Skip to content Skip to footer
0 items - $0.00 0
Login
0 items - $0.00 0
Echoeback - Send Messages to Your Future Self
Close
Last updated: February 21, 2026

Privacy Policy

We respect your privacy. Here's exactly what we collect, how we use it, and how we keep it safe.

📋 The Short Version

  • We never sell your data to anyone
  • We never read your private capsules
  • Payments are handled by Stripe — we never see your card number
  • Your data is encrypted at rest (AES-256) and in transit (TLS 1.3)
  • You can delete your account and all data at any time
  • You can opt out of marketing emails anytime

1 What We Collect

Account & Profile Data

  • Registration: Full name, email address, date of birth, and password (stored as a bcrypt hash — never in plain text).
  • Profile: Subscription tier (free, monthly, quarterly, annual, or pro), subscription status, subscription period dates, signup source, and account role (user, partner, or admin).
  • Capsule usage: Video and letter capsules remaining, capsules used this period, and credit reset dates.
  • Age verification: Verification status. If under 18, guardian email and guardian consent status.
  • Preferences: Birthday email opt-out setting, last promo code used, New Year's video claim status.

📝 Letter Capsules

Subject, body text, delivery date, sender name, sender email, recipient name, recipient email, share consent preference.

🎥 Video Capsules

Title, description, video file (AWS S3), file size, duration, delivery date, sender/recipient details, share consent preference.

Payment & Billing

  • Stripe integration: We store your Stripe customer ID and payment intent IDs for transaction tracking. We never store your full card number.
  • Purchases: Transaction amounts, credit type (video or letter), credits purchased, purchase status.
  • Bonus credits: Credit type, credits given, reason, and any associated amount.

Support & Feedback

📩 Contact Form

Name, email, subject, message.

🎫 Support Tickets

Email, subject, message, ticket status.

🐛 Bug Reports

Email, title, description, severity, page URL, screenshot, browser info.

⭐ Reviews

Email, star rating (1–5), review text, source.

Newsletter & Mailing List

  • Email address, subscription status (subscribed, unsubscribed, or bounced), signup source, and the page where you subscribed.

B2B & Partner Data

  • Company name, contact email, account type (influencer, school, coach, enterprise, or reseller), referral code, revenue share percentage, and CSV import records.

Usage & Analytics

  • IP address, browser type, operating system, pages visited, timestamps, session duration.
  • Collected via PostHog and Google Analytics — anonymized, no personal identifiers.

2 How We Use It

  • Run the service: Store your capsules, schedule and execute deliveries, manage your profile and subscription, track capsule credits.
  • Communicate with you: Delivery confirmations, subscription alerts, support ticket responses, and marketing emails (opt-in only via mailing list).
  • Process payments: Handle billing through Stripe, manage subscription renewals, process single credit purchases, issue bonus credits.
  • Content moderation: Review shared capsules through our content review queue before public display. Private capsules are never reviewed.
  • Fraud prevention: Detect abuse, prevent unauthorized access, enforce age verification.
  • Improve EchoeBack: Analyze bug reports, beta feedback, and analytics to fix issues and build better features.

3 Who We Share With

🛡️ We do not sell your data. We only share information with services that help us operate EchoeBack.

💳 Stripe

Payment processing. PCI DSS compliant. Receives payment tokens and transaction amounts.

☁️ Amazon Web Services

Video file storage (S3 encrypted buckets) and email delivery (SES).

🗄️ Supabase

PostgreSQL database hosting with Row Level Security. All queries scoped to your user ID.

📊 PostHog / Google Analytics

Anonymized usage data only. No personal identifiers shared.

We may also disclose data if required by law (court orders, subpoenas), or during a business transfer such as a merger or acquisition under confidentiality obligations.

4 Cookies

  • Essential cookies: Supabase auth session tokens. Required — can't be turned off.
  • Analytics cookies: PostHog and Google Analytics — anonymous usage data.
  • Preference cookies: Display settings and email opt-out preferences. Optional.

Manage cookies in your browser settings. Disabling essential cookies will require you to log in again each visit.

5 How Long We Keep Your Data

✅ While Active

All profile data, capsules, videos, letters, and subscription records are retained.

🗑️ After Deletion

All capsules, videos, letters, and profile data permanently erased. Email, name, and deletion reason are logged.

  • Payment records: Transaction records, purchase history, and bonus credit logs kept up to 10 years for tax and legal compliance.
  • Mailing list stats: Daily subscriber counts (total, active, unsubscribed, bounced) kept for aggregate reporting — no personal data.
  • Audit logs: B2B administrative actions logged with actor ID, action type, and metadata for accountability.

6 How We Protect Your Data

  • AES-256 encryption for all data stored at rest
  • TLS 1.3 for all data in transit between your device and our servers
  • Row Level Security (RLS) on Supabase/PostgreSQL — every query scoped to your authenticated user ID
  • Encrypted S3 buckets for video files, accessible only via time-limited signed URLs
  • bcrypt password hashing with salt — your password is never stored or transmitted as text
  • Supabase Auth manages sessions with secure, httpOnly JWT tokens

🔒 No system is 100% secure, but we take every reasonable step to protect your data. See our Security page for full technical details.

7 Your Rights

You have full control over your data:

  • See your data: Request a full export of your profile, capsules, letters, videos, transactions, and support tickets.
  • Fix your data: Update your name, email, date of birth, and profile details from your dashboard.
  • Delete your data: Request complete account deletion. All capsules, videos, letters, and profile data permanently removed.
  • Stop marketing emails: Unsubscribe from the mailing list anytime. Your status will be set to "unsubscribed."
  • Opt out of birthday emails: Toggle the birthday email opt-out setting in your profile.
  • Manage cookies: Control non-essential analytics and preference cookies in your browser.

Email support@echoeback.com to exercise any of these rights. We respond within 30 days.

8 Content Sharing & Moderation

If you enable "share consent" on a video or letter, your content enters our content review queue before it appears publicly. During review, we see sender name, letter subject/body (or video title/duration).

🔐 Private capsules (share consent = off) are never reviewed, accessed, or displayed. They remain entirely between you and your recipient.

9 Age Requirement

EchoeBack is for users 13 and older. We verify age during signup via date of birth. Users aged 13–17 require a guardian's email and explicit guardian consent before full account activation. If you believe someone under 13 has an account, contact us at support@echoeback.com and we'll delete it immediately.

10 Links to Other Sites

We may link to third-party websites. We're not responsible for their privacy practices — check their own policies before sharing information with them.

11 Policy Updates

We may update this policy from time to time. We'll update the date at the top. For major changes, we'll also email you via your registered email. Continuing to use EchoeBack after an update means you accept the new policy.

12 Contact Us

Questions about your privacy or your data? Reach out anytime:

Email: support@echoeback.com
Company: EchoeBack LLC
Data requests: Responded within 30 days

Your privacy is our priority. Questions? We're here to help.

Contact Support