EchoSpace

Privacy Policy

Last updated: May 18, 2026 · Effective: May 18, 2026

EchoSpace ("EchoSpace", "we", "us") builds a spatial AI companion for iOS and Android. We believe privacy is a feature, not a footnote. This policy explains what we collect, why, how we protect it, and the rights you have over it — written in plain language and structured to meet Apple App Store, Google Play, GDPR, UK GDPR, CCPA/CPRA, LGPD, PIPEDA, and the EU AI Act transparency obligations in force in 2026.

Contents 1. Privacy at a glance 2. Data we collect 3. AR & camera usage 4. Personal memory storage 5. AI & on-device processing 6. Health & sensitive data 7. Service providers & sub-processors 8. Subscriptions & in-app purchases 9. Legal bases & retention 10. Your rights & deletion 11. Children 12. Changes 13. Contact & DPO

1. Privacy at a glance

We don't sell or rent your data. Ever.
AR camera frames stay on your device. We never upload your room, surroundings, or face.
Voice and vision run on-device using Apple Intelligence and Google ML Kit wherever possible.
Cloud sync is opt-in and end-to-end encrypted with a key only you control.
Delete everything in one tap from Settings → Privacy & data → Delete all memory.

2. Data we collect

2.1 Data you give us

Account basics — display name, optional email (for sign-in / recovery only).
Conversations & notes — the messages, prompts, journal entries, goals, and moods you create in the app.
Photos you choose to attach — only files you explicitly pick from your library.

2.2 Data the app collects automatically

Diagnostic events — anonymized crash reports, performance traces, feature usage counters. No message content.
Device info — model, OS version, locale, app version, coarse region.
Subscription state — entitlement status from RevenueCat (no card data — Apple and Google handle billing).

2.3 Data we do NOT collect

Live camera frames, depth maps, or scene reconstructions.
Raw microphone audio after transcription completes.
Precise GPS location (we use coarse region only, and only when needed).
Contacts, browsing history, advertising identifiers, or cross-app tracking signals.

3. AR & camera usage

EchoSpace uses your device camera through Apple ARKit and Google ARCore to anchor virtual objects (furniture, overlays, spatial UI) into the real world.

All camera frames are processed locally by ARKit/ARCore on your device's secure media pipeline.
No raw images, depth maps, LiDAR meshes, or plane data ever leave your device.
You can revoke camera access at any time from iOS Settings → EchoSpace → Camera, or Android Settings → Apps → EchoSpace → Permissions. The AR features will gracefully disable.
People occlusion uses Apple's on-device segmentation — we don't store or transmit silhouettes.
You can export AR clips (Premium). Exported videos are generated on-device and saved to your Photos library. They are never automatically uploaded.

4. Personal memory storage

"Memory" is what makes Echo feel personal — the things you tell it, your moods over time, your goals, and the patterns it spots. We treat memory with the same care as a private journal.

By default, all memory stays on your device inside an encrypted SQLite store (SQLCipher / iOS Data Protection class NSFileProtectionComplete).
Memory keys are stored in the Apple Keychain / Android Keystore bound to your device biometrics.
If you enable Encrypted Cloud Sync, memory is encrypted on-device with a key derived from your account passphrase before transit. We store only ciphertext. We cannot read it — even with a subpoena.
Free tier retains 7 days of conversational context; Premium retains long-term and photo memory.
You can wipe everything in one tap — see Section 10.

5. AI & on-device processing

EchoSpace combines on-device and cloud AI models. We are transparent about which is which, in line with the EU AI Act (Art. 50) and Apple's App Store AI disclosure rules.

5.1 On-device models

Apple Intelligence Foundation Models, Vision, Speech, SoundAnalysis.
Google ML Kit and Gemini Nano (Android).
Used for: speech-to-text, intent parsing, on-device summarization, vision tasks, mood detection.

5.2 Cloud models

Used only for advanced reasoning, image generation, and long-context conversations.
Requests are sent to our processor (the Rork AI proxy) over TLS 1.3.
Prompts and responses are not used to train third-party models. We disable training/retention on every upstream provider (OpenAI, Anthropic, Google, etc.) via their zero-retention enterprise APIs.
Cloud requests are retained for a maximum of 30 days for abuse detection, then purged.
You can disable cloud AI entirely from Settings — Echo will fall back to on-device-only responses.

5.3 Automated decision-making

EchoSpace does not make legally significant automated decisions about you. AI outputs are suggestions; you remain in control.

6. Health & sensitive data

If you connect Apple Health, EchoSpace reads only the categories you authorize (steps, energy, heart rate, sleep, mindful minutes).
Health data is processed on-device and never written to our servers, in compliance with Apple's HealthKit terms.
You can disconnect at any time from iOS Settings → Health → Data Access & Devices → EchoSpace.
We treat mood logs, voice notes, and journal entries as sensitive personal data under GDPR Art. 9 and apply the same encryption guarantees.

7. Service providers & sub-processors

We use a small set of vetted providers, all bound by Data Processing Agreements:

Apple & Google — app distribution, billing, push notifications, on-device AI.
RevenueCat — subscription state management (no card data).
Supabase — encrypted cloud sync backend (we hold ciphertext only).
Rork AI proxy — routes inference to OpenAI, Anthropic, Google, ElevenLabs under zero-retention agreements.
Sentry — anonymized crash reporting (PII scrubbing enabled).

A current, dated list of sub-processors is available at echospace.app/legal/subprocessors.

8. Subscriptions & in-app purchases

Payments are handled by Apple App Store and Google Play. We never see your payment details. Entitlement status is mirrored via RevenueCat using an anonymous user ID. Free trials and refunds follow the platform's standard terms.

9. Legal bases & retention

Contract (GDPR 6(1)(b)) — to deliver the app you signed up for.
Consent (6(1)(a)) — for camera, microphone, Health, notifications, cloud sync, optional analytics.
Legitimate interest (6(1)(f)) — for fraud prevention, crash diagnostics, security.
Retention — on-device data: until you delete it. Cloud sync ciphertext: until you delete it or your account. Diagnostic logs: 90 days. Abuse logs: 30 days.

10. Your rights & deletion

Wherever you live, you can:

Access — export a full JSON archive from Settings → Privacy & data → Export my data.
Correct — edit or delete any memory entry in-app.
Delete everything — Settings → Privacy & data → Delete all memory wipes on-device storage, cloud ciphertext, and Keychain keys. Irreversible.
Delete your account entirely — email privacy@echospace.app or use the in-app "Delete account" flow. We complete deletions within 30 days.
Object / restrict / portability — exercise via the same email. We respond within 30 days (GDPR) / 45 days (CCPA).
Lodge a complaint with your local data-protection authority (EU/UK) or the California Privacy Protection Agency.

We honor Global Privacy Control (GPC) signals as a valid opt-out of sale/sharing under CCPA — though we don't sell or share data in the first place.

11. Children

EchoSpace is not directed to children under 13 (under 16 in the EEA). We do not knowingly collect data from them. If you believe a child has used EchoSpace, contact us and we will delete the account.

12. Changes

We'll notify you in-app and update the "Last updated" date at the top before any material change takes effect. Continued use after the effective date constitutes acceptance.

13. Contact & DPO

Data controller: EchoSpace, Inc.
Email: privacy@echospace.app
EU Representative (Art. 27 GDPR): available on request.
UK Representative: available on request.