EchoVault Privacy Policy
Effective date: June 27, 2026
Last updated: June 27, 2026
This Privacy Policy describes how EchoVault ("EchoVault," "we," "us," or "our") collects, uses, stores, and shares information when you use:
- the EchoVault website at https://echovault.me and web application at https://app.echovault.me (the Web App), and
- the EchoVault mobile application for iOS (the iOS App).
Together, these are the Services. The Web App and iOS App share the same account system and backend infrastructure. Where a practice applies to only one platform, we say so explicitly.
If you do not agree with this Privacy Policy, please do not use the Services.
1. Who operates EchoVault
EchoVault is operated by EchoVault, the provider of the Services at echovault.me. Our Terms of Service are governed by the laws of the State of Delaware, United States. Corporate registration details, if applicable, are published on our legal site at legal.echovault.me.
For privacy-related questions or requests, contact us at support@echovault.me.
2. Summary of what EchoVault does
EchoVault is a digital legacy platform. While you are alive, you use the Services to record life stories through guided check-in conversations, build a personality model from those stories, and optionally create a cloned voice and video avatar. You may designate Echo Custodians—people you trust—who can interact with your digital echo after your death or prolonged inactivity, subject to your subscription tier and the access rules you configure.
Because of that purpose, EchoVault processes sensitive personal information, including biographical content, voice recordings, facial video, conversational transcripts, and information about your relationships with others.
3. Information we collect
We collect the categories of information below. Not every category applies to every user or every platform.
3.1 Account and profile information
- Email address (required to create an account)
- Password (collected at sign-up; stored by our authentication provider as a salted hash—we do not store your plaintext password)
- Full name
- Phone number (optional; the Web App may collect this during onboarding; the iOS App does not require it in the standard onboarding flow)
- Profile photo (optional)
- Account role flags, such as whether you are an Echo Custodian, whether onboarding is complete, and subscription tier
- Authentication session data, including access tokens used to keep you signed in
- Multi-factor authentication status (whether enabled on your account, if you turn it on)
- Biometric unlock preference (a yes/no setting only; see Section 3.8)
We do not require date of birth during onboarding on either platform.
3.2 Echo Custodian and contact information
When you add people as contacts or Echo Custodians, we collect:
- Contact name
- Contact email address
- Contact phone number (optional)
- Relationship description (for example, family or friend)
- Posthumous access settings, including whether the person is designated as a custodian, access tier (text, voice, or video), and optional usage quotas
- Custodian onboarding and access metadata, including invitation timestamps, secure access tokens used in email deep links, and linkage between a custodian's account and the echo they may access
If you are an Echo Custodian, we also process information about which echo you are authorized to access, your remaining free or paid access period, and your usage of text, voice, and video features.
3.3 Conversational and legacy content
- Check-in and chat messages you send to our AI biographer, and AI responses
- Conversation records, including conversation type (training check-in, posthumous interaction), mode (text, voice, or video), timestamps, and message counts
- Check-in summaries, including transcript text, optional mood scores, topics discussed, session duration, and metadata about memory extraction
- Extracted memories, such as stories, values, beliefs, relationships, emotions, and wisdom statements inferred from your check-ins
- Personality traits and personality model data derived from your conversations
- Vector embeddings generated from memory content to support memory retrieval and AI responses
- Conversation context state, such as topics discussed and emotional tone metadata associated with sessions
This content may include highly personal information about you and about third parties you mention (family members, friends, colleagues, and others). You are responsible for what you choose to share.
3.4 Voice data
- Voice training recordings you create to clone your voice (typically several minutes of prompted speech)
- Live voice call audio captured during push-to-talk or voice-activity-detected conversations, transmitted for speech-to-text processing
- Transcripts produced from voice audio
- Synthetic speech output generated from AI responses using your cloned voice identifier
- Voice model metadata, including training status, provider voice identifier, and quality-related fields stored in our database
Voice training files are uploaded to our object storage. Live voice audio for transcription is sent to our backend and AI processors during the call; we store the resulting transcripts as messages and memories, but we do not maintain a separate long-term archive of raw live-call audio in our application database.
3.5 Video and image data
- Video training recordings you record or select for avatar creation (typically one to five minutes showing your face and speech)
- Profile photos you upload
- Live video conversation streams when you use video avatar features, including camera and microphone input processed through an embedded video conversation interface
- Video avatar metadata, including training status and provider replica identifiers
Training videos are stored in cloud object storage before being sent to our video avatar provider for model creation. Live video sessions are handled by our video infrastructure provider during the call.
3.6 Payment and subscription information
Depending on how you subscribe, we collect and store:
- Subscription tier and status
- Billing period dates
- Plan name and price information recorded from payment events
- Stripe customer and subscription identifiers when you pay through Stripe Checkout (Web App and mobile browser checkout flows)
- Apple App Store transaction identifiers when you purchase or renew through Apple In-App Purchase on iOS, including original transaction IDs used to validate entitlements
- Payment platform indicator (for example, stripe, apple, or google)
We do not receive or store your full payment card number. Payment card data is processed directly by Stripe or Apple.
3.7 Usage, quota, and deceased-protocol data
- Check-in activity timestamps, including date of last check-in
- Voice and video session usage, including session type, duration in minutes, and monthly quota consumption
- Deceased-protocol status, including whether an account has been marked inactive/deceased after prolonged check-in inactivity (currently twelve months under our automated policy), calculated custodian free-access months, access expiration dates, and notification timestamps
- Rate-limit and abuse-prevention counters, keyed by user identifier, and in limited pre-authentication flows by IP address or invite token shape
3.8 Device, app, and local storage data
On the iOS App:
- Push notification token (Expo push token format), if you grant notification permission
- Local device preferences stored on your device, including check-in reminder preferences, notification on/off preference, biometric unlock preference, and custodian session routing state
- Authentication tokens stored in the device secure storage (iOS Keychain via Expo SecureStore)
- Locally scheduled reminder notifications based on your check-in frequency preferences (these run on your device and are not a separate copy of your memories)
Biometric authentication: If you enable Face ID or Touch ID, authentication is performed by your device's operating system. EchoVault stores only whether you opted in to biometric unlock. We do not receive or store your biometric templates.
On the Web App:
- Browser local storage used to persist your authentication session with our authentication provider (Supabase Auth)
- Browser session storage for in-session UI state (for example, active dashboard view, draft chat input, post-login redirect targets, and video-session timing helpers)
- Browser local storage for longer-lived client preferences (for example, whether you dismissed the PWA install prompt, custodian session context, and owner/custodian role preference)
- Progressive Web App (PWA) cache, if you install the Web App, which may store static assets on your device for offline use
- Standard web hosting logs from our hosting provider (Vercel), including IP address, browser user agent, request timestamps, and requested URLs—used for security, debugging, and service operation, not for product analytics
The Web App does not use marketing pixels, third-party advertising cookies, or error-monitoring services such as Sentry.
3.9 Product analytics (iOS App only)
The Web App does not use PostHog, Google Analytics, or similar product analytics SDKs.
The iOS App uses product analytics when a PostHog project key is configured in the app build. When enabled, we collect:
- Pseudonymous analytics identifier linked to your authenticated user ID after sign-in
- Email address, subscription tier, custodian status, and onboarding status sent as profile properties on identification
- Product event data, including sign-up, sign-in, sign-out, onboarding step completion, check-in messages sent (event only—not message text in our analytics helper), voice/video training and call start/end events, contact additions, paywall views, and purchase start/complete/fail events with product identifiers
- Screen view data, including route paths and navigation parameters captured by our screen tracker
- App lifecycle events captured by the analytics SDK
The analytics SDK may also collect device and app environment information automatically (such as app version, device type, operating system, and locale) as part of standard SDK behavior. Analytics is disabled when no PostHog key is present in the build environment (for example, some local development builds). PostHog data is typically processed in the United States when using PostHog's default cloud host.
We do not use the analytics SDK for advertising, cross-app tracking, or sale of personal information.
3.10 Information from third parties
- Payment confirmations from Stripe webhooks and Apple App Store Server Notifications
- Training completion callbacks from voice and video model providers when clone training finishes
- Email delivery events from our transactional email provider (at the metadata level needed to send messages)
4. How we collect information
| Collection method | Examples |
|---|---|
| Information you provide directly | Account registration, profile setup, check-in chat, adding custodians, uploading voice/video training media, profile photo uploads, subscription choices, support emails |
| Automatic collection during service use | Session authentication, conversation logging, memory extraction, quota metering, inactivity detection cron jobs, server-side rate limiting |
| Device permissions you grant (iOS App) | Microphone (voice training and calls), camera and microphone (video training and live video calls), photo library (profile photo and training video selection), notifications (reminders and custodian access alerts), Face ID/Touch ID (optional app unlock) |
| Third-party SDKs and infrastructure (iOS App) | Product analytics SDK (when enabled), push notification services, Apple In-App Purchase, secure storage, embedded WebView for video avatar sessions |
| Third-party payment flows | Stripe Checkout opened in a browser session; Apple App Store billing handled by Apple |
| Email and deep links | Custodian invitation and access emails containing secure tokens and links to echovault.me or the mobile app |
5. How we use information
We use personal information for the following purposes:
5.1 Providing the Services
- Creating and managing your account
- Authenticating you and maintaining your session
- Running AI-guided check-in conversations and storing your responses
- Extracting memories and personality traits from your check-ins
- Training and operating your voice clone and video avatar
- Enabling text, voice, and video conversations with your echo (for you and authorized custodians)
- Managing Echo Custodian invitations, onboarding, and access tiers
- Enforcing usage quotas and subscription entitlements
5.2 AI and automated processing
EchoVault relies heavily on automated processing, including:
- Large language model processing to conduct biographer interviews, generate echo responses, and extract structured memories and traits
- Speech-to-text processing to transcribe voice recordings during live voice interactions (via our AI language model provider)
- Text-to-speech processing to speak echo responses in a cloned voice
- Embedding generation to index memories for retrieval in some AI flows
- Automated inactivity detection that may mark an account as deceased after twelve consecutive months without a check-in when custodians are designated, triggering custodian access workflows
AI outputs may be imperfect. You should not treat echo responses as factual records or legal documents.
5.3 Payments and account administration
- Processing subscriptions and one-time purchases
- Recording billing history and entitlement state
- Sending transactional emails related to subscriptions and custodian access
5.4 Communications
- Sending custodian invitation, activation, access-expiring, and access-renewed emails
- Sending subscription and purchase confirmation emails
- Delivering push notifications for check-in reminders (local and remote) and custodian access expiry alerts on supported devices
5.5 Security, integrity, and improvement
- Preventing abuse, fraud, and excessive automated API usage through rate limits
- Debugging, auditing, and protecting the Services
- Product analytics on the iOS App (when enabled) to understand feature usage and improve the app
We use your conversational content and biometric media only to provide the Services you request—for example, generating a response, transcription, voice clone, or video avatar during your session. Under our agreements with AI, voice, and video providers, customer content submitted through our integrations is processed to deliver those services and is not used to train general-purpose foundation models for unrelated products.
We do not use your information for third-party advertising.
6. Third-party service providers
We use service providers to operate EchoVault. These providers process data on our behalf under contractual obligations. We describe them by category rather than by vendor product name:
| Category | Role | Typical data processed |
|---|---|---|
| Authentication and database provider (Supabase) | Account auth, PostgreSQL database, row-level security, serverless backend functions, audio/image object storage | Account data, profiles, conversations, memories, billing metadata, storage files |
| Web hosting provider (Vercel) | Hosts the public website and Web App frontend | IP address, browser data, request logs |
| AI language model provider (Google Gemini API) | Check-in chat, echo chat, memory extraction, speech-to-text for voice calls, embedding generation | Message text, memories, traits, audio submitted for transcription |
| AI voice processing provider (ElevenLabs) | Professional voice cloning and streaming text-to-speech for echo voice | Voice training audio, transcripts, response text, voice model identifiers |
| Video infrastructure provider (Tavus) | Video avatar training and live conversational video (CVI) sessions | Training video, facial/likeness data, conversation context supplied for the session |
| Cloud object storage provider (Cloudflare R2) | Stores large voice and video training files | Voice and video files and related metadata |
| Payment processor (Stripe) | Stripe Checkout, webhooks, subscription lifecycle | Email, Stripe customer/subscription IDs, plan and billing period metadata |
| Mobile app store platform (Apple) | iOS distribution and In-App Purchase billing | Purchase receipts, transaction IDs, subscription status (handled under Apple's policies) |
| Transactional email provider (Resend) | Custodian and subscription emails | Recipient name and email, access links with tokens, echo owner display name |
| Push notification delivery service (Expo) | Delivers remote push notifications to iOS devices | Expo push token and notification payload |
| Product analytics provider (PostHog; iOS App only, when enabled) | Event and screen analytics | User ID, email (as a profile property), event properties described in Section 3.9 |
| Mobile build infrastructure (Expo Application Services) | iOS app compilation and distribution | Device/app metadata as part of standard build and release operations |
We may add or change providers as the Services evolve. We will update this policy when material changes occur.
7. How we share information
We do not sell your personal information.
We share information only in these circumstances:
- With service providers listed in Section 6, solely to operate the Services
- With Echo Custodians you designate, who receive access to your echo (text, and optionally voice/video depending on tier) according to your settings and our deceased-protocol rules
- With contacts you add, to the extent needed to send custodian invitation or access emails to their email address
- For legal and safety reasons, if we believe disclosure is required by law, regulation, legal process, or to protect the rights, property, or safety of EchoVault, our users, or others
- In connection with a business transaction, such as a merger, acquisition, or asset sale, subject to continuing protections consistent with this policy
- With your direction or consent
Custodian invitation emails and deep links contain secure access tokens. Treat those links as confidential.
8. Data retention and deletion
8.1 Active accounts
We retain your information for as long as your account is active and as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements.
Specific retention rules:
- Conversations, memories, traits, and personality models are retained to power your echo and custodian access for as long as your account exists and the feature remains enabled
- Voice and video clone assets remain associated with your account while your subscription entitlements allow them; our subscription emails state that avatar assets are not deleted merely because a subscription is canceled, though feature access may change
- Billing records are retained as required for accounting, tax, and fraud prevention
- Rate-limit telemetry uses rolling time windows; older counter rows may be purged periodically
8.2 Deceased-protocol and custodian access period
If your account is marked inactive/deceased under our automated policy, we retain your echo data to provide custodians the access you configured, for the free or paid access period calculated from your subscription history and custodian subscriptions. When that access period ends, custodian access is revoked. Your echo content remains stored under your account until you or your estate deletes the account or we remove it under this policy, applicable law, or a valid legal request—except where a shorter retention period is required by law.
8.3 Account deletion
You may request deletion of your EchoVault account and the personal information associated with it.
- iOS App: delete your account from profile settings (with confirmation).
- Web App and all users: you may also email support@echovault.me from the address associated with your account to request deletion or export assistance.
When you confirm deletion (in-app or by verified request), we process deletion of your account and associated data in our systems, including your profile, conversations, memories, personality data, training media on our infrastructure, and linked provider identifiers where our deletion workflows reach those systems.
You may export a copy of key personal data (profile, memories, personality traits, and check-ins) as JSON from the iOS App's data management screens before deleting. Web App users may request an export by contacting support@echovault.me.
Removal timeline: Deletion begins promptly after confirmation. Most data is removed from active systems within a few days. Some information may take up to ten (10) days to be fully removed from all systems, including encrypted backups, infrastructure logs, payment-processor records we do not control directly, and third-party AI, voice, and video processing systems.
Some information may be retained where required for legal, tax, fraud-prevention, or dispute-resolution purposes, even after account deletion.
8.4 Backups and logs
Database backups and infrastructure logs may retain deleted information for a limited retention window (generally up to ten days) before automatic purge.
9. Your privacy rights and choices
Depending on where you live, you may have rights to:
- Access the personal information we hold about you
- Correct inaccurate profile information through account settings (or by contacting us on the Web App)
- Delete your account and associated data, subject to Section 8
- Export your data in a portable JSON format (available in the iOS App, or on request via email)
- Withdraw consent where processing is consent-based (for example, disable push notifications or biometric unlock in settings)
- Opt out of product analytics on iOS by contacting support@echovault.me (analytics is used only in production app builds where enabled)
To exercise rights, email support@echovault.me from the address associated with your account. We may need to verify your identity before fulfilling a request.
California residents (CCPA/CPRA)
In the preceding twelve months, EchoVault has collected the categories of personal information described in Section 3 for the business purposes in Section 5. We do not sell personal information. We do not share personal information for cross-context behavioral advertising.
You have the right to know, delete, correct, and obtain a portable copy of certain personal information, and to not be discriminated against for exercising these rights.
EEA/UK residents (GDPR)
Where GDPR applies, our lawful bases include contract (providing the Services you request), legitimate interests (security, abuse prevention, product improvement via analytics on iOS), and consent where required (for example, optional notifications or biometric unlock). You may also have the right to restrict or object to certain processing and to lodge a complaint with your supervisory authority.
EchoVault is based in the United States. When we transfer personal information internationally, we rely on appropriate safeguards such as standard contractual clauses offered by our subprocessors where applicable. Contact support@echovault.me if you have questions about international transfers.
10. Data security
We implement technical and organizational measures designed to protect personal information, including:
- Encrypted transport (HTTPS/TLS) for client-server communication
- Authentication tokens stored in secure device storage on iOS rather than ordinary app storage
- Server-side API keys for AI, voice, video, and payment providers—never embedded in client apps
- Row-level security policies on database tables so users access only their authorized rows
- JWT-based authentication with server-side verification on paid and AI endpoints
- Rate limiting and input size caps on expensive AI, voice, and video endpoints to reduce abuse
- Minimal sensitive logging on AI endpoints (message content is not logged in production hardening passes)
- Rotating custodian access tokens in deceased activation flows
No method of transmission or storage is completely secure. You are responsible for maintaining the confidentiality of your password and custodian invitation links.
11. International data transfers
EchoVault is operated from the United States. Our service providers may process data in the United States and other countries. Primary infrastructure includes Supabase (database, auth, and application storage), Vercel (Web App hosting), and Cloudflare R2 (large media files), along with US-based AI, voice, video, payment, email, and (on iOS) analytics providers described in Section 6.
If you access the Services from outside the United States, you understand that your information may be transferred to and processed in countries that may not provide the same level of data protection as your home jurisdiction. Where required, we use contractual safeguards offered by our providers for cross-border transfers.
12. Children's privacy
EchoVault is not directed to anyone under 18, and we do not knowingly collect personal information from anyone under 18. The Services concern adult life storytelling, legacy planning, and posthumous communication. This aligns with our Terms of Service, which require users to be at least 18 years old.
If you are under 18, do not use EchoVault. If you believe someone under 18 has provided us personal information, contact support@echovault.me and we will take steps to delete such information.
13. Platform-specific differences
| Topic | Web App (echovault.me / app.echovault.me) | iOS App |
|---|---|---|
| Product analytics | Not used | PostHog when configured in the production build |
| Payments | Stripe Checkout in browser | Apple In-App Purchase for subscriptions and avatar bundle; Stripe Checkout in in-app browser for some custodian plans |
| Push notifications | Not applicable | Optional; uses Expo push token stored on profile |
| Biometric unlock | Not applicable | Optional Face ID / Touch ID gate on app resume |
| Local reminders | Not applicable | Scheduled locally from check-in preferences |
| Account deletion | Request via support@echovault.me | In-app profile settings, or email support |
| Data export (JSON) | Request via support@echovault.me | In-app data management screens |
| Video/voice permissions | Browser permission prompts | iOS permission prompts for microphone, camera, photos |
Both platforms use the same shared backend for accounts, memories, voice/video cloning, custodian access, and AI processing.
14. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top and, where required by law, provide additional notice (such as in-app notification or email).
Your continued use of the Services after an update constitutes acceptance of the revised policy, except where further consent is required by law.
15. Contact us
Privacy and data requests: support@echovault.me
Privacy policy: https://legal.echovault.me/privacy
Terms of Service: https://legal.echovault.me/terms
Product website: https://echovault.me
For App Store subscription management, you may also use Apple's account settings. For Stripe billing history, use the billing portal linked from your account or contact us.