Privacy Policy

Introduction

Welcome to EchoPastel ("we," "our," or "us"). EchoPastel is a visual feedback platform that allows you to annotate elements of your web pages and collaborate with your team to improve your interfaces. We are committed to protecting your privacy and ensuring the security of your personal information.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. By using EchoPastel, you agree to the collection and use of information in accordance with this policy.

If you have any questions about this Privacy Policy, please contact us at the information provided at the end of this document.

Information We Collect

We collect several types of information to provide and improve our service:

Account Information

When you create an account, we collect:

  • Name: Your full name or display name
  • Email address: Used for account identification and communication
  • Profile image: Optional profile picture
  • Username: Optional unique username
  • Locale preferences: Your language and regional settings
  • Email verification status: Whether your email has been verified

Authentication Information

Depending on your chosen authentication method, we may collect:

  • Password: Securely hashed and stored (if using password authentication)
  • OAuth provider data: When you sign in with social providers (Google), we receive basic profile information from the provider
  • Magic link tokens: Temporary tokens for passwordless authentication
  • Passkey credentials: For passkey-based authentication (if enabled)
  • Two-factor authentication data: Secret keys and backup codes (if enabled)

Session Information

When you use our service, we automatically collect:

  • IP address: Your device's internet protocol address
  • User agent: Information about your browser and device
  • Session tokens: Unique identifiers for your active sessions
  • Active organization: The organization you're currently working within

Content Data

As part of using EchoPastel, you create and manage:

  • Echos: Feedback projects associated with websites, including domain names and screenshots
  • Pins (Annotations): Comments and feedback placed on web page elements, including text, mentions, and metadata
  • Pin Replies: Responses to annotations
  • Shared Echos: Information about Echos shared with collaborators
  • AI Chat conversations: If you use AI features, we store your chat history

Organization Data

If you create or join organizations, we collect:

  • Organization name and slug: Identifiers for your organization
  • Organization logo: Optional branding image
  • Member information: Roles and relationships within organizations
  • Invitations: Email addresses and status of pending invitations

Payment Information

When you make a purchase or subscription:

  • Payment processor data: We use third-party payment processors (DodoPayment) who handle payment details
  • Purchase history: Records of subscriptions and one-time purchases
  • Customer IDs: Identifiers from payment processors
  • Subscription status: Active subscription information

Note: We do not store credit card numbers or sensitive payment information directly. All payment processing is handled by our secure third-party payment processors.

Communication Data

When you interact with us:

  • Contact form submissions: Messages sent through our contact form
  • Email communications: Correspondence between you and our support team
  • Newsletter subscriptions: Email addresses for marketing communications (if subscribed)

Usage and Analytics Data

We collect information about how you use our service:

  • Feature usage: Which features you use and how often
  • Performance metrics: Page load times and error logs
  • Device information: Browser type, operating system, and device characteristics

How We Use Your Information

We use the collected information for the following purposes:

Service Provision

  • To create and manage your account
  • To provide access to EchoPastel features (Echos, annotations, collaboration)
  • To process payments and manage subscriptions
  • To send service-related communications (account updates, security alerts)

Communication

  • To respond to your inquiries and support requests
  • To send important service updates and notifications
  • To send marketing communications (with your consent, where required)

Improvement and Analytics

  • To analyze usage patterns and improve our service
  • To develop new features and functionality
  • To monitor service performance and troubleshoot issues
  • To conduct research and analytics

Security and Compliance

  • To authenticate users and prevent unauthorized access
  • To detect and prevent fraud, abuse, and security threats
  • To comply with legal obligations
  • To enforce our Terms and Conditions

Collaboration Features

  • To enable team collaboration within organizations
  • To manage invitations and member access
  • To facilitate mentions and notifications

Legal Basis for Processing

We process your personal information based on the following legal grounds:

Contractual Necessity

We process your information to fulfill our contract with you, including:

  • Providing access to EchoPastel services
  • Processing payments and subscriptions
  • Delivering features you've requested

Legitimate Interests

We process information for our legitimate business interests, such as:

  • Improving and optimizing our service
  • Analyzing usage patterns
  • Preventing fraud and ensuring security
  • Marketing our services (where permitted)

Consent

We process certain information based on your explicit consent, including:

  • Marketing communications
  • Analytics cookies (where required by law)
  • Optional profile information

Legal Obligations

We may process information to comply with legal requirements, such as:

  • Tax and accounting obligations
  • Responding to legal requests
  • Protecting rights and safety

Data Sharing and Third-Party Services

We share your information with third-party service providers who assist us in operating our service:

Analytics Services

We use analytics services to understand how our service is used. These services may collect information about your use of EchoPastel:

  • PostHog: Product analytics and feature flags
  • Vercel Analytics: Performance and usage analytics
  • Google Analytics: Web analytics (if enabled)

These services may use cookies and similar technologies. Please refer to their respective privacy policies for more information.

Payment Processors

We use third-party payment processors to handle transactions:

  • DodoPayment: Payment processing service

These processors handle payment information according to their own privacy policies and security standards (PCI DSS compliance).

Storage Services

  • Amazon S3: We use Amazon S3 to store files such as:
    • User avatars
    • Echo screenshots and assets
    • Other user-uploaded content

Support Services

  • Chatwoot: Customer support and live chat functionality (if enabled)

Authentication Providers

When you use social login, we interact with:

  • Google: OAuth authentication

These providers share basic profile information with us according to their privacy policies.

Other Service Providers

We may also use:

  • Email service providers: For sending transactional and marketing emails
  • Hosting providers: For infrastructure and data storage
  • Database services: For data storage and management

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

Legal Requirements

We may disclose your information if required by law or in response to:

  • Court orders or legal processes
  • Government requests
  • Protection of rights, property, or safety
  • Enforcement of our Terms and Conditions

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

Essential Cookies

  • Session cookies: Required for authentication and maintaining your session
  • NEXT_LOCALE: Stores your language preference

Analytics Cookies

We use analytics cookies (with your consent where required) to:

  • Understand how you use our service
  • Improve functionality and user experience
  • Analyze traffic patterns

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of EchoPastel.

Data Security

We implement appropriate technical and organizational measures to protect your information:

  • Encryption: Data in transit is encrypted using TLS/SSL
  • Secure storage: Sensitive data is stored using industry-standard encryption
  • Access controls: Limited access to personal information on a need-to-know basis
  • Regular security audits: We conduct security assessments and updates
  • Secure authentication: Support for two-factor authentication and passkeys

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Your Rights

Depending on your location, you may have certain rights regarding your personal information:

Right to Access

You can request a copy of the personal information we hold about you.

Right to Rectification

You can request correction of inaccurate or incomplete information.

Right to Erasure

You can request deletion of your personal information, subject to legal and contractual obligations.

Right to Restrict Processing

You can request that we limit how we use your information in certain circumstances.

Right to Data Portability

You can request a copy of your data in a structured, machine-readable format.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time.

How to Exercise Your Rights

To exercise these rights, please contact us using the information provided in the "Contact Information" section below. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

Data Retention

We retain your information for as long as necessary to:

  • Provide our services to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements
  • Maintain security and prevent fraud

Specific retention periods:

  • Account data: Retained while your account is active and for a reasonable period after account deletion
  • Transaction records: Retained as required by law (typically 7 years for tax purposes)
  • Session data: Deleted when sessions expire or are terminated
  • Content data: Retained until you delete it or your account is deleted

When you delete your account, we will delete or anonymize your personal information, except where we are required to retain it by law.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

When we transfer information internationally, we ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses
  • Adequacy decisions by relevant authorities
  • Other legally recognized transfer mechanisms

By using EchoPastel, you consent to the transfer of your information to countries where we operate.

Children's Privacy

EchoPastel is not intended for children under the age of 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected information from a child under 13, we will take steps to delete that information.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification (for significant changes)
  • Displaying a notice on our service

Your continued use of EchoPastel after changes become effective constitutes acceptance of the updated policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: contact@echopastel.com Contact Form: https://echopastel.com/contact

This Privacy Policy is effective as of 2025-11-25 and applies to all users of EchoPastel.