or Anthropic for generating AI-powered recommendations
These providers are contractually obligated to protect your data and may only use it to provide services to us.
4.2 Business Transfers
If EchoEvolve is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.
4.3 Legal Requirements
We may disclose your information if required to do so by law or in response to:
- Valid legal requests from law enforcement or government authorities
- Court orders, subpoenas, or legal processes
- Protection of our rights, property, or safety, or that of our users or the public
4.4 With Your Consent
We may share your information for any other purpose with your explicit consent.
5. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
- Account Data: Retained while your account is active and for 90 days after account closure (to allow reactivation)
- Transaction Records: Retained for 7 years for tax and accounting purposes
- Marketing Data: Retained until you unsubscribe or request deletion
- Usage Logs: Retained for 12 months for security and analytics purposes
- Generated Reports: Premium reports retained for 12 months; free reports for 30 days (unless saved by user)
After the retention period, we will securely delete or anonymize your personal information.
6. Your Rights and Choices
You have the following rights regarding your personal information:
6.1 Access and Portability
- Right to Access: Request a copy of the personal data we hold about you
- Right to Portability: Receive your data in a structured, commonly used format
6.2 Correction and Deletion
- Right to Rectification: Correct inaccurate or incomplete personal information
- Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
6.3 Restriction and Objection
- Right to Restrict Processing: Limit how we use your data in certain circumstances
- Right to Object: Object to processing based on legitimate interests or for direct marketing
6.4 Consent Withdrawal
- Right to Withdraw Consent: Withdraw consent for data processing at any time (does not affect past processing)
6.5 Marketing Communications
- Opt out of marketing emails by clicking "Unsubscribe" in any email or updating your account preferences
- Transactional emails (receipts, reports) cannot be opted out of while you use the Service
6.6 How to Exercise Your Rights
To exercise any of these rights, contact us at privacy@echoevolve.com. We will respond within 30 days.
7. Cookies and Tracking Technologies
7.1 What Are Cookies?
Cookies are small text files stored on your device that help us provide and improve our Service.
7.2 Types of Cookies We Use
| Cookie Type |
Purpose |
Duration |
| Essential Cookies |
Required for the Service to function (login, security) |
Session or 1 year |
| Performance Cookies |
Analyze how visitors use the Service (Google Analytics) |
2 years |
| Functional Cookies |
Remember your preferences (language, location) |
1 year |
| Marketing Cookies |
Track visits across websites for advertising (optional) |
1-2 years |
7.3 Managing Cookies
You can control cookies through your browser settings. Note that disabling essential cookies may affect Service functionality.
- Chrome: Settings > Privacy and security > Cookies
- Firefox: Settings > Privacy & Security > Cookies
- Safari: Preferences > Privacy > Cookies
8. Data Security
We implement industry-standard security measures to protect your personal information:
- Encryption: Data transmitted over HTTPS (SSL/TLS), passwords hashed using bcrypt
- Access Controls: Limited employee access, role-based permissions
- Secure Infrastructure: Hosted on secure platforms (Railway, Vercel, GCP)
- Regular Updates: Software patches and security updates applied promptly
- Monitoring: Continuous monitoring for suspicious activity
- Backup and Recovery: Regular automated backups
However, no method of transmission over the internet is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.
9. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence, including Egypt, United States, and European Union countries where our service providers are located.
These countries may have different data protection laws than your country. We ensure appropriate safeguards are in place through:
- Standard Contractual Clauses approved by the European Commission
- Compliance with GDPR requirements for international transfers
- Contractual obligations with service providers to protect your data
10. Children's Privacy
Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18.
If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information. If you believe we have collected information from a child, please contact us at privacy@echoevolve.com.
11. Third-Party Links
Our Service may contain links to third-party websites or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
We encourage you to review the privacy policy of every site you visit.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons.
We will notify you of any material changes by:
- Posting the new Privacy Policy on this page
- Updating the "Last Updated" date
- Sending an email notification (for significant changes)
Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.
13. Compliance with Laws
We comply with applicable data protection laws, including:
- GDPR: EU General Data Protection Regulation
- CCPA: California Consumer Privacy Act (for California residents)
- Egyptian Data Protection Law: Law No. 151 of 2020
14. Contact Us
Your Privacy Matters
We are committed to protecting your privacy and being transparent about our data practices. If you have concerns about how your data is being handled, please don't hesitate to reach out.