Privacy Policy

Your privacy matters. This policy explains what we collect, why we collect it, how we use and share it, and the choices you have. It applies to (a) Alpha Chat users, (b) Advertisers using our ad tools, and (c) visitors to our websites.

Key definitions

• Alpha Chat: our chat product that streams model responses and dynamically inserts ads.
• Advertiser: a business using Echo’s tools to upload creatives, set budgets, and measure performance.
• Personal information: any information that identifies or can be reasonably linked to an individual or household.
• Cross-context behavioral advertising (CPRA): ads targeted based on activity across businesses, sites, apps, or services.

Information we collect

A. From Alpha Chat users

• Account & identity: name, email, username, password; payout info if you participate in rebates (e.g., payment account details and, where required by law, tax information).
• Chat content & metadata: messages you send to the model; timestamps; token-level streaming and latency metrics; language; session IDs.
• Ad interaction signals: when an ad is rendered, viewed, scrolled into view, expanded, clicked, dismissed, or converted; basic device and session context for measurement (e.g., user agent, approximate location based on IP, page referrer).
• Device & usage: IP address, device type, OS/browser, crash logs, performance metrics, cookie IDs or similar.
• Trust & safety features: signals we compute to prevent fraud and abuse (e.g., anomalous click/scroll patterns, repeated invalid conversions, duplicate accounts).
• Support communications: messages you send us (email, forms).

B. From Advertisers

• Account & business info: company name, contact info, billing contacts, legal representative, tax/VAT IDs where applicable.
• Campaign data: creatives, titles, product URLs, categories, budgets, bids, targeting parameters, webhooks you configure, conversion signals.
• Payment info: invoicing details, payment method tokens (processed by our payment provider), transaction history.
• Platform usage: login history, role/permissions, API keys, audit logs.

C. From all visitors

• Cookies & similar tech: to keep you logged in, prevent abuse, remember preferences, measure performance, and—if you opt in—help us tailor or measure ads. See Cookies & Tracking below.

D. From third parties

• Affiliate networks & merchants: basic conversion data when you click an affiliate link and complete an action (e.g., an order ID, amount, timestamp)—we do not receive your full payment card details from merchants.
• Service providers: analytics, error reporting, hosting, payments, email delivery.
• Compliance & KYC (when required for payouts): limited identity or sanctions-screening information from verification providers.

How we use information

• Provide and improve Alpha Chat: route and render chat, insert and stream ads, maintain performance, debug, and enhance features.
• Ads selection & measurement: infer broad intent from on-page context and your chat session to select relevant ads; measure impressions, viewability, clicks, and downstream conversions; attribute revenue (including affiliate commissions).
• Rebates & payouts: calculate rebate eligibility and amounts; process payments; meet tax and accounting obligations.
• Trust, safety, and anti-fraud: detect invalid traffic and abuse; compute a trust score that may affect rebates or account standing; take action on suspected fraud (e.g., hold or deny payouts, suspend accounts). You can appeal actions—see Your Choices & Rights.
• Communications: send transactional messages (receipts, policy updates, security alerts) and, if you opt in, product updates or surveys.
• Legal compliance: comply with law, enforce terms, and protect Echo, our users, advertisers, and the public.
• Research & product development: analyze de-identified or aggregated usage to improve ranking, relevance, and safety systems.

Legal bases (EEA/UK only)

We rely on: Contract (to provide the service), Legitimate interests (security, product improvement, measurement with safeguards), Consent (cookies/marketing where required), and Legal obligation (tax/records).

When we share information

We do not sell your personal information. We may share (as defined by CPRA) limited identifiers and usage/ad interaction data for cross-context behavioral advertising where permitted and subject to your choices.

• Service providers / processors: hosting, analytics, payments, email, customer support, security. Bound by contract to use data only for us.
• Affiliate networks & merchants: to attribute conversions when you follow an affiliate link.
• Ad & measurement partners: to serve, measure, and prevent fraud in ads (e.g., impression/click metadata, coarse location, device info). We do not provide your chat transcripts to advertisers. If you submit info inside an advertiser’s form or site, that is governed by their policy.
• Partners/Publishers (if you use Echo via a partner LLM product): we may exchange technical and measurement data needed to operate the experience.
• Corporate transactions: business transfer, merger, acquisition.
• Legal & safety: to comply with law or protect rights, safety, and security.

Cookies & tracking

We use:

• Strictly necessary (login, security, load balancing),
• Functional (preferences),
• Analytics (performance, crash, usage),
• Advertising/measurement (ad selection, frequency capping, conversion attribution).

Manage preferences at Cookie Settings and opt-out of cross-context behavioral advertising at Do Not Sell or Share My Personal Information (CPRA).

Data retention

• Chat content: typically up to 18 months to support product improvement, abuse investigations, and user features (e.g., history), unless you delete it.
• Ad & measurement logs: typically up to 24 months for reporting, fraud audits, and accounting.
• Rebates, payouts, and tax records: up to 7 years or as required by law.
• Account data: for the life of your account and a reasonable period after closure for audit, dispute resolution, and legal obligations. We may retain de-identified or aggregated data longer.

Security

We use industry-standard safeguards: encryption in transit and at rest, role-based access controls, key management, logging and monitoring, vulnerability management, and least-privilege practices. No system is 100% secure; we will notify you of significant breaches as required by law.

Your choices & rights

• Access, correct, delete: request a copy, correction, or deletion of your data.
• Opt-out of cross-context behavioral ads: use Do Not Sell or Share….
• Marketing preferences: unsubscribe from non-transactional emails.
• Cookie controls: adjust via Cookie Settings or your browser.
• Model training & analytics: where required, you may opt out of your chat content being used to improve our models (we may still process it to provide the service and for safety/fraud).
• Appeal automated decisions (EEA/UK and where applicable): if our automated systems (e.g., trust score) adversely affect you (such as denying a rebate), you can request human review and explain your case.

To exercise rights, use Data Request Form or email privacy@echollm.io. We may verify your request (and your agent’s authority, if applicable).

California privacy notice (CPRA)

• Categories collected: identifiers; internet/activity data; commercial data (conversions); geolocation (coarse); inferences for fraud prevention.
• Sensitive personal information: generally not collected; if we must process tax or identity information for payouts, we use it only for that purpose.
• We do not sell personal information. We may share limited identifiers/activity data for cross-context behavioral advertising unless you opt out.
• Rights: know, delete, correct, portability, opt-out of sale/share, limit use of sensitive data (if collected), non-discrimination.

Children’s privacy

Alpha Chat and our ad tools are not directed to children under 13 (or under 16 in certain jurisdictions). We do not knowingly collect personal information from children.

International data transfers

We are U.S.-based. If we transfer personal information internationally, we use appropriate safeguards (e.g., Standard Contractual Clauses) and maintain supplementary measures where required.

Advertiser-specific disclosures

• Controller/Processor roles: Echo is a controller for data we collect via our services. For advertiser-provided data used solely to run their campaigns (e.g., creatives, targeting, webhooks), Echo acts as a processor under a Data Processing Addendum (DPA) upon request.
• Measurement & fraud: we compute quality and trust signals to protect the ecosystem; we share aggregated performance reports with advertisers. We do not share users’ chat transcripts.
• Third-party tags & webhooks: if you place tags or send us conversion webhooks, you’re responsible for providing required notices and obtaining any necessary consents from your users.

Alpha Chat-specific disclosures

• Dynamic ad insertion: ads are selected using on-page context and session signals; insertion is designed to be helpful and minimally disruptive.
• Affiliate links: some ads are affiliate links. Echo may earn a commission if you make a purchase. Conversion data is shared with the affiliate network/merchant to attribute the transaction; we don’t receive your full payment details from the merchant.
• Limits on advertiser access: advertisers receive aggregated or de-identified reports; they do not receive your chat content or personal identity from Echo unless you provide it directly to them.

Changes to this policy

We may update this policy from time to time. We’ll post the new version with a new “Last updated” date and, if changes are material, provide additional notice (e.g., email or in-product).

Contact

Questions or requests: privacy@echollm.io
If we cannot resolve your concern, you may have the right to contact your local data protection authority.