Privacy Policy

We're not in charge of our online experiences today. Platforms that should serve us instead use our data to keep us hooked and sell us ads. MyEchoPath is meant to be a different type of place — a quiet, private space for honest self-reflection.

Voice journaling and AI reflection allow you to see your life from a personally tailored, objective, and compassionate perspective. Much like a mirror, earnest journaling practice can help us see our own patterns and hear things we might otherwise miss.

Information you provide directly

Information collected automatically

• Device data: operating system, device type, app version, IP address, language settings
• Usage data: screens viewed, features used, entry frequency, streak data, time spent in app
• Crash and performance data: error logs, app performance metrics — used solely to fix bugs and improve reliability

Sensitive data: If you voluntarily include sensitive personal information in your journal recordings (health conditions, religious beliefs, political views, etc.), you consent to our processing of such information in accordance with this Privacy Policy. We strongly recommend against including sensitive third-party information about other individuals.

We do not collect: your real name, phone number, photo, location, contacts, browsing history, or biometric identifiers beyond your voice recordings as described above.

Our mobile application and website may use the following technologies to collect information automatically:

• Cookies: Small text files stored on your device. We use session cookies (deleted when you close the browser) and persistent cookies (retained longer) to remember your preferences and login state on our website.
• Local storage (HTML5): Used to store app preferences locally on your device.
• Analytics SDKs: We may use anonymized, aggregated analytics to understand how the app is used. These are configured to exclude journal content.
• Crash reporting: Automated error reporting to identify and fix technical issues. No journal content is included.

Most browsers let you remove or reject cookies. Doing so may affect certain website features. You can configure your mobile device to limit ad tracking in your device privacy settings. We currently do not respond to "Do Not Track" browser signals.

Service delivery and operations

• Provide, operate, and maintain the Service
• Establish and maintain your user account and profile
• Enable security features and authenticate your access
• Send service-related notices, security alerts, and support messages
• Respond to your requests, questions, and feedback

Service personalization

• Generate AI emotional analysis, coaching prompts, and weekly insight summaries from your voice entries
• Personalize your Daily Echo Challenge and growth tracking visualizations
• Remember your in-app preferences and settings

Service improvement and analytics

We may use aggregated, de-identified, non-journal data (e.g., feature usage patterns, crash reports) to improve the Service and develop new features. We will only use anonymized journal data for analytical purposes or AI model training if you have explicitly opted in through the Service.

Compliance and protection

• Comply with applicable laws, legal process, and government requests
• Protect the rights, property, and safety of MyEchoPath, our users, and the public
• Enforce our Terms of Service
• Detect and prevent fraud, unauthorized access, and illegal activity

Voice recordings and AI-generated content ("Reflected Content") are central to MyEchoPath. Here is exactly how they are handled:

Recording and storage

• Audio is captured on your device and uploaded to your private, access-controlled storage bucket only upon your confirmation
• You may preview and discard any recording before it is saved
• Private entries are stored in encrypted, access-controlled storage — never in a publicly accessible location
• When you delete an entry, the audio file and all associated metadata are permanently deleted

AI processing ("Reflected Content")

MyEchoPath uses third-party AI services to generate responses to your voice entries. This AI-generated output ("Reflected Content") is provided "as is." You acknowledge that:

• Your transcript (not raw audio) is sent to Anthropic's Claude API for emotional analysis and coaching prompt generation
• Audio may be sent to a speech-to-text transcription service (OpenAI Whisper or equivalent)
• These third-party AI providers are contractually prohibited from using your journal content to train their own models
• Reflected Content may not be unique — similar entries may generate similar insights for other users
• You are solely responsible for your use of AI-generated content. MyEchoPath is not liable for any action you take based on Reflected Content

Audio recording consent

By using the recording features of MyEchoPath, you: (i) consent to your voice being recorded and stored as described; (ii) agree to comply with all applicable recording laws; and (iii) agree to obtain consent from any other individuals before recording them. If you do not wish to be recorded, do not use the recording features of the Service.

Collective Echo (anonymous sharing)

• Sharing to the Collective Echo feed is strictly opt-in — we never share your entries without your explicit action
• Shared entries contain only an audio file and an AI-generated emotion label — no username, email, or account identifier is ever attached
• You may remove any shared entry from the public stream at any time from within the app
• We cannot guarantee that voice characteristics alone cannot theoretically identify you — sharing is entirely at your discretion

We retain your personal information to fulfill the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements, and to establish or defend legal claims. To determine the appropriate retention period, we consider the amount and sensitivity of the data, potential risk of unauthorized use, and applicable legal requirements.

• Active account: All data retained until you delete it or close your account
• Individual entries: Permanently deleted immediately upon your request
• Account closure: All personal data deleted within 30 days, except where required by law
• Free-tier audio archive: Audio files for free users are retained for 7 days after recording; premium users retain audio indefinitely
• Aggregated analytics: Non-identifiable usage statistics may be retained indefinitely

When we no longer require your personal information, we delete it, anonymize it, or isolate it from further processing.

• Service providers: Trusted infrastructure providers (Supabase for database/storage, Anthropic and OpenAI for AI processing) who are bound by confidentiality agreements and prohibited from using your data for their own purposes.
• Generative AI providers: We share your transcript (not raw audio) with Anthropic and/or OpenAI solely to generate your AI insights. These providers do not train their models on your identifiable personal information.
• Payment processors: Payment is processed directly by Apple App Store or Google Play. We receive only your subscription status — never your payment card details.
• Anonymous Collective Echo: If you explicitly share an entry, only the audio and emotion label are published — no personal identifier is ever attached.
• Professional advisors: Lawyers, auditors, and insurers where necessary for professional services rendered to us.
• Legal requirements: Law enforcement or government authorities where we reasonably believe disclosure is required by law or to protect safety.
• Business transfers: In a merger, acquisition, or asset sale, your data may transfer to an acquiring entity subject to the same privacy protections. We will notify you before your data becomes subject to a materially different privacy policy.

We rely on a small number of trusted third-party providers to operate the Service. Each is bound by data processing agreements that prohibit them from using your data for purposes beyond providing services to us.

We do not use your journal data with any advertising networks, data brokers, or analytics providers.

• Update your information: Edit your username, avatar color, and notification preferences at any time in Profile → Settings.
• Opt out of marketing emails: Follow the unsubscribe link in any marketing email. You will continue to receive service-related notices.
• Delete individual entries: Delete any entry immediately from within the app. Audio and all metadata are permanently removed.
• Unshare from Collective Echo: Remove any shared entry from the public stream at any time from the entry detail screen.
• Cookies: Manage cookies through your browser settings. Disabling cookies may affect website functionality.
• Mobile location: Disable location access in your device settings at any time. MyEchoPath does not require location data.
• Decline to provide information: You may choose not to provide certain information, but this may limit your ability to use certain features of the Service.
• Close your account: Request full account and data deletion by contacting privacy@myechopath.com or using Profile → Settings → Delete Account.

Depending on your location, you may have the following rights. We honor these rights for all users regardless of location:

• Access: Request a copy of all personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion ("Right to be Forgotten"): Request permanent deletion of your account and all associated data
• Portability: Request your data in a structured, machine-readable format (JSON/CSV)
• Objection / Restriction: Object to or request restriction of certain types of processing
• Withdraw Consent: Withdraw consent to any processing based on your consent at any time
• No AI training opt-out: You are automatically opted out of AI model training. We will request explicit consent before ever enabling this.

California (CCPA/CPRA): California residents have rights to know, delete, correct, and opt out of the sale of personal information. We do not sell personal information.

Washington (My Health MY Data Act): Washington residents have additional rights over consumer health data as described in our Consumer Health Privacy Policy.

EU/UK (GDPR): EU and UK residents may exercise rights under GDPR. Our lawful basis for processing is your consent, provided at account creation.

To exercise any right, email privacy@myechopath.com. We respond within 30 days and will never discriminate against you for exercising your privacy rights.

We employ technical, organizational, and physical safeguards to protect your personal information, including:

• Encryption of all data in transit (TLS 1.2+) and at rest
• Row-Level Security on all database tables — only your account can query your data
• Private, access-controlled audio storage buckets — separate from any public buckets used for the Collective Echo
• Authentication tokens stored in your device's encrypted secure storage (never in plain text)
• Hashed passwords — we never store passwords in plain text

MyEchoPath is headquartered in the United States. If you access the Service from outside the United States, your personal information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. Privacy laws in these jurisdictions may differ from those in your country.

By using the Service, you consent to the transfer of your personal information to countries outside your country of residence, including the United States. We take appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Policy.

The Service is not intended for use by anyone under 13 years of age. We do not knowingly collect personal information from children under 13. Users between 13 and 17 may only use the Service with verifiable parental consent.

If you are a parent or guardian and believe we have collected personal information from your child without required consent, please contact us at privacy@myechopath.com. We will take steps to delete that information promptly.

MyEchoPath is a self-reflection journaling tool — not a medical device, mental health treatment, therapy, or crisis service. AI-generated insights, emotion labels, and coaching prompts are for personal reflection only and do not constitute medical advice of any kind.

• You use MyEchoPath entirely at your own risk
• We are not responsible for any decisions you make based on AI-generated content
• We are not responsible for any physical, emotional, or psychological harm resulting from your use of the Service
• MyEchoPath is not a crisis service — if you are in crisis, contact 911 or the 988 Suicide & Crisis Lifeline

We reserve the right to modify this Privacy Policy at any time. If we make material changes, we will notify you by updating the effective date and posting the revised policy on the Service. For significant changes, we will send an in-app notification. Your continued use of the Service after the effective date of any modification constitutes acceptance of the updated Privacy Policy.

If you do not agree to the updated policy, you must stop using the Service and may request deletion of your account.

For questions, concerns, or privacy rights requests, please reach out to our privacy team: