Privacy Policy

Echo Agent (“Echo”, “we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

1. Information We Collect

1.1 Information you provide

Account information: Name, email address, phone number, business name, business address, and password when you create a service provider account.
Business profile: Services offered, pricing rules (hourly rates, call-out fees), working hours, business category, and booking page slug.
Customer information: When customers use your booking page, we collect their name, phone number, email address, and (if applicable) service address.
Voice recordings: When you or your customers use the voice input feature, audio is temporarily processed for transcription. We do not store raw audio after transcription is complete.
Job and invoice data: Booking details, job descriptions, line items, time tracking entries, invoice amounts, and payment status.
Project data: Project descriptions, scope items, uploaded documents (PDFs, images), progress claims, and stakeholder approval records.
Payment information: Payment card details are collected and processed directly by our PCI-compliant payment processor. We do not store full card numbers on our servers.
Team member information: Names, email addresses, and roles of team members you invite.
Communications: Messages you send through our contact form or support channels.

1.2 Information collected automatically

Device and browser information: IP address, browser type, operating system, and device identifiers.
Usage data: Pages visited, features used, actions taken, and timestamps.
Location data: Approximate location derived from IP address. Precise location (latitude/longitude) from your business address for travel distance calculations.
Timezone: Detected from your browser to display bookings in the correct local time.
Cookies: Session cookies for authentication and preferences. We do not use third-party advertising cookies.

2. How We Use Your Information

We use the information we collect to:

Provide our services: Process bookings, generate AI-powered quotes, create invoices, manage jobs, and facilitate payments.
AI features: Your job descriptions and pricing rules are sent to enterprise-grade AI providers to generate itemized quotes. Voice recordings are processed by speech-to-text services for transcription. We use enterprise accounts with strict data processing agreements and do not permit providers to use your data for model training.
Notifications: Send booking confirmations, reminders, invoice delivery, and other transactional messages via WhatsApp and email.
Calendar integration: If you connect Google Calendar, we sync bookings to your calendar and receive push notifications about calendar changes.
Payments: Process subscription payments and facilitate customer payments through our payment processor.
Referral programme: Track referral attributions and calculate referral rewards.
Improve our platform: Analyse usage patterns to improve features, fix bugs, and develop new capabilities.
Support: Respond to your enquiries and provide customer support.
Compliance: Meet legal obligations, enforce our terms, and protect against fraud.

3. How We Share Your Information

We share your information only in these circumstances:

With your customers: Your business name, services, availability, and booking page are publicly visible. Customer-facing invoices include your business details and bank information (if you provide it).
Service providers (sub-processors):
- Database & authentication: Enterprise cloud database hosting with row-level security
- Payments: PCI DSS Level 1 certified payment processing
- AI services: Enterprise-grade AI providers for quote generation and voice transcription (we may rotate between multiple providers)
- Notifications: Enterprise messaging services for WhatsApp and SMS delivery
- Maps & calendar: Location and calendar integration services
- Hosting: Enterprise application hosting infrastructure
Project stakeholders: When you send quotes or claims for approval, the recipient receives a token-authenticated link to view relevant project details.
Legal requirements: When required by law, court order, or government request.
Business transfers: In connection with a merger, acquisition, or sale of assets.

We do not sell your personal information to third parties.

4. Voice Data and AI Processing

Echo uses voice input features throughout the platform. When you record audio:

Audio is transmitted to enterprise-grade speech-to-text services for transcription.
The transcribed text may be further processed by AI services to generate structured outputs (e.g., quote line items).
We do not retain raw audio recordings after transcription is complete.
All AI providers are contracted under enterprise agreements with strict data processing terms. Your data is not used to train AI models.
We may rotate between multiple AI providers to ensure reliability, performance, and cost-effectiveness.

5. Data Retention

Active accounts: We retain your data for as long as your account is active.
Deleted accounts: When you delete your account, we delete or anonymise your personal data within 30 days, except where retention is required by law (e.g., financial records for tax purposes).
Customer data: Customers can request deletion of their data through the customer portal. On deletion, personal details are anonymised while preserving aggregate booking/invoice records for the provider's accounting.
Voice recordings: Raw audio is not stored beyond the transcription session.
Notification logs: Delivery logs are retained for 90 days for troubleshooting purposes.

6. Data Security

We implement appropriate technical and organisational measures to protect your data:

All data is encrypted in transit (TLS 1.2+) and at rest.
Database access is restricted through row-level security policies ensuring data isolation between accounts.
Authentication uses industry-standard protocols (bcrypt password hashing, secure session tokens, OTP verification).
Payment data is handled by PCI DSS Level 1 certified payment processors and never touches our servers.
Admin access requires separate authentication with role-based permissions.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal data we hold about you.
Correct inaccurate or incomplete data.
Delete your personal data (subject to legal retention requirements).
Export your data in a portable format.
Object to certain processing of your data.
Withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at privacy@echo-agent.com.

8. International Data Transfers

Our services are hosted on enterprise cloud infrastructure. If you access our services from outside the regions where our infrastructure is located, your data may be transferred to, stored, and processed in those regions. We ensure appropriate safeguards are in place for such transfers.

9. Children's Privacy

Echo is not directed at children under 16. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us and we will delete it promptly.

10. Cookies

We use the following types of cookies:

Essential cookies: Required for authentication and core functionality. Cannot be disabled.
Preference cookies: Store your timezone, language, and display preferences.

We do not use advertising or tracking cookies. We do not share cookie data with third parties.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on our platform or sending you an email. Your continued use of Echo after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: privacy@echo-agent.com
Post: Echo Agent, contact details available on request