Effective Date - Wed 7 May, 2025
1. Introduction
Welcome to Echo (“Echo,” “we,” “us,” or “our”). At Echo, we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, store, use, and share your personal information when you visit our website (meetecho.io & meetecho.app), use our services (including AI-assisted meeting summaries and calendar integrations), or otherwise communicate with us. It also explains your privacy rights and how the law protects you.
1.1 Who We Are (Data Controller)
Echo is operated by Echo AI Limited, registered at Ridown Building, Fulcrum 2, PO15 7FN, UK. We are registered with the UK Information Commissioner’s Office (ICO) under the application reference C1662006. For the purposes of the UK General Data Protection Regulation (UK GDPR), we are the “data controller” of personal data we collect from you unless we explicitly state otherwise.
However, when our business customers (e.g., enterprise clients) input personal data from their employees, meeting participants, or third parties into Echo, we may act as a “data processor” on behalf of that business customer. In such cases, the business customer remains the primary “data controller,” and you should contact them directly regarding your rights over such data.
1.2 Contact Details
● Email: support@meetecho.io
● Address: Ridown Building, Fulcrum 2, PO15 7FN, UK.
We would appreciate the chance to address any concerns you have about privacy or data protection before you approach the ICO, so please contact us first using the details above. You also have the right to complain at any time to the Information Commissioner’s Office (ICO) at www.ico.org.uk.
1.3 Updates to this Privacy Policy
We may revise this Privacy Policy from time to time. Any changes become effective when we post the updated policy on our website, and the effective date at the top will be updated. If you continue to use our services after changes are posted, it means you agree to the updated policy. We encourage you to review this page periodically for the latest information on our privacy practices.
2. The Data We Collect About You
We only collect personal data that is relevant and limited to what is necessary for our services. We may collect, use, store, and transfer different kinds of personal data grouped as follows:
1. Contact Data: name, email address, phone number, and role at your company (if relevant).
2. Account Data: login credentials, calendar or meeting platform credentials where integrated.
3. Meeting Data: details from your calendar (time, date, participants, description, location) or any other information you input or generate within meetings (e.g., transcripts, recordings, summaries).
4. Usage Data: information about how you use our website, integrations, and services, such as page views, clicks, session times.
5. Technical Data: IP addresses, browser type and version, time zone settings, operating systems, device information.
6. Correspondence Data: any correspondence you send to us (e.g., emails, chat messages) and notes of phone calls if relevant.
We may also create aggregated, anonymized, or de-identified data from the personal data we collect—removing any information that could directly identify you. We may use or share such aggregated data for analytics, service improvement, or business purposes, provided it does not identify you personally.
3. How We Collect Personal Data
We use different methods to collect data from and about you, including:
1. Direct Interactions: You may provide personal data by filling in forms on our website, creating an Echo account, integrating your calendar, or by corresponding with us by email, phone, or otherwise.
2. Automated Technologies: As you interact with our website or use our service, we may automatically collect Technical Data through cookies or similar technologies.
3. Third-Party Integrations: When you integrate Echo with services like Google Calendar, Zoom, Microsoft Teams, etc., we receive data from those services. The scope of data access is based on the permissions you grant during integration.
4. How We Use Your Personal Data
We will only use your personal data where we have a lawful basis under the UK GDPR or other applicable laws. This typically includes:
1. Contractual Necessity: To provide Echo’s services in accordance with our Terms & Conditions (e.g., generating meeting summaries, sending recaps to participants, scheduling events).
2. Consent: Where you explicitly consent to certain data processing activities, such as sending you marketing communications.
3. Legitimate Interests: Where our legitimate interests (or those of a third party) do not override your fundamental rights and freedoms. For example, we might process limited usage data to prevent fraud, enhance security, or improve our services.
4. Legal Obligation: Where we need to comply with a legal or regulatory obligation (e.g., responding to lawful government requests).
If we process your personal data as a data processor (e.g. on behalf of clients), we will ensure that we have the necessary provisions in place, including the use of Data Processing Agreements (DPAs) where necessary.0
If you have questions about or need details on the specific legal ground we rely on for any particular processing, please contact us.
5. Data Sharing with AI Models
5.1 What Data Is Shared
To provide AI-assisted categorisation, note-taking, summarisation, or audio transcription, Echo may use third-party AI or machine-learning service providers. The data shared with these models may include:
● Email and Calendar Content: Body text, event titles, dates, times, participant names.
● Meeting Recordings or Transcripts: Audio recordings converted into text for analysis or summarisation.
We require our AI service providers to process your information only to deliver Echo’s functionality and not to train or improve their own external, general-purpose models.
5.2 Third-Party Data Retention
We aim for minimal data retention by our AI providers. Whenever possible, we require “no retention” or a limited retention period solely for the purpose of returning AI outputs to Echo.
We currently use:
● AssemblyAI for audio transcription
● Anthropic (e.g., Claude) for text-based analysis and summarisation
● OpenAI (e.g., GPT models) for text-based analysis and summarisation
Lawful Basis for Data Processing:
● Performance of a Contract: We rely on the performance of a contract for processing data through these AI services. For instance, we consider it necessary to provide AI-powered transcription and summarisation features as part of our core service offering.
● Legitimate Interests: In some cases, we may rely on legitimate interests for processing your data. You have the right to object if we are relying on legitimate interests. Please note that if you object, certain AI-powered features (e.g. automatic meeting summaries) may not be available.
Our agreements with these providers prohibit them from storing or using your data for any purpose other than providing services to Echo. We do not permit them to use your data to train or improve their own general models.
6. Disclosure of Your Personal Data
We may share your personal data with:
1. Our Service Providers (Processors): Sub-processors that help operate Echo (e.g., data hosting, customer support, AI model providers).
2. Business Transfers: In the event of a merger, sale, or acquisition of some or all of our business or assets, your personal data may be transferred to the new entity.
3. Professional Advisors: Lawyers, bankers, auditors, and insurers who require data for legal, compliance, regulatory, or contractual obligations.
4. Regulators and Authorities: If required by law or to protect our rights or comply with a judicial proceeding, court order, or legal process.
We do not permit our third-party service providers to use your personal data for their own marketing or any purpose beyond delivering the services we’ve contracted them to provide.
7. International Data Transfers
We are based in the UK, and we primarily store data on Amazon Web Services (AWS) servers in the UK.
However, certain components of our platform may be hosted or processed outside the UK/EEA, including in the United States. In these cases, we ensure a similar degree of protection is afforded to your personal data by implementing one or more of the following safeguards:
1. Standard Contractual Clauses: We use contractual clauses approved by the European Commission (adapted for UK transfers) to ensure the recipient protects your personal data to UK/EU standards.
2. Adequacy Decisions: If personal data is transferred to a country the UK has deemed to have adequate data protection laws, we rely on that decision.
3. Supplementary Measures: For certain transfers to the United States, we rely on supplementary measures to ensure protection of your personal data.
We do not routinely publish a list of all sub-processors in our Privacy Policy. However, we can provide more specific details about sub-processors or international transfers upon request, where legally required to do so. If you have any questions about our data transfer safeguards, please contact us using the details below.
8. Data Security
We use appropriate technical and organisational measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction. Examples include encryption, access controls, and regular security assessments. We also limit access to personal data to employees, agents, contractors, and sub-processors who need it for business purposes and are subject to contractual confidentiality obligations.
If we become aware of any data breach that affects your personal data, we will notify you and the applicable regulator where we are legally required to do so.
9. Data Retention
We keep personal data only as long as reasonably necessary to fulfil the purposes we collected it for, including:
● Active Accounts: While your Echo account remains active, we retain your data to provide our services. You can request deletion of your data at any time through your user settings.
● Meeting Summaries/Recordings: Our current retention period for meeting summaries and recordings is indefinite. This is deemed necessary for our core offering, allowing users to access historical meetings. However, in the future, we may introduce a fixed retention period (e.g. a set number of months). You can delete your data at any time through your user settings or within the meeting interface.
● Upon Termination: When you close your account or after a certain period of inactivity, we may delete or anonymise your data unless legal obligations require us to keep it for a longer period. We will ensure that any retained data complies with applicable laws & regulations.
10. Your Legal Rights
Under data protection laws, you have the right to:
1. Access your personal data (commonly called a “data subject access request”).
2. Rectify any inaccuracies in your personal data.
3. Erase your personal data (the “right to be forgotten”), subject to certain exceptions.
4. Restrict or object to the processing of your personal data where we rely on legitimate interest.
5. Data Portability, i.e., receive your personal data in a structured, commonly used format and transfer it to another service where technically feasible.
6. Withdraw Consent at any time where we rely on consent to process your data.
To exercise any of these rights, please contact us at support@meetecho.io We may request proof of identity to ensure we only disclose information to the correct person. We aim to respond within one month, in compliance with the law.
If you have unresolved concerns, you have the right to complain to the Information Commissioner’s Office (ICO) at www.ico.org.uk, but we hope to address your concerns directly first.
11. Third-Party Links
Our website or services may contain links to third-party websites or integrations. Clicking on those links or enabling those integrations may allow third parties to collect or share data about you. We do not control these third-party services and are not responsible for their privacy practices. We encourage you to review their privacy policies.
12. Contact Us
If you have any questions about this Privacy Policy or about our data practices, please contact:
● Email: support@meetecho.io
● Address: Ridown Building, Fulcrum 2, PO15 7FN, UK.
We appreciate your feedback and will do our best to address your concerns promptly.
Privacy Policy
Effective Date - Wed 7 May, 2025
1. Introduction
Welcome to Echo (“Echo,” “we,” “us,” or “our”). At Echo, we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, store, use, and share your personal information when you visit our website (meetecho.io & meetecho.app), use our services (including AI-assisted meeting summaries and calendar integrations), or otherwise communicate with us. It also explains your privacy rights and how the law protects you.
1.1 Who We Are (Data Controller)
Echo is operated by Echo AI Limited, registered at Ridown Building, Fulcrum 2, PO15 7FN, UK. We are registered with the UK Information Commissioner’s Office (ICO) under the application reference C1662006. For the purposes of the UK General Data Protection Regulation (UK GDPR), we are the “data controller” of personal data we collect from you unless we explicitly state otherwise.
However, when our business customers (e.g., enterprise clients) input personal data from their employees, meeting participants, or third parties into Echo, we may act as a “data processor” on behalf of that business customer. In such cases, the business customer remains the primary “data controller,” and you should contact them directly regarding your rights over such data.
1.2 Contact Details
● Email: support@meetecho.io
● Address: Ridown Building, Fulcrum 2, PO15 7FN, UK.
We would appreciate the chance to address any concerns you have about privacy or data protection before you approach the ICO, so please contact us first using the details above. You also have the right to complain at any time to the Information Commissioner’s Office (ICO) at www.ico.org.uk.
1.3 Updates to this Privacy Policy
We may revise this Privacy Policy from time to time. Any changes become effective when we post the updated policy on our website, and the effective date at the top will be updated. If you continue to use our services after changes are posted, it means you agree to the updated policy. We encourage you to review this page periodically for the latest information on our privacy practices.
2. The Data We Collect About You
We only collect personal data that is relevant and limited to what is necessary for our services. We may collect, use, store, and transfer different kinds of personal data grouped as follows:
1. Contact Data: name, email address, phone number, and role at your company (if relevant).
2. Account Data: login credentials, calendar or meeting platform credentials where integrated.
3. Meeting Data: details from your calendar (time, date, participants, description, location) or any other information you input or generate within meetings (e.g., transcripts, recordings, summaries).
4. Usage Data: information about how you use our website, integrations, and services, such as page views, clicks, session times.
5. Technical Data: IP addresses, browser type and version, time zone settings, operating systems, device information.
6. Correspondence Data: any correspondence you send to us (e.g., emails, chat messages) and notes of phone calls if relevant.
We may also create aggregated, anonymized, or de-identified data from the personal data we collect—removing any information that could directly identify you. We may use or share such aggregated data for analytics, service improvement, or business purposes, provided it does not identify you personally.
3. How We Collect Personal Data
We use different methods to collect data from and about you, including:
1. Direct Interactions: You may provide personal data by filling in forms on our website, creating an Echo account, integrating your calendar, or by corresponding with us by email, phone, or otherwise.
2. Automated Technologies: As you interact with our website or use our service, we may automatically collect Technical Data through cookies or similar technologies.
3. Third-Party Integrations: When you integrate Echo with services like Google Calendar, Zoom, Microsoft Teams, etc., we receive data from those services. The scope of data access is based on the permissions you grant during integration.
4. How We Use Your Personal Data
We will only use your personal data where we have a lawful basis under the UK GDPR or other applicable laws. This typically includes:
1. Contractual Necessity: To provide Echo’s services in accordance with our Terms & Conditions (e.g., generating meeting summaries, sending recaps to participants, scheduling events).
2. Consent: Where you explicitly consent to certain data processing activities, such as sending you marketing communications.
3. Legitimate Interests: Where our legitimate interests (or those of a third party) do not override your fundamental rights and freedoms. For example, we might process limited usage data to prevent fraud, enhance security, or improve our services.
4. Legal Obligation: Where we need to comply with a legal or regulatory obligation (e.g., responding to lawful government requests).
If we process your personal data as a data processor (e.g. on behalf of clients), we will ensure that we have the necessary provisions in place, including the use of Data Processing Agreements (DPAs) where necessary.0
If you have questions about or need details on the specific legal ground we rely on for any particular processing, please contact us.
5. Data Sharing with AI Models
5.1 What Data Is Shared
To provide AI-assisted categorisation, note-taking, summarisation, or audio transcription, Echo may use third-party AI or machine-learning service providers. The data shared with these models may include:
● Email and Calendar Content: Body text, event titles, dates, times, participant names.
● Meeting Recordings or Transcripts: Audio recordings converted into text for analysis or summarisation.
We require our AI service providers to process your information only to deliver Echo’s functionality and not to train or improve their own external, general-purpose models.
5.2 Third-Party Data Retention
We aim for minimal data retention by our AI providers. Whenever possible, we require “no retention” or a limited retention period solely for the purpose of returning AI outputs to Echo.
We currently use:
● AssemblyAI for audio transcription
● Anthropic (e.g., Claude) for text-based analysis and summarisation
● OpenAI (e.g., GPT models) for text-based analysis and summarisation
Lawful Basis for Data Processing:
● Performance of a Contract: We rely on the performance of a contract for processing data through these AI services. For instance, we consider it necessary to provide AI-powered transcription and summarisation features as part of our core service offering.
● Legitimate Interests: In some cases, we may rely on legitimate interests for processing your data. You have the right to object if we are relying on legitimate interests. Please note that if you object, certain AI-powered features (e.g. automatic meeting summaries) may not be available.
Our agreements with these providers prohibit them from storing or using your data for any purpose other than providing services to Echo. We do not permit them to use your data to train or improve their own general models.
6. Disclosure of Your Personal Data
We may share your personal data with:
1. Our Service Providers (Processors): Sub-processors that help operate Echo (e.g., data hosting, customer support, AI model providers).
2. Business Transfers: In the event of a merger, sale, or acquisition of some or all of our business or assets, your personal data may be transferred to the new entity.
3. Professional Advisors: Lawyers, bankers, auditors, and insurers who require data for legal, compliance, regulatory, or contractual obligations.
4. Regulators and Authorities: If required by law or to protect our rights or comply with a judicial proceeding, court order, or legal process.
We do not permit our third-party service providers to use your personal data for their own marketing or any purpose beyond delivering the services we’ve contracted them to provide.
7. International Data Transfers
We are based in the UK, and we primarily store data on Amazon Web Services (AWS) servers in the UK.
However, certain components of our platform may be hosted or processed outside the UK/EEA, including in the United States. In these cases, we ensure a similar degree of protection is afforded to your personal data by implementing one or more of the following safeguards:
1. Standard Contractual Clauses: We use contractual clauses approved by the European Commission (adapted for UK transfers) to ensure the recipient protects your personal data to UK/EU standards.
2. Adequacy Decisions: If personal data is transferred to a country the UK has deemed to have adequate data protection laws, we rely on that decision.
3. Supplementary Measures: For certain transfers to the United States, we rely on supplementary measures to ensure protection of your personal data.
We do not routinely publish a list of all sub-processors in our Privacy Policy. However, we can provide more specific details about sub-processors or international transfers upon request, where legally required to do so. If you have any questions about our data transfer safeguards, please contact us using the details below.
8. Data Security
We use appropriate technical and organisational measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction. Examples include encryption, access controls, and regular security assessments. We also limit access to personal data to employees, agents, contractors, and sub-processors who need it for business purposes and are subject to contractual confidentiality obligations.
If we become aware of any data breach that affects your personal data, we will notify you and the applicable regulator where we are legally required to do so.
9. Data Retention
We keep personal data only as long as reasonably necessary to fulfil the purposes we collected it for, including:
● Active Accounts: While your Echo account remains active, we retain your data to provide our services. You can request deletion of your data at any time through your user settings.
● Meeting Summaries/Recordings: Our current retention period for meeting summaries and recordings is indefinite. This is deemed necessary for our core offering, allowing users to access historical meetings. However, in the future, we may introduce a fixed retention period (e.g. a set number of months). You can delete your data at any time through your user settings or within the meeting interface.
● Upon Termination: When you close your account or after a certain period of inactivity, we may delete or anonymise your data unless legal obligations require us to keep it for a longer period. We will ensure that any retained data complies with applicable laws & regulations.
10. Your Legal Rights
Under data protection laws, you have the right to:
1. Access your personal data (commonly called a “data subject access request”).
2. Rectify any inaccuracies in your personal data.
3. Erase your personal data (the “right to be forgotten”), subject to certain exceptions.
4. Restrict or object to the processing of your personal data where we rely on legitimate interest.
5. Data Portability, i.e., receive your personal data in a structured, commonly used format and transfer it to another service where technically feasible.
6. Withdraw Consent at any time where we rely on consent to process your data.
To exercise any of these rights, please contact us at support@meetecho.io We may request proof of identity to ensure we only disclose information to the correct person. We aim to respond within one month, in compliance with the law.
If you have unresolved concerns, you have the right to complain to the Information Commissioner’s Office (ICO) at www.ico.org.uk, but we hope to address your concerns directly first.
11. Third-Party Links
Our website or services may contain links to third-party websites or integrations. Clicking on those links or enabling those integrations may allow third parties to collect or share data about you. We do not control these third-party services and are not responsible for their privacy practices. We encourage you to review their privacy policies.
12. Contact Us
If you have any questions about this Privacy Policy or about our data practices, please contact:
● Email: support@meetecho.io
● Address: Ridown Building, Fulcrum 2, PO15 7FN, UK.
We appreciate your feedback and will do our best to address your concerns promptly.
Privacy Policy
Effective Date - Wed 7 May, 2025
1. Introduction
Welcome to Echo (“Echo,” “we,” “us,” or “our”). At Echo, we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, store, use, and share your personal information when you visit our website (meetecho.io & meetecho.app), use our services (including AI-assisted meeting summaries and calendar integrations), or otherwise communicate with us. It also explains your privacy rights and how the law protects you.
1.1 Who We Are (Data Controller)
Echo is operated by Echo AI Limited, registered at Ridown Building, Fulcrum 2, PO15 7FN, UK. We are registered with the UK Information Commissioner’s Office (ICO) under the application reference C1662006. For the purposes of the UK General Data Protection Regulation (UK GDPR), we are the “data controller” of personal data we collect from you unless we explicitly state otherwise.
However, when our business customers (e.g., enterprise clients) input personal data from their employees, meeting participants, or third parties into Echo, we may act as a “data processor” on behalf of that business customer. In such cases, the business customer remains the primary “data controller,” and you should contact them directly regarding your rights over such data.
1.2 Contact Details
● Email: support@meetecho.io
● Address: Ridown Building, Fulcrum 2, PO15 7FN, UK.
We would appreciate the chance to address any concerns you have about privacy or data protection before you approach the ICO, so please contact us first using the details above. You also have the right to complain at any time to the Information Commissioner’s Office (ICO) at www.ico.org.uk.
1.3 Updates to this Privacy Policy
We may revise this Privacy Policy from time to time. Any changes become effective when we post the updated policy on our website, and the effective date at the top will be updated. If you continue to use our services after changes are posted, it means you agree to the updated policy. We encourage you to review this page periodically for the latest information on our privacy practices.
2. The Data We Collect About You
We only collect personal data that is relevant and limited to what is necessary for our services. We may collect, use, store, and transfer different kinds of personal data grouped as follows:
1. Contact Data: name, email address, phone number, and role at your company (if relevant).
2. Account Data: login credentials, calendar or meeting platform credentials where integrated.
3. Meeting Data: details from your calendar (time, date, participants, description, location) or any other information you input or generate within meetings (e.g., transcripts, recordings, summaries).
4. Usage Data: information about how you use our website, integrations, and services, such as page views, clicks, session times.
5. Technical Data: IP addresses, browser type and version, time zone settings, operating systems, device information.
6. Correspondence Data: any correspondence you send to us (e.g., emails, chat messages) and notes of phone calls if relevant.
We may also create aggregated, anonymized, or de-identified data from the personal data we collect—removing any information that could directly identify you. We may use or share such aggregated data for analytics, service improvement, or business purposes, provided it does not identify you personally.
3. How We Collect Personal Data
We use different methods to collect data from and about you, including:
1. Direct Interactions: You may provide personal data by filling in forms on our website, creating an Echo account, integrating your calendar, or by corresponding with us by email, phone, or otherwise.
2. Automated Technologies: As you interact with our website or use our service, we may automatically collect Technical Data through cookies or similar technologies.
3. Third-Party Integrations: When you integrate Echo with services like Google Calendar, Zoom, Microsoft Teams, etc., we receive data from those services. The scope of data access is based on the permissions you grant during integration.
4. How We Use Your Personal Data
We will only use your personal data where we have a lawful basis under the UK GDPR or other applicable laws. This typically includes:
1. Contractual Necessity: To provide Echo’s services in accordance with our Terms & Conditions (e.g., generating meeting summaries, sending recaps to participants, scheduling events).
2. Consent: Where you explicitly consent to certain data processing activities, such as sending you marketing communications.
3. Legitimate Interests: Where our legitimate interests (or those of a third party) do not override your fundamental rights and freedoms. For example, we might process limited usage data to prevent fraud, enhance security, or improve our services.
4. Legal Obligation: Where we need to comply with a legal or regulatory obligation (e.g., responding to lawful government requests).
If we process your personal data as a data processor (e.g. on behalf of clients), we will ensure that we have the necessary provisions in place, including the use of Data Processing Agreements (DPAs) where necessary.0
If you have questions about or need details on the specific legal ground we rely on for any particular processing, please contact us.
5. Data Sharing with AI Models
5.1 What Data Is Shared
To provide AI-assisted categorisation, note-taking, summarisation, or audio transcription, Echo may use third-party AI or machine-learning service providers. The data shared with these models may include:
● Email and Calendar Content: Body text, event titles, dates, times, participant names.
● Meeting Recordings or Transcripts: Audio recordings converted into text for analysis or summarisation.
We require our AI service providers to process your information only to deliver Echo’s functionality and not to train or improve their own external, general-purpose models.
5.2 Third-Party Data Retention
We aim for minimal data retention by our AI providers. Whenever possible, we require “no retention” or a limited retention period solely for the purpose of returning AI outputs to Echo.
We currently use:
● AssemblyAI for audio transcription
● Anthropic (e.g., Claude) for text-based analysis and summarisation
● OpenAI (e.g., GPT models) for text-based analysis and summarisation
Lawful Basis for Data Processing:
● Performance of a Contract: We rely on the performance of a contract for processing data through these AI services. For instance, we consider it necessary to provide AI-powered transcription and summarisation features as part of our core service offering.
● Legitimate Interests: In some cases, we may rely on legitimate interests for processing your data. You have the right to object if we are relying on legitimate interests. Please note that if you object, certain AI-powered features (e.g. automatic meeting summaries) may not be available.
Our agreements with these providers prohibit them from storing or using your data for any purpose other than providing services to Echo. We do not permit them to use your data to train or improve their own general models.
6. Disclosure of Your Personal Data
We may share your personal data with:
1. Our Service Providers (Processors): Sub-processors that help operate Echo (e.g., data hosting, customer support, AI model providers).
2. Business Transfers: In the event of a merger, sale, or acquisition of some or all of our business or assets, your personal data may be transferred to the new entity.
3. Professional Advisors: Lawyers, bankers, auditors, and insurers who require data for legal, compliance, regulatory, or contractual obligations.
4. Regulators and Authorities: If required by law or to protect our rights or comply with a judicial proceeding, court order, or legal process.
We do not permit our third-party service providers to use your personal data for their own marketing or any purpose beyond delivering the services we’ve contracted them to provide.
7. International Data Transfers
We are based in the UK, and we primarily store data on Amazon Web Services (AWS) servers in the UK.
However, certain components of our platform may be hosted or processed outside the UK/EEA, including in the United States. In these cases, we ensure a similar degree of protection is afforded to your personal data by implementing one or more of the following safeguards:
1. Standard Contractual Clauses: We use contractual clauses approved by the European Commission (adapted for UK transfers) to ensure the recipient protects your personal data to UK/EU standards.
2. Adequacy Decisions: If personal data is transferred to a country the UK has deemed to have adequate data protection laws, we rely on that decision.
3. Supplementary Measures: For certain transfers to the United States, we rely on supplementary measures to ensure protection of your personal data.
We do not routinely publish a list of all sub-processors in our Privacy Policy. However, we can provide more specific details about sub-processors or international transfers upon request, where legally required to do so. If you have any questions about our data transfer safeguards, please contact us using the details below.
8. Data Security
We use appropriate technical and organisational measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction. Examples include encryption, access controls, and regular security assessments. We also limit access to personal data to employees, agents, contractors, and sub-processors who need it for business purposes and are subject to contractual confidentiality obligations.
If we become aware of any data breach that affects your personal data, we will notify you and the applicable regulator where we are legally required to do so.
9. Data Retention
We keep personal data only as long as reasonably necessary to fulfil the purposes we collected it for, including:
● Active Accounts: While your Echo account remains active, we retain your data to provide our services. You can request deletion of your data at any time through your user settings.
● Meeting Summaries/Recordings: Our current retention period for meeting summaries and recordings is indefinite. This is deemed necessary for our core offering, allowing users to access historical meetings. However, in the future, we may introduce a fixed retention period (e.g. a set number of months). You can delete your data at any time through your user settings or within the meeting interface.
● Upon Termination: When you close your account or after a certain period of inactivity, we may delete or anonymise your data unless legal obligations require us to keep it for a longer period. We will ensure that any retained data complies with applicable laws & regulations.
10. Your Legal Rights
Under data protection laws, you have the right to:
1. Access your personal data (commonly called a “data subject access request”).
2. Rectify any inaccuracies in your personal data.
3. Erase your personal data (the “right to be forgotten”), subject to certain exceptions.
4. Restrict or object to the processing of your personal data where we rely on legitimate interest.
5. Data Portability, i.e., receive your personal data in a structured, commonly used format and transfer it to another service where technically feasible.
6. Withdraw Consent at any time where we rely on consent to process your data.
To exercise any of these rights, please contact us at support@meetecho.io We may request proof of identity to ensure we only disclose information to the correct person. We aim to respond within one month, in compliance with the law.
If you have unresolved concerns, you have the right to complain to the Information Commissioner’s Office (ICO) at www.ico.org.uk, but we hope to address your concerns directly first.
11. Third-Party Links
Our website or services may contain links to third-party websites or integrations. Clicking on those links or enabling those integrations may allow third parties to collect or share data about you. We do not control these third-party services and are not responsible for their privacy practices. We encourage you to review their privacy policies.
12. Contact Us
If you have any questions about this Privacy Policy or about our data practices, please contact:
● Email: support@meetecho.io
● Address: Ridown Building, Fulcrum 2, PO15 7FN, UK.
We appreciate your feedback and will do our best to address your concerns promptly.
Privacy Policy