Privacy Policy

EchoWriting is operated by EchoWriting, Inc., based in Brisbane, Queensland, Australia. For the purposes of the EU/UK General Data Protection Regulation, we are the controller of the personal data described in this policy.

Privacy questions or requests: [email protected].

We collect only what we need to run the Service:

• Account data. When you sign in with Google we receive your name, email address, and your Google account identifier. We store these so we can identify you across sessions.
• Billing data. When you subscribe, Stripe collects your payment details. We never see your full card number. We store the Stripe customer ID, subscription state, and billing-cycle metadata returned to us by Stripe.
• Your content. Text you submit for rewrite, the rewritten output we return, the presets you build (including any writing samples and briefs you provide), and any knowledge documents you upload.
• Technical data. IP address, user-agent string, request timestamps, and similar log data. We use this to keep the Service running, enforce rate limits, investigate abuse, and debug.
• Anonymous public tool. When you use the public rewrite tool without an account, we still process the text you submit and a coarse browser fingerprint to enforce per-device rate limits and prevent abuse.

• To provide the rewrite service you asked for.
• To create and manage your account, presets, and history.
• To bill you, manage your subscription, and send transactional email (e.g. preset-ready notifications).
• To secure the Service, detect and prevent abuse, and enforce our Terms.
• To improve EchoWriting over time, including using your content to train and refine our models. If you do not want your content used this way, you can request deletion of your data (see Section 8) and stop using the Service.
• To meet legal, tax, and accounting obligations.

If you are in the EU or the UK, we process your personal data on the following bases:

• Contract. To deliver the Service you signed up for.
• Legitimate interests. To secure the Service, prevent abuse, and improve our models. We balance these against your rights and you can object at any time.
• Consent. Where required by law - for example, if we add optional analytics or marketing cookies in future, we will ask first.
• Legal obligation. Where the law requires us to keep records or respond to lawful requests.

We share your data with vendors who help us operate the Service. We pick vendors that offer contractual data-protection terms appropriate to the data they handle, and we use them only for the purposes listed:

• Google - sign-in (OAuth).
• Stripe - payments and subscription management.
• Vercel - frontend hosting and edge delivery.
• Runpod and other GPU/inference hosts - compute for rewrite generation and the humanizer model.
• Third-party LLM providers (e.g. Anthropic) - model inference for some pipeline passes.
• Email provider - transactional email.

We may also share data when required by law, in response to a valid legal request, to protect the rights or safety of EchoWriting, our users, or the public, or in connection with a corporate transaction such as a merger or acquisition (in which case we will give notice of any change in controller).

We do not sell your personal information, and we do not share it for cross-context behavioural advertising.

EchoWriting is based in Australia. Some of our vendors process data in the United States, the European Union, and other countries. Where we transfer personal data out of the EU, the UK, or Australia, we rely on the Standard Contractual Clauses (or the relevant equivalent) and on the protections offered by the receiving vendor.

We do not operate to a fixed retention schedule. We keep your data for as long as your account is active, and for as long as we need it to run the Service, meet legal and accounting obligations, resolve disputes, and enforce our Terms.

You can ask us to delete your data at any time and we will action your request. Email [email protected] with the email address tied to your account. Some data may persist after deletion - for example, where it has already been incorporated into model training, where backups have not yet rotated, or where we are required by law to keep a record.

Inputs to the anonymous public rewrite tool are kept short-term for abuse prevention and may be retained in aggregate, de-identified form for service improvement.

Wherever you are, you can ask us to:

• Confirm whether we hold personal data about you and give you a copy.
• Correct inaccurate personal data.
• Delete your personal data.
• Provide a portable copy of the data you gave us.
• Stop or restrict certain processing.
• Withdraw any consent you previously gave.

To exercise any of these rights, email [email protected] from the email address on your account. We will respond within the time required by the law that applies to you, and at most within 30 days.

In addition to the rights in Section 8, you have the right to lodge a complaint with your local data protection supervisory authority. We do not currently have a designated EU representative under Article 27 GDPR; if that changes we will update this policy.

If you are a California resident, you have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

• Right to know the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the categories of recipients.
• Right to delete personal information we have collected from you.
• Right to correct inaccurate personal information.
• Right to limit the use of sensitive personal information (we do not currently use sensitive personal information beyond what is necessary to provide the Service).
• Right to non-discrimination for exercising any of these rights.

Categories of personal information we have collected in the last 12 months: identifiers (name, email, account ID), commercial information (subscription state), internet or other electronic network activity (request logs), and content you provide (text, samples, presets, knowledge documents).

We do not sell personal information and we do not share it for cross-context behavioural advertising, as those terms are defined under the CPRA. To exercise any right above, email [email protected].

We handle personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). If you have a complaint about how we handle your personal information, please contact us first at [email protected]. If you are not satisfied with our response, you can complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

EchoWriting is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. In the EU and the UK, the minimum age is 16 unless a parent or legal guardian has consented. If you believe a child has given us personal information without authorisation, contact us and we will delete it.

We use a small set of essential cookies and browser storage:

• An authentication session cookie to keep you signed in.
• Cookies set by Stripe during Checkout and the Customer Portal.
• Browser local storage for UI preferences (such as your last-used preset).

We do not currently run analytics, advertising, or tracking cookies. If we add any in future, we will surface a consent control before they fire and update this policy.

We use TLS in transit and encryption at rest for our database and object storage. Our database enforces row-level security so an authenticated user can only read their own rows. Stripe handles card data on its own systems; we never see card numbers. No system is perfectly secure - if you notice a vulnerability, please tell us at [email protected].

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top. Material changes will be flagged in-app or by email. Continuing to use the Service after a change takes effect means you accept the updated policy.

EchoWriting, Inc. - Brisbane, Queensland, Australia.
Privacy contact: [email protected].

See also our Terms & Conditions.