Last updated: 21 July 2025
Echo Aligned (“we”, “our”, “us”) is operated as a sole-proprietor business subject to the small-business exemption. We are committed to safeguarding your personal information.
This Policy explains how we collect, use, disclose, and protect data when you visit www.echoaligned.com or use any related application, API, or service (collectively, the “Platform”).
See the table below for purpose, legal basis, and typical data.
| Purpose | Legal basis (GDPR) | Typical data |
|---|---|---|
| Account creation & login | Contract performance | Email, hashed password, Clerk user ID |
| Influencer-vetting features | Contract performance | Search criteria, vetting requests, results |
| Payments & subscriptions | Contract performance | Stripe customer ID, plan details, last 4 card digits (never full card number) |
| Support enquiries | Legitimate interest | Name, email, message (FormCarry) |
| Security & fraud prevention | Legitimate interest | IP address, device/browser data, activity logs |
| Ad-conversion measurement | Legitimate interest | Pseudonymous Google conversion IDs, ad-click metadata |
| Legal compliance (tax, accounting) | Legal obligation | Invoices, transaction metadata |
We never sell or rent your personal data, and we collect only what is necessary.
Our sub-processors and retention periods are listed below.
| Sub-processor | Data stored | Retention & deletion |
|---|---|---|
| Clerk (identity & auth) | Credentials, profile, session tokens (never full password) | Erased within 30 days of account deletion |
| Firebase (database) | Vetting requests, results, logs | Removed when you delete the request or your account |
| Stripe (payments) | Payment tokens, invoices, subscription status | 10 years (tax & accounting) |
| FormCarry (support forms) | Name, email, message content | Deleted within 30 days after ticket resolution |
| Google Ads (conversion tracking) | Pseudonymous conversion IDs, ad-click info, timestamp, browser/device metadata | Conversion cookie ~90 days; logs per Google Ads Data Processing Terms |
All providers have Data-Processing Agreements with us and rely on EU Standard Contractual Clauses (SCCs) for cross-border transfers where required.
• Essential cookies – session tokens (Clerk) and CSRF protection. • Conversion-tracking cookie – _gcl_* from Google Ads, set only after a successful purchase to measure campaign effectiveness. • No analytics or behavioural-advertising cookies beyond the above.
We share data only with: 1) the sub-processors in Section 4; 2) authorities or courts when legally compelled; 3) a successor entity if we undergo a merger or acquisition (you will be notified in advance and may delete your data).
Data may be processed in the EU, and the United States. Transfers use Standard Contractual Clauses or equivalent safeguards.
• End-to-end TLS (HTTPS) and HSTS. • AES-256 encryption at rest in Clerk, Firebase, and Stripe. • Role-based access and audit logging. • Continuous vulnerability scanning and annual third-party penetration tests. While we apply industry-standard safeguards, no system is perfectly secure; you use the Platform at your own risk.
If you are in the EEA, UK, or a similar jurisdiction, you may: • Access, correct, erase, or port your data. • Restrict or object to certain processing. • Withdraw consent where we rely on it. • Complain to a supervisory authority. Email support@echoaligned.com to exercise any right. We respond within 30 days.
The Platform is not directed to anyone under 16. If you believe a minor has provided personal data, contact us so we can delete it.
Data-Protection Lead: N/A – small-business exemption Email: support@echoaligned.com Postal address: Not applicable – operating online-only
We may revise this Policy from time to time. Material changes will be announced by email or in-app at least 14 days before they take effect. Use of the Platform after that date constitutes acceptance.
If we later add privacy-respecting analytics (e.g., Plausible) or other third-party tools, we will update Section 4 before they go live.
Loading...
Loading authentication...