GDPR Compliant

GDPR Compliance

Echoes is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR).

Right to Access

Request a copy of all personal data we hold about you.

Right to Portability

Export your data in a machine-readable format.

Right to Rectification

Request correction of inaccurate personal data.

Right to Erasure

Request deletion of your personal data.

Our Commitment

Echoes is fully committed to GDPR compliance. We have implemented comprehensive measures to ensure that the personal data of our users and their customers is processed lawfully, fairly, and transparently.

Data We Process

As a feedback management platform, we process two types of data:

Account Data

Your email, name, and account settings when you sign up for Echoes.

Feedback Data

User feedback submitted through your applications, which may include user identifiers you choose to send.

Legal Basis for Processing

Contract: Processing necessary to provide our services to you.
Legitimate Interest: Analytics and service improvement with appropriate safeguards.
Consent: Marketing communications, only when you opt-in.
Legal Obligation: When required by law (e.g., tax records).

Data Location & Transfers

Your data is stored on servers located in the European Union. If any data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

Data Protection Measures

Encryption of data in transit (TLS 1.3) and at rest (AES-256)
Regular security audits and penetration testing
Access controls and authentication for all systems
Employee training on data protection
Incident response procedures

Data Retention

We retain your data only for as long as necessary to provide our services. When you delete your account, we delete your personal data within 30 days, except where we are legally required to retain it. Feedback data associated with deleted accounts is anonymized.

Sub-processors

We use the following third-party services to process data on our behalf:

AWS

Hosting and infrastructure

Neon

Database hosting

Resend

Transactional emails

Exercising Your Rights

To exercise any of your GDPR rights, you can:

Use the self-service options in your account settings
Contact us at privacy@echoes.sh

We will respond to your request within 30 days.

Data Protection Officer

For any questions or concerns about our data processing practices, please contact our Data Protection Officer at dpo@echoes.sh

Supervisory Authority

If you are not satisfied with our response to your request or believe we are processing your data unlawfully, you have the right to lodge a complaint with your local data protection supervisory authority.