Privacy Policy
EchoCircle ("we", "our", "us") is committed to protecting your privacy. This policy explains what personal data we collect and how we use it.
What we collect
We collect the data you provide when creating an account: email address, chosen username, and device push token for notifications. When you trigger an alarm, we record the event timestamp and, if location permission is granted, your GPS coordinates at that moment.
How we use it
Your data is used solely to operate the EchoCircle service: authenticate your account, route alarm notifications to your trusted contacts, and deliver push notifications to their devices. We do not sell, rent, or share your personal data with advertisers or third-party marketers.
Who we share with
We share data only as necessary to deliver the service: with notification providers (Firebase Cloud Messaging) for push delivery, and with Supabase as our infrastructure provider. All processors are bound by data processing agreements. We disclose data to authorities only when legally required.
Data retention
Account data is retained while your account is active. Alarm event logs are kept for 90 days and then automatically deleted. You can request full deletion of your account and all associated data by emailing us.
Your rights
You have the right to access, correct, export, or delete your personal data at any time. To exercise these rights, contact us by email. We respond within 30 days.
Security
All data is transmitted over HTTPS. Passwords are hashed and never stored in plain text. Access to the production database is restricted to authorised personnel only.
Children
EchoCircle is not directed to children under 13. We do not knowingly collect personal information from users under 13. If we become aware of such data, we delete it promptly.
Changes
We may update this policy from time to time. Material changes will be communicated by updating the "Last updated" date at the top of this page. Continued use of the service after changes constitutes acceptance.