echic.ai← Back
Legal

Privacy Policy

Last updated: May 2026

1. Information we collect

We collect information you provide directly when you create an account, connect a social platform, or configure your brand voice. This includes your email address, brand settings, and content you generate or publish through echoic.ai.

We also collect usage data automatically — such as pages visited, features used, and publishing activity — to operate and improve the service.

2. How we use your information

We use your information to:

  • Provide and operate the echoic.ai service
  • Generate content conditioned on your brand voice spec
  • Publish to connected social platforms on your behalf
  • Send transactional emails (account, publishing status)
  • Improve and develop new features

We do not sell your data or use your brand voice spec to train shared AI models.

3. Third-party services and connected platforms

echoic.ai connects to Instagram, Facebook, LinkedIn, X (Twitter), and TikTok through their official OAuth APIs. We store only the access tokens required to publish on your behalf. You can revoke access at any time from your platform settings or directly through each platform.

TikTok

When publishing to TikTok, we collect and store per-post settings required by TikTok's API, including: video title, hashtags, privacy level (e.g. Public, Friends, Private), interaction preferences (comments, duets, stitches), commercial disclosure selections (whether the post promotes your own brand or paid/branded content), and a timestamped record of your in-app consent before each upload. This data is stored on our servers and transmitted to TikTok at the time of publish. We also temporarily retrieve your TikTok creator profile — including nickname, username, avatar, and account capability settings — to correctly configure publish options. This information is not stored beyond what is required to complete the publish.

Meta (Instagram and Facebook)

When publishing to Instagram or Facebook, we use your connected OAuth token to post on your behalf. We display an explicit confirmation step before any post is sent. No additional consent fields beyond your platform authorization are stored by echoic.ai for Meta publishes.

LinkedIn and X (Twitter)

When publishing to LinkedIn or X, we use your connected OAuth token to post on your behalf. We display an explicit confirmation step before any post is sent. No additional consent fields are stored by echoic.ai for these platforms beyond your platform authorization.

Scheduled posts

When you schedule a post for a future date and time, the post content and any associated platform settings are stored on our servers until the scheduled dispatch time. At that point they are transmitted to the relevant platform and the stored settings are no longer needed for active use.

Meta Brand Connect

If you choose Meta Brand Connect, echoic.ai imports selected Facebook Page captions and images only after you explicitly start the reference import. We use those selected posts to improve your brand voice and visual references; we do not continuously sync your Page history.

AI and infrastructure providers

We use Supabase for authentication, database, and asset storage. We use Google, OpenAI, and Anthropic APIs for AI generation and evaluation features. Content you generate is transmitted only as needed to provide those features and is not used to train shared models under standard API terms.

4. Data retention

We retain your data for as long as your account is active. If you delete your account, your data is removed within 30 days, except where required by law or for fraud prevention.

5. Your rights

You may request access to, correction of, or deletion of your personal data at any time by writing to us at [email protected]Copied.

6. Changes to this policy

We may update this policy from time to time. When we do, we will update the date at the top and notify you by email if the changes are material.

7. Contact

Questions about this policy? Write to us at [email protected]Copied.