1. Information we collect
When you use EchoFrame, we may collect:
- Account & contact information: name, email address, and (if you opt in to SMS) phone number.
- Uploaded photos: images you submit to be combined with your recorded message.
- Uploaded audio & voice recordings: recordings you submit, including any "Your Voice, As Recorded" or "Your Voice, Enhanced" submissions.
- Written messages & scripts: text you write or dictate as part of your order.
- QR memory pages: the playback page generated to host your finished memory.
- Payment information: billing details are entered directly into our payment processor (Stripe). We do not see or store full card numbers.
- Communications: support messages and email correspondence with us.
- Technical data: device, browser, approximate location, and basic analytics events used to operate and improve the site.
2. How we use your information
- To create and deliver your EchoFrame keepsake.
- To send transactional updates about your order (email and, if you opted in, SMS).
- To respond to support requests.
- To detect fraud and abuse and to comply with the law.
- To improve our products and user experience.
We do not sell your personal information, and we do not use your photos, recordings, or messages to train AI models.
3. Cookies & analytics
We use a small number of essential cookies (for example, to keep your order draft attached to your session) and privacy-respecting analytics to understand which pages and features are useful. We do not run third-party advertising trackers.
4. Third-party service providers
To run EchoFrame we rely on a small number of trusted service providers. Each only receives the data needed to perform their function:
- Stripe — payment processing, tax calculation, and promo-code validation. Billing details go directly to Stripe.
- Supabase — database, file storage, and authentication infrastructure that hosts your order, photos, and audio.
- ElevenLabs — used only for our preset narrator voices and the optional "Your Voice, Enhanced" cleanup pass. We do not use ElevenLabs to clone or imitate any customer voice.
- Resend — sends transactional emails (order confirmations, production updates, delivery notifications).
- Twilio / n8n — sends transactional SMS to customers who explicitly opt in at checkout.
- Google — optional Google Authentication for signing in to your account or the admin panel.
5. Voice recordings & the "no cloning" promise
EchoFrame does not clone, recreate, or imitate voices. When you choose "Your Voice, As Recorded," your audio is delivered exactly as you submitted it. "Your Voice, Enhanced" applies only noise reduction and clarity improvements to your own recording and never generates new speech. Preset narrator voices are licensed from ElevenLabs.
6. SMS messaging
EchoFrame only sends transactional SMS to customers who explicitly opt in at checkout. Examples include order confirmations, production updates, delivery notifications, and support follow-ups. We do not send marketing SMS.
- Reply STOP to any message to opt out.
- Reply HELP for help.
- Message frequency varies. Message & data rates may apply.
- Mobile carriers are not liable for delayed or undelivered messages.
- SMS consent is never a condition of purchase. Email-only delivery is always available.
Full details, including how phone numbers are stored and how to revoke consent, are in our SMS Messaging Policy.
7. Data retention
We retain customer photos, audio, scripts, and the resulting QR memory page for as long as your keepsake remains active so the QR code keeps working. Order and billing records are retained for as long as required for tax, accounting, and fraud-prevention purposes. You may request earlier deletion of your personal content at any time (see Your Rights below).
8. Security
All traffic to EchoFrame is served over HTTPS. Customer files are stored in access-controlled cloud storage with row-level security on our database. Payment data is handled directly by Stripe; we never see or store full card numbers. We use the principle of least privilege for staff access and review access logs for sensitive actions.
9. Your rights (GDPR, UK GDPR & CCPA / CPRA)
Regardless of where you live, you may request to:
- Access a copy of the personal data we hold about you.
- Correct inaccurate information.
- Delete your account and personal content.
- Export your data in a portable format.
- Opt out of any non-essential processing.
For EU / UK residents (GDPR / UK GDPR): our lawful bases for processing are (a) performance of a contract (fulfilling your order), (b) your consent (e.g. SMS opt-in), and (c) legitimate interests (operating and securing the service). You have the right to lodge a complaint with your local data-protection authority.
For California residents (CCPA / CPRA): we do not sell or share personal information for cross-context behavioral advertising. You may request to know, delete, or correct the information we hold, and you will not be discriminated against for exercising these rights.
To exercise any of these rights, email privacy@echo-frame.ai. We respond within 30 days.
10. Children
EchoFrame is not directed to children under 13, and we do not knowingly collect personal information from them.
11. Changes to this policy
We may update this Privacy Policy. Material changes will be posted to this page with a new "Last updated" date.
12. Contact
EchoFrame.ai · Privacy requests: privacy@echo-frame.ai · General support: support@echo-frame.ai