EchoLive logo
Search
Join the public beta

Legal

Privacy Policy

Last updated: February 10, 2026

Key Principle: You own your data. We are merely the processor, and you maintain full control.

1. Overview

EchoLive is a content and audio platform for reading, organizing, searching, and listening to web content. This policy explains how we collect, use, and protect your data in compliance with GDPR, CCPA, and other privacy regulations.

2. What Data We Collect

2.1 Account Information

  • Email address (via Auth0 authentication)
  • Authentication tokens (session management)
  • Login timestamps and IP addresses (security)

2.2 Content & Feeds

  • Feed Subscriptions: RSS/Atom URLs, newsletter subscriptions, podcast feeds, YouTube channel subscriptions
  • Feed Items: Article titles, URLs, publication dates, content (cached for reader mode)
  • Reading Status: Read/unread markers, starred items, bookmarks
  • Organization: Folders, collections, tags
  • Saved Content: Articles, bookmarks, text snippets saved via web or browser extension
  • Search Index: Vector embeddings for semantic search (derived from your content, not raw text)

2.3 Audio Projects (Studio)

  • Text Content: Documents, scripts, or other text you enter for audio generation
  • Voice Settings: Voice selection, style, rate, pitch preferences
  • Audio Files: Generated MP3/WAV files from your text
  • Metadata: Project names, creation dates, modification dates

2.4 Browser Extension Data

  • Page URLs: URLs of pages you save via the extension
  • Page Titles: Titles of saved pages
  • Selected Text: Text snippets you choose to save
  • Extension Settings: Your save preferences and collection choices

2.5 Technical Data

  • Browser type and version
  • Operating system
  • Access logs (for security and debugging)
  • Error logs (anonymized)
  • Analytics: Anonymized usage patterns via Google Analytics (see Section 4.3)
  • Support Chat: Tawk.to chat interactions if you use the support chat (see Section 4.4)

3. How We Use Your Data

Legal Basis (GDPR Article 6):
  • Contract Performance: Processing necessary to provide EchoLive's services (feeds, reading, audio, search)
  • Legitimate Interest: Security, fraud prevention, service improvement
  • Consent: Optional features (analytics, support chat) and marketing (if applicable)

3.1 Service Provision

  • Subscribe to and fetch RSS feeds, newsletters, podcasts, and YouTube channels
  • Save and organize articles, bookmarks, and web pages
  • Provide reader mode and semantic AI search across your content
  • Convert your text to speech using Azure Cognitive Services
  • Save your projects and content for future access
  • Store generated audio files for download
  • Authenticate your access to your data

3.2 Service Improvement

  • Monitor service performance and reliability
  • Debug technical issues
  • Understand usage patterns (anonymized)

3.3 Security

  • Prevent unauthorized access
  • Detect and prevent abuse
  • Maintain audit logs

4. Third-Party Services

4.1 Authentication (Auth0)

What: Identity and access management

Data Shared: Email, authentication tokens

Privacy Policy: Auth0 Privacy Policy

4.2 Speech Service (Azure)

What: Text-to-speech conversion

Data Shared: Your text content (temporarily, for processing only)

Data Retention: Microsoft does NOT store your text after conversion

Privacy Policy: Microsoft Privacy Statement

Important: Your text is sent to Azure only during synthesis. Azure processes it in real-time and does NOT retain it. The audio file is returned to our servers immediately.

4.3 Analytics (Google Analytics)

What: Website usage analytics

Data Shared: Anonymized page views, browser info, referrer data

Cookies: Yes (can be controlled via cookie consent banner)

Privacy Policy: Google Privacy Policy

Opt-out: Use the cookie banner to decline analytics cookies or install Google Analytics Opt-out Browser Add-on

4.4 Support Chat (Tawk.to)

What: Live chat support widget

Data Shared: Chat messages, email (if provided), page URL

Privacy Policy: Tawk.to Privacy Policy

Note: Chat is optional. Data is only collected if you initiate a chat.

4.5 Cookie Consent (Silktide Consent Manager)

What: Cookie consent management (open source, self-hosted)

Data Shared: Consent choices stored locally in your browser (no data sent to third parties)

Source Code: Silktide Consent Manager on GitHub

5. Data Storage & Security

5.1 Where Data is Stored

  • Application Server: Your projects and audio files (encrypted at rest)
  • Authentication: Auth0 servers (EU/US based on your configuration)
  • Processing: Azure Sweden Central (EU GDPR-compliant region)

5.2 Security Measures

  • HTTPS/TLS encryption in transit
  • Encrypted storage at rest
  • Authentication required for all data access
  • Regular security updates and patches
  • Access logs and monitoring
  • No data sharing with third parties (except as listed above)

5.3 Data Isolation

Your projects and audio files are isolated per user account. No other users can access your data. Project IDs are randomly generated UUIDs to prevent enumeration.

6. Your Rights (GDPR Compliance)

Right to Access

Request a copy of all your data

Right to Rectification

Correct inaccurate data

Right to Erasure

Delete all your data

Right to Data Portability

Export your data in JSON format

Right to Restrict Processing

Limit how we use your data

Right to Object

Object to specific data uses

To exercise these rights, visit the GDPR Rights Center in your account settings, review User Data Deletion, or contact us.

6.5 California Consumer Privacy Act (CCPA) Rights

If you are a California resident, you have additional rights under the CCPA:

  • Right to Know: Request details about the personal information we collect, use, and disclose
  • Right to Delete: Request deletion of your personal information (same as GDPR erasure above)
  • Right to Opt-Out of Sale: We do NOT sell personal information. We do not share data for monetary consideration.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise these rights, use the same process as GDPR rights (see above).

7. Data Retention

See our Data Retention Policy for details.

  • Feed Subscriptions & Items: Retained until you unsubscribe or delete
  • Saved Articles & Bookmarks: Retained until you delete them (full user control)
  • Projects (Studio): Retained until you delete them (full user control)
  • Generated Audio: Retained for 90 days or until project/item is deleted, whichever comes first
  • Search Index: Updated in real-time as you add/remove content; deleted when source content is deleted
  • Logs: 90 days for security and debugging
  • Account Data: Until account deletion or 2 years of inactivity

8. Children's Privacy

EchoLive is not intended for children under 13 (or 16 in the EU). We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us immediately.

9. International Transfers

Your data is primarily processed in the EU (Azure Sweden Central). If transfers to other regions are necessary, we use Standard Contractual Clauses (SCCs) and ensure GDPR-level protection.

10. Changes to This Policy

We may update this policy periodically. We will notify you of material changes via email or prominent notice in the application. Continued use after changes constitutes acceptance.

11. Contact & Data Protection Officer

For privacy questions, concerns, or to exercise your rights:

Use our contact form and select Privacy & Data Requests.

We will respond to all requests within 30 days as required by GDPR.

12. Cookies & Tracking Technologies

EchoLive uses cookies and similar technologies:

  • Essential Cookies: Authentication, session management (required for the Service to function)
  • Analytics Cookies: Google Analytics for usage patterns (optional, can be declined via cookie banner)
  • Chat Cookies: Tawk.to support chat (only if you use the chat widget)

You can control cookie preferences via the consent banner on your first visit or by clicking the cookie icon in the bottom-left corner of the page.

Third-party cookies: Google Analytics, Tawk.to, and Auth0 may set their own cookies. See their privacy policies (linked in Section 4) for details.

13. Supervisory Authority

If you are in the EU/EEA and believe we have not addressed your concerns, you have the right to lodge a complaint with your local data protection authority.