Privacy Policy

When you register, we collect your chosen voice name and a password (stored as a bcrypt hash — we never see your actual password). We do not require your real name, email address, phone number, or date of birth. We generate an internal pseudonymous identifier for your account.

When you publish a broadcast, your audio recording is uploaded and stored on Supabase Storage. Your audio is processed by OpenAI Whisper to generate a transcript for content moderation. The transcript is stored alongside your broadcast.

If you participate in the Voice Game, we collect and store the following additional data:

• Transcripts of your voice responses to each game question
• A record of personalised follow-up questions generated for you and when you answered them
• Timestamps of when each question was answered
• A freedom verdict record if you reach that stage of your journey, and your confirmation or rejection of it

Voice Game responses are published as public voice broadcasts under your voice name. They are visible to all users of Ekcho. Your real identity is never attached to them.

Your responses are processed by OpenAI Whisper for transcription and by Anthropic Claude for generating your personalised questions. Neither OpenAI nor Anthropic use data sent via their APIs to train their AI models under their standard API terms. We do not sell your data. We do not use your data to train any AI models.

If you delete a Voice Game broadcast, it is removed from the feed and from public access. Your underlying response to that question is retained so your journey can continue. If you delete your account, all Voice Game data including responses and freedom verdict records are deleted within 30 days.

Before your voice is recorded, Ekcho applies a real-time audio processing chain in your browser (highpass filter, tonal adjustment, subtle harmonic modification). This is designed to make your voice harder to identify — preserving your pseudonymity. This processing happens entirely on your device and the processed audio (not your raw voice) is what is uploaded and stored.

If you enable push notifications, your browser generates a push subscription token which is stored on our servers (Supabase). This token is used only to deliver notifications from Ekcho to your device. You can revoke this at any time in Settings → Notifications or in your browser/device settings. We do not share notification tokens with third parties.

Journal entries are private voice recordings stored in your account. They are never shared or processed for moderation unless you choose to publish them as a broadcast. If you generate a share link, the audio becomes temporarily accessible to anyone with the link for up to 7 days. Journal entries and their audio files are permanently deleted when you delete your account.

When you join a listener room, your presence is recorded temporarily for the duration of the room. Neighbourhood membership is stored persistently. Your last active time and currently listening broadcast are stored so neighbours can see your presence. You can control visibility at any time.

We record which broadcasts you have listened to, your playback position, and completion status. This powers session memory and completion statistics. This data is associated with your pseudonymous account, not your real identity.

Messages between users are stored in our database and accessible only to the participants. We do not read private messages except as required for moderation investigations following a report.

We collect IP addresses (for rate limiting and security), browser type, device type, and access logs. These are stored for up to 90 days for security purposes only.

Content moderation scores (from OpenAI Moderation API) are stored alongside broadcasts. If a broadcast is flagged or removed, we retain the moderation record for 2 years.

We use Google Analytics 4 with IP anonymisation, subject to your cookie consent. Analytics data is aggregated and not linked to your identity.